[strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface
Mao, Zhiheng
zmao at qti.qualcomm.com
Tue Sep 10 18:19:33 CEST 2013
Thanks, Martin!
Zhiheng
-----Original Message-----
From: Martin Willi [mailto:martin at strongswan.org]
Sent: Tuesday, September 10, 2013 12:33 AM
To: Mao, Zhiheng
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] How to bypass the strongSwan's IPsec Linux kernel interface
Hi,
> return the private types of PDN_CONNECTION_REJECTION (8192) and
> MAX_CONNECTION_REACHED (8193) according to the 3GPP TS 24.302, section
> 8.1.2.
> Does strongswan support this and how to configure?
No, we don't support these notifies nor this spec.
> do you have any suggestion of how to extend the existing code? I am
> not looking to implement a full scale server policy, but maybe just a
> trigger at a given time to make the server fail the connection setup
> request from a client with these private error types.
I haven't read this standard, so I don't know when these notifies must be sent. If these checks get performed in IKE_AUTH, you might try to extend the task at [1].
Regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/sa/ikev2/tasks/ike_auth.c#l513
More information about the Users
mailing list