Hello! > I haven't studied CGA in detail yet, but sounds interesting.
It simply links an IPv6 address to a public key, was introduced in SEND. > Maybe I just missed something, but I don't see any changesets in the > repo. It is very difficult for us to find your changes. We would need a > set of proper patches to do a review. Hum yes sorry I committed the final version. I made a clean and a proper commit this time (started at version 137), but something is buggy with 4.4.2dr1 and it reads freed memory. I have put some valgrind and gdb logs. http://svn.r00ted.com/log.php?repname=r00ted&path=%2Fdad%2F&isdir=1&showchanges=1 > What I've seen so far is that you have introduced a new > cga_authenticator. It looks very similar to the pubkey authenticator. Is > there any notable difference (except for the cert payload parsing and > CGA address verification) in the AUTH payload itself? If not, I'd prefer > a more separated approach that handles just the CERT payload and reuse > the existing authenticator. Yes CGA verification is handled just before usual public keys verification. Working on it :) > Btw: We use custom printf specifiers that allows us to print certain > objects directly. Make sure to use the proper specifier for the object > you are printing (%Y for identification_t, %H for host_t, ...). > There are also specifiers to print hex dumps (%b takes ptr, len > arguments, %B takes a chunk_t pointer), no need to write your own hex > dumper. Nice, changed it. I will add licenses as your previous link suggested. Thanks, Aurélien _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
