[strongSwan] strongswan: charon not reacting for higher major version in IKE header
Andreas Steffen
andreas.steffen at strongswan.org
Sat Jun 30 17:08:55 CEST 2012
Hi Gowri,
have a look at the following piece of code in the git repository
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/network/receiver.c;h=f0cb0b2d17d153205e97f880e7daa0fdea89f974;hb=HEAD#l409
which is the basis of today's strongSwan 5.0.0 release.
Regards
Andreas
On 06/30/2012 09:13 AM, gowrishankar wrote:
> strongswan: charon not reacting for higher major version in IKE header
>
> strongswan libcharon is found to be not reacting for invalid (or
> higher) major version in IKE header of received packet.
>
> As per RFC 4306 Section 2.5:
> If an endpoint receives a message with a higher major version number,
> it MUST drop the message and SHOULD send an unauthenticated
> notification message containing the highest version number it
> supports.
>
> and RFC 5996 Section 2.5 clarifies the notification message type as
> "INVALID_MAJOR_VERSION". Though current implementation shows
> portion of code libcharon/network/receiver.c, but it is not executing
> while sending IKE_SA_INIT request with invalid major version (and
> I am not seeing any debug info in charon.log for received packet
> by net or enc threads).
>
> I tested with strongswan based on 4.6.
>
> Can some one have a look on this ?
>
> Thanks,
> Gowri Shankar
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list