> I would need support for new payload attributes on both peers. At the server side, configuring custom attributes is already doable, for example with the attr plugin [1]. If configuration by the numerical value is too cryptic, adding aliases should be trivial.
> Maybe Strongswan could support a callback function for private > payload attribute types? Handling custom attributes at a plugin level is possible. A plugin implementing the attribute_handler_t [2] interface (as done by the resolve plugin and others) can request and handle any type of attribute. > Cisco did not hesitate to use the private attributes for IKEv1. Do you > think it would be possible to support similar private attributes for > IKEv2 on both sides, as Cisco did? It is perfectly fine to allocate attribute type values from the IANA "private use" range, and then use these attributes if we know the peer uses them for the same purpose. Usually this is done by detecting the implementation type by exchanging Vendor ID payloads. Regards Martin [1]https://wiki.strongswan.org/projects/strongswan/wiki/AttrPlugin [2]http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libhydra/attributes/attribute_handler.h _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
