[strongSwan-dev] New pull request for feature saveKeys

Codrut Grosu cgrosu at ixiacom.com
Thu Aug 11 10:27:25 CEST 2016 

Hi Emeric,



As pointed out by Tobias Brunner in [1], at comments, with the hook functions for ike_keys and child_keys in the listener_t interface  I won't get the derived keys.


About  ike_state_change, I will need to take a look at that function.


Thanks for feed-back,
Codrut.


[1]: https://wiki.strongswan.org/issues/1557

Feature #1557: An option to save IKE_SA and CHILD_SA keys for wireshark - strongSwan<https://wiki.strongswan.org/issues/1557>
wiki.strongswan.org
Redmine




________________________________
From: Emeric POUPON <emeric.poupon at stormshield.eu>
Sent: Thursday, August 11, 2016 11:09 AM
To: Codrut Grosu
Cc: dev at lists.strongswan.org
Subject: Re: [strongSwan-dev] New pull request for feature saveKeys

Hello,

Well I am not a strongSwan internal expert, but you could have used already existing messages in order to save what you need?
There already are some hooks used by the HA plugin to replicate states on different nodes of a HA cluster.

For example:
- ike_state_change -> on ESTABLISHED, get the SPIs
- ike_keys -> get the IKE SA keys
- child_keys -> get the CHILD SA keys


Regards,

Emeric


----- Original Message -----
From: "Codrut Grosu" <cgrosu at ixiacom.com>
To: dev at lists.strongswan.org
Sent: Thursday, 11 August, 2016 09:51:05
Subject: [strongSwan-dev] New pull request for feature saveKeys

Hi,




I finished writing the code for feature [1].




I created a pull request to merge the code with the upstream. [2]




Can you please take a look at the code?




Cheers,

Codrut.







[1]: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwiki.strongswan.org%2fissues%2f1557&data=01%7c01%7ccgrosu%40ixiacom.com%7cb85797c0259a444b47c308d3c1bfc353%7c069fd614e3f843728e18cd06724a9b23%7c0&sdata=LJYUv1ALwu%2fWj%2fzzWSXUhKCwbDKXSElZ1g1TNxrbmMw%3d

[2]: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fgithub.com%2fstrongswan%2fstrongswan%2fpull%2f49&data=01%7c01%7ccgrosu%40ixiacom.com%7cb85797c0259a444b47c308d3c1bfc353%7c069fd614e3f843728e18cd06724a9b23%7c0&sdata=SQ5onUssqDVWXVP5T3cj9GphCf0UU%2b%2fbn0SJ3b1B3Bc%3d



An option to save IKE_SA and CHILD_SA keys for wireshark by superCodrut · Pull Request #49 · strongswan/strongswan
github.com
This is the first patch series for feature #1557.


_______________________________________________
Dev mailing list
Dev at lists.strongswan.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2flists.strongswan.org%2fmailman%2flistinfo%2fdev&data=01%7c01%7ccgrosu%40ixiacom.com%7cb85797c0259a444b47c308d3c1bfc353%7c069fd614e3f843728e18cd06724a9b23%7c0&sdata=i5PFm20ezZwF%2bOA%2bq7SGFdFfaTQbWAzsQTvyIUK0VSc%3d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20160811/0a0f76c8/attachment-0001.html>

More information about the Dev mailing list