[strongSwan] invalid CPI length in IPCOMP proposal?

Tobias Brunner tobias at strongswan.org
Tue Nov 4 18:36:48 CET 2014

Hi Igor,

> invalid CPI length in IPCOMP proposal

We currently assert that the length is two bytes.  But it seems we are a
bit too restrictive.  While the 16-bit CPI values SHOULD be sent in two
bytes according to RFC 3173, a responder MUST be able to accept them as
four byte values.

Please try the patch in the ipcomp-spi-len branch [1].


[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=2ecf21e01

More information about the Users mailing list