[strongSwan] payload order checking
richard Knight
rjknight at us.ibm.com
Fri Jun 18 21:11:29 CEST 2010
Hello,
I have a couple of questions about the payload order checking. One of our tests
attempts to verify that if the order of the sent payloads is incorrect the
message is ignored or rejected.
However we are seeing that a response is sent, in the trace We see that the
payloads are checked for presence but the order does not seem to be considered.
Test sequence is:
1. The initiator sends the following packet order
IKE_SA_INIT request (HDR, SAi1, Ni, KEi)
2. Expect that this message will be dropped and no response send. However we
are seeing a response as follows
IKE_SA_INIT response (HDR, SAr1, KEr, Nr)
from RFC4306 sec 2.5 I see:
Although new payload types may be added in the future and may appear
interleaved with the fields defined in this specification,
implementations MUST send the payloads defined in this specification
in the order shown in the figures in section 2 and implementations
SHOULD reject as invalid a message with those payloads in any other
order.
My questions are on how this is implemented.
1. Since it is listed as a SHOULD, does the message get processed if all the
sections are present?
2. Is this something that has been changed in later versions? - I am using
version 4.1.10
Thank you
More information about the Users
mailing list