not exchange both sides' certs. Now, I want the both sides exchange each other's cert in IKE
;
phase 1 using aggressive mode. Now I am modifying the source code to implement this. Now, I
;
have successfully make the initiator send the first packet which has a CR payload after the
;
ID payload and before VID payload. But, it seems like that the responsder does not accept
;
this packet. The log says "message ignored because it contains an unexpected payload types
;
ISAKMP_NEXT_CR". I have modify the function aggr_inI1_outR1_common() and
;
aggr_inI1_outR1_tail() in ipsec_doi.c to process the CR payload. But, according to the log,
;
I find that the log message comes from the following codes in function process_packet() in
;
demux.c
{
;lset_t s = LELEM(np);
if (LDISJOINT(s
, needed | smc->opt_payloads| LELEM(ISAKMP_NEXT_N) | LELEM(ISAKMP_NEXT_D)))
{
; loglog(RC_LOG_SERIOUS, "%smessage ignored because it "
"contains an unexpected payload type (%s)"
, excuse, enum_show(&payload_names, np));
SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);
return;
}
needed &= ~s;
}
Untill now, I do not have a clear thinking about the PROCESS of the INCOMING and
;
OUTCOMING IKE packet, just have a general profile. Does anyone can tell me what should I do
;
if I want to meet my require demands. I mean that just the general steps. For example,
;
which key files,key places and key data structures should be modified. Or does anyone can
;
tell me where to get the resources about openswan's source code analysis. There is too
;
little resources about openswan's source code on the Internet.
; I will really appreciate your reply and any help~~~~~~~~
Jacky