[strongSwan-dev] INVALID_SPI notify payload
Jean-Francois HREN
jean-francois.hren at stormshield.eu
Fri Nov 12 16:24:52 CET 2021
Hello,
When receiving an informational packet with a notify payload for INVALID_SPI, the initiator SPI of the IKE header can be 0 ( [ https://www.rfc-editor.org/rfc/rfc4718#section-7.7 | https://www.rfc-editor.org/rfc/rfc4718#section-7.7 ] ). However when building without mediation support, this kind of IKE header is rejected. Maybe this check can delayed for later for INFORMATIONAL exchange when the next payload was parsed.
Any thought about this ?
Thank you.
Jean-François HREN
Developper - Network Security R&D
[ http://www.stormshield.eu/ ]
STORMSHIELD
2/6 Parc de l'Horizon
59650 Villeneuve d'Ascq - FRANCE
Mobile : +33 (0)6 23 08 80 81
[ https://twitter.com/Stormshield | Twitter ] . [ https://www.linkedin.com/company/22425?trk=cws-btn-overview-0-0 | LinkedIn ] . [ http://www.stormshield.eu/ | www.stormshield.eu ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20211112/78fe90af/attachment.html>
More information about the Dev
mailing list