[strongSwan-dev] CGA support

Martin Willi martin at strongswan.org
Thu Aug 12 10:24:36 CEST 2010


> I implemented Cryptographically Generated Addresses in StrongSwan (one
> of the latest devel version on git) during an internship.

I haven't studied CGA in detail yet, but sounds interesting.

> So if you are interested in reviewing the code to integrate it,
> comments are welcome!

Maybe I just missed something, but I don't see any changesets in the
repo. It is very difficult for us to find your changes. We would need a
set of proper patches to do a review.

What I've seen so far is that you have introduced a new
cga_authenticator. It looks very similar to the pubkey authenticator. Is
there any notable difference (except for the cert payload parsing and
CGA address verification) in the AUTH payload itself? If not, I'd prefer
a more separated approach that handles just the CERT payload and reuse
the existing authenticator.

Btw: We use custom printf specifiers that allows us to print certain
objects directly. Make sure to use the proper specifier for the object
you are printing (%Y for identification_t, %H for host_t, ...).
There are also specifiers to print hex dumps (%b takes ptr, len
arguments, %B takes a chunk_t pointer), no need to write your own hex

Please also have look to our contribution requirements [1].



More information about the Dev mailing list