[Openswan dev] [openswan dev] from ipsec.conf to internal representation

mds desmarco at student.ethz.ch
Mon Jun 25 04:45:38 EDT 2007

Hello everybody.
I'm currently trying to implement Multi-Layer IPsec based on
the Openswan 2.4.7 source code.
The goal is to be able to en-/decrypt the TCP header in the
IP datagrams using an additional key. Hence I would like to
add an additional key to the ipsec.conf file and have it parsed
and transfered to the internal representation of the connection

This is my view on how the keys are processed:

starter.c: main(...) calls confread.c confread_load(...)

confread_load(...) parses the ipsec.conf file (call to parser.y
parser_load_conf(...)). The result of the parsing procedure is a
struct config_parsed where all keywords are stored with their 
respective values as a linked list. On return of the parser_load_conf(...)
function, the function load_setup(...) is called having the parsed
config as a parameter.

In this function (load_setup(...), located in confread.c) there's
a for-loop double-checking whether the keywords in the linked
list are valid.

As I understood, the "leftrsasigkey" and "rightrsasigkey" entries
and their key values in the ipsec.conf file are stored as keywords 
of type kt_rsakey.
In the function load_setup(...) however, these keywords seem to
be treated as invalid keywords (error counter is incremented and

How can this be? What did I miss? Did I miss an instruction 
that changes the keyword type from kt_rsakey (to kt_loose_enum

I'd apreciate your help and suggestions.


More information about the Dev mailing list