[Swan-dev] question from IRC: does IKEv1 do auto-fill of NP?
Andrew Cagney
andrew.cagney at gmail.com
Sat Sep 8 12:58:38 UTC 2018
On Fri, 7 Sep 2018 at 08:54, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
>
> IKEv1 packet.h routines will fill in the next payload field automatically.
> This was done by extending what Andrew had already done for v2.
thanks
> It is intended for this to be set up correctly but removing the
> pre-computing code might expose flaws. I don't expect any since the
> automatic code checks that any already-filled-in next payload field
> checks to see that the field is either unfilled or is already
> filled with what it would have used.
>
> This should be visible in the debug output.
I tried deleting the next payload type stuff around sending the KE
payload but it messed up - basic tests started failing - so I dropped
the patch for now (it is only IKEv1 after all ...). Instead I've
pushed the (wip) test implair-ikev1-*-send-no-ike-ke (which is trying
to not send KE) so we've something to look at (it currently gets a
pexpect() since NP is all wrong).
> One known flaw: in one routine ID payloads are just echoed from the input
> payload into the output payload. The appropriate packet.h routines for
> payload emission are not called. The proper next payload values are
> jammed directly into the output buffer. Ugly, but it seems to work. I
> haven't taken the time to rework that code.
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list