[Openswan dev] Modify the source code problem

ctosgh ctosgh at 126.com
Tue Apr 17 02:07:29 EDT 2007 

 
Hi,All:
       As we know, if we use aggressive mode with x.509 cert in IKE phase one, pluto will 

 
not exchange both sides' certs. Now, I want the both sides exchange each other's cert in IKE 
 
phase 1 using aggressive mode. Now I am modifying the source code to implement this. Now, I 
 
have successfully make the initiator send the first packet which has a CR payload after the 
 
ID payload and before VID payload. But, it seems like that the responsder does not accept 
 
this packet. The log says "message ignored because it contains an unexpected payload types </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>ISAKMP_NEXT_CR". I have modify the function aggr_inI1_outR1_common() and 
 
aggr_inI1_outR1_tail() in ipsec_doi.c to process the CR payload. But, according to the log, 
 
I find that the log message comes from the following codes in function process_packet() in 
 
demux.c
{
  lset_t s = LELEM(np);
 
  if (LDISJOINT(s
  , needed | smc->opt_payloads| LELEM(ISAKMP_NEXT_N) | LELEM(ISAKMP_NEXT_D)))
  {
      loglog(RC_LOG_SERIOUS, "%smessage ignored because it "
      "contains an unexpected payload type (%s)"
   , excuse, enum_show(&payload_names, np));
      SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);
      return;
  }
  needed &= ~s;
}
       Untill now, I do not have a clear thinking about the PROCESS of the INCOMING and 
 
OUTCOMING IKE packet, just have a general profile. Does anyone can tell me what should I do 
 
if I want to meet  my require demands. I mean that just the general steps. For example, 
 
which key files,key places and key data structures should be modified. Or does anyone can 
 
tell me where to get the resources about openswan's source code analysis. There is too 
 
little resources about openswan's source code on the Internet.
       I will really appreciate your reply and any help~~~~~~~~
Jacky 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20070417/e01c4ecf/attachment.html

More information about the Dev mailing list