[strongSwan] IKE_SA state change question?

Mark Enstone mark at m-87.com
Tue Jun 24 00:23:37 CEST 2014


All,

I see that my IKE_SA changes state from CREATED->CONNECTING->ESTABLISHED,
etc. I'm trying to peek a little more closely into where the exchange is
w.r.t. IKE_AUTH sequence of exchanges.  It looks like
ike_config.c::build_i() and/or ike_config.c::process_i() uses various
tricks to see where in the IKE_AUTH exchange it is (well, specifically
first or (post-)last/ESTABLISHED).  I do find that checking that
get_message_id(message) == 3 in build_i() is "just before" my initiator
sends an IKE_AUTH level 3 message, which is what I want.  But.  But is
there any other (better) way of determining where I am in the IKE_AUTH
message exchange? -- I don't think message_id 3 equates to IKE_AUTH phase
3.  [Basically, I'm trying to trigger on when it seems all hurdles have
been cleared in the IKE_AUTH exchange and we're "just about" to conclude
success (specifically, my initiator has received an EAP-challenge has
offered a result and the responder has accepted that (so I'm over all of
those hurdles), ... I then want to trigger something, before getting back
the TSs etc.]

Thanks,
~Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140623/a40641a3/attachment.html>


More information about the Users mailing list