Excellent, thank you. (by "level 3" or "phase3", I just meant the third of variable number of IKE_AUTH exchanges) ~Mark
On Tuesday, June 24, 2014, Martin Willi <[email protected]> wrote: > Mark, > > > I do find that checking that get_message_id(message) == 3 in build_i() > > is "just before" my initiator sends an IKE_AUTH level 3 message, which > > is what I want. > > What's a "level 3" IKE_AUTH message? > > > But is there any other (better) way of determining where I am in the > > IKE_AUTH message exchange? > > There are many things to consider; IKE_AUTH may use an arbitrary number > of exchanges, for example in EAP, but also with RFC 4739 Multiple > Authentication. > > > I don't think message_id 3 equates to IKE_AUTH phase 3. > > What's IKE_AUTH "phase 3"? Message IDs are incremental in IKEv2, which > means the first IKE_AUTH exchange uses message ID 1. But you can't > determine what's the message ID of the last IKE_AUTH exchange, as the > number of exchanges is variable. > > > Basically, I'm trying to trigger on when it seems all hurdles have > > been cleared in the IKE_AUTH exchange and we're "just about" to conclude > > success (specifically, my initiator has received an EAP-challenge has > > offered a result and the responder has accepted that (so I'm over all of > > those hurdles), ... I then want to trigger something, before getting back > > the TSs etc. > > There is a bunch of hooks in [1] that allows a listener to catch some of > these events. If you just want to catch about-to-complete IKE_SAs, use > the authorize() hook and act if the "final" flag is set. If you have to > mangle traffic selectors, use the narrow() hook. > > If none of these hooks works, you may use the message() hook and check > for specific state. As responder, when sending the last IKE_AUTH > response the IKE_SA state is ESTABLISHED; on the initiator you may check > for the presence of specific payloads in the message. > > Regards > Martin > > [1] > http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/bus/listeners/listener.h > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
