[Openswan Users] question about IKEv1
Paul Wouters
paul at xelerance.com
Sat Mar 14 13:24:21 EDT 2009
On Sat, 14 Mar 2009, ping chen wrote:
> When negotiate a SA in phase2,how to know which policy in SPDB this SA
> should be assiated.
> I mean which payloads in IKEv1 packet.
Phase 1 uses "cookies" to determine which instance the packet belongs too.
You can see these if you enable more plutodebug=.
Once a phase 2 is up, there is a SPI number that is associated with the
connection, which is stored in the connection information of the phase 1.
(I believe actually two SPI's, one for each direction)
If you enable plutodebug=all, and bring a connection up, you can see
in the debug logs which functions are called and what variables are
filled in. That and gdb should give you enough information on where to
find stuff.
Paul
More information about the Users
mailing list