[Swan-dev] Vendor ID ambiguity
D. Hugh Redelmeier
hugh at mimosa.com
Tue Jul 31 21:23:42 UTC 2018
I think that Vendor ID sending is kind of screwed up, particularly our
own Vendor ID.
Each case where we emit our Vendor ID is conditional on c->send_vendorid
(good).
- aggr_inI1_outR1_continue2_tail should send it but does not
- aggr_outI1_tail sends VID_LIBRESWANSELF (== libreswan_vendorid)
- main_outI1 sends pluto_vendorid
- main_inI1_outR1 sends pluto_vendorid
Is there any reason for these to send different collections of Vendor IDs?
I would guess not. I'm working on function to encapsulate this once
rather than have four diverging chunks of code.
I don't think you answered my question. Which is correct:
libreswan_vendorid or pluto_vendorid. Surely not both!
| From: Paul Wouters <paul at nohats.ca>
|
| On Mon, 30 Jul 2018, D. Hugh Redelmeier wrote:
|
| > Some of our code emits our vendorid payload using libreswan_vendorid
| > as our Vendor ID using
| >
| > out_vid( ..., VID_LIBRESWANSELF);
| >
| > and some uses pluto_vendorid, via ikev1_out_generic_raw().
| >
| > Those are two different things,
| >
| > Which one is correct?
|
| both :)
|
| VID_LIBRESWANSELF is our compiled in version based on various compile
| time settings.
|
| pluto_vendorid is our vendorid which can be set with the myvendorid=
|
| eg:
|
| config setup
| myvendorid="paulswan"
| send-vendorid=yes
|
|
| If send-vendorid=yes and no myvendorid=, the default to use is whatever
| is compiled in as VID_LIBRESWANSELF.
|
| Paul
More information about the Swan-dev
mailing list