Hello, When receiving an informational packet with a notify payload for INVALID_SPI, the initiator SPI of the IKE header can be 0 ( [ https://www.rfc-editor.org/rfc/rfc4718#section-7.7 | https://www.rfc-editor.org/rfc/rfc4718#section-7.7 ] ). However when building without mediation support, this kind of IKE header is rejected. Maybe this check can delayed for later for INFORMATIONAL exchange when the next payload was parsed.
Any thought about this ? Thank you. Jean-François HREN Developper - Network Security R&D [ http://www.stormshield.eu/ ] STORMSHIELD 2/6 Parc de l'Horizon 59650 Villeneuve d'Ascq - FRANCE Mobile : +33 (0)6 23 08 80 81 [ https://twitter.com/Stormshield | Twitter ] . [ https://www.linkedin.com/company/22425?trk=cws-btn-overview-0-0 | LinkedIn ] . [ http://www.stormshield.eu/ | www.stormshield.eu ]
