Hello Nan,
the source code in question is
if (n-isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) COOKIE_SIZE
* 2)
{
loglog(RC_LOG_SERIOUS
, DPD: R_U_THERE_ACK has invalid SPI length (%d)
, n-isan_spisize);
return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED;
}
COOKIE_SIZE is a constant with a value of 8 bytes and n-isan_spisize
is output as 16 bytes in the error message. This means that the
second half
|| pbs_left(pbs) COOKIE_SIZE * 2)
triggers the error. This means that the received R_U_THERE_ACK
message does not contain 2 COOKIES.
Regards
Andreas
On 08/24/2011 03:34 AM, Nan Luo wrote:
Hi,
I have seen this error in the pluto debug log secure when testing DPD
against my SeGW, I wonder what this error really means. Per RFC3706, the
SPI length should be set to 16 in the R_U_THERE/R_U_THERE_ACK messages.
So does this error mean something else wrong in the R_U_THERE_ACK sent
by my SeGW? strongSwan sent a MALFORMED-PAYLOAD back to my SeGW after
printing out this error
Thanks for your help
Nan
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users