[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] Pluto message traffic code
From:       mladen-g () rogers ! com (mladen-g () rogers ! com)
Date:       2004-05-28 20:49:20
Message-ID: 20040528184755.OASS63200.fep02-mail.bloor.is.net.cable.rogers.com () localhost
[Download RAW message or body]

Hello,

Now that I've gotten StrongSWAN working with pre-shared keys, RSA signatures, and \
certificates, (thanks to this list, Andreas in particular) I think I'm familiar \
enough to start trying to adapt it to my purposes...

I've been looking around the Pluto code and trying to figure things out, and I'm \
still trying to understand exactly what sequence of instructions generates and sends \
the IKE negotiation messages.  Here's what I *think* happens:

For pre-shared keys:
--------------------
IKE begins when something calls ipsecdoi_initiate(...).  This procedure then calls \
main_outI1(whack_sock, c, NULL, policy, try) where:

"whack_sock" I think is the socket for pluto (?)

"c" is the connection object pointer

"NULL" stands for the predecessor (previous state?), which doesn't exist in this case \
(because it's the initiation message)

"policy" I'm not sure about, but probably finds out somehow if there exists a policy \
defined for the other host in one of the /etc/ipsec.d/policies/ files.

"try" I have no idea what it is

Based on this input, main_outI1(...) then creates a state object (st) and fills it \
with the appropriate information.  Then the header (hdr) is created and inserted into \
the output stream with out_struct(...).  The same is done with an SA payload and it \
is inserted into the output stream with out_sa(...).  Then the packet is transmitted \
with send_packet(st, "main_outI1"), as far as I can tell.

These are my questions:

1)  What is "pb_stream reply"?  In the comments it says "not actually a reply, but \
you know what I mean"... unfortunately I don't :)  It is also mentioned later in the \
lines:

/* set up reply */
init_pbs(&reply, reply_buffer, sizeof(reply_buffer), "reply packet");

Since this is the initial message, why is any type of reply mentioned?

2)  How does send_packet know which output stream to transmit?  The "st" state object \
is passed to it, but I don't see any "pb_stream" object anywhere in it.  What am I \
overlooking?

Regards,
Mladen

1


[prev in list] [next in list] [prev in thread] [next in thread]