[Openswan dev] Modify the source code problem
ctosgh at 126.com
Tue Apr 17 02:07:29 EDT 2007
As we know, if we use aggressive mode with x.509 cert in IKE phase one, pluto will
not exchange both sides' certs. Now, I want the both sides exchange each other's cert in IKE
phase 1 using aggressive mode. Now I am modifying the source code to implement this. Now, I
have successfully make the initiator send the first packet which has a CR payload after the
ID payload and before VID payload. But, it seems like that the responsder does not accept
this packet. The log says "message ignored because it contains an unexpected payload types </FONT></DIV>
<DIV><FONT size=2>ISAKMP_NEXT_CR". I have modify the function aggr_inI1_outR1_common() and
aggr_inI1_outR1_tail() in ipsec_doi.c to process the CR payload. But, according to the log,
I find that the log message comes from the following codes in function process_packet() in
lset_t s = LELEM(np);
, needed | smc->opt_payloads| LELEM(ISAKMP_NEXT_N) | LELEM(ISAKMP_NEXT_D)))
loglog(RC_LOG_SERIOUS, "%smessage ignored because it "
"contains an unexpected payload type (%s)"
, excuse, enum_show(&payload_names, np));
needed &= ~s;
Untill now, I do not have a clear thinking about the PROCESS of the INCOMING and
OUTCOMING IKE packet, just have a general profile. Does anyone can tell me what should I do
if I want to meet my require demands. I mean that just the general steps. For example,
which key files,key places and key data structures should be modified. Or does anyone can
tell me where to get the resources about openswan's source code analysis. There is too
little resources about openswan's source code on the Internet.
I will really appreciate your reply and any help~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev