It is my current understanding that the default behavior of a Strongswan system is to silently discard ESP packets with unknown SPI values. I have the need to change this default behavior and send an unencrypted notification of INVALID_SPI. I'm having a hard time locating where in the code base I would even begin to modify to tackle this problem as it seems that libcharon is largely unaware of ESP traffic. Furthermore, I'm not even sure that performing this capability within libcharon would be appropriate or convenient since it doesn't process ESP except that libcharon already has the notification encoding and already owns the sending sockets.
libcharon, libhydra, and socket-default are a large code base and I'm facing quite a learning curve. Has anyone tried to do this before? Could anyone recommend an outline of the areas to look more closely into? First things first, I'm not even entirely sure which the best way capture un-xfrm-ed esp packets. Any insight or even fingers pointing in the right direction would be very appreciated. -Zach
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
