[Openswan dev] Pluto exchange code

[mladen-g at rogers.com]

Hello,

I'm actually using StrongSWAN, but I'd like to respectfully ask my question here, since the development seems to be a bit more active with Openswan, and the code is the same, as far as I can tell.

I've been looking around the Pluto code and trying to figure things out, and I'm still trying to understand exactly what sequence of instructions generates and sends the IKE negotiation messages.  Here's what I *think* happens:

IKE begins when something calls ipsecdoi_initiate(...).  This procedure then calls main_outI1(whack_sock, c, NULL, policy, try) where:

"whack_sock" I think is the socket for pluto (?)

"c" is the connection struct pointer

"NULL" stands for the predecessor (previous state?), which doesn't exist in this case (because it's the initiation message)

"policy" I'm not sure about, but probably finds out somehow if there exists a policy defined for the other host in one of the /etc/ipsec.d/policies/ files.

"try" I have no idea what it is

Based on this input, main_outI1(...) then creates a state object (st) and fills it with the appropriate information.  Then the header (hdr) is created and inserted into the output stream with out_struct(...).  The same is done with an SA payload and it is inserted into the output stream with out_sa(...).  Then the packet is transmitted with send_packet(st, "main_outI1"), as far as I can tell.

These are my questions:

1)  What is "pb_stream reply"?  In the comments it says "not actually a reply, but you know what I mean"... unfortunately I don't :)  It is also mentioned later in the lines:

/* set up reply */
init_pbs(&reply, reply_buffer, sizeof(reply_buffer), "reply packet");

Since this is the initial message, why is any type of reply mentioned?

2)  How does send_packet know which output stream to transmit?  The "st" state object is passed to it, but I don't see any "pb_stream" object anywhere in the definition of struct state.  Can anyone tell me what I am overlooking?

Regards,
Mladen

1