New commits:
commit 3777d7cdb588987ad7786e2a21b599105eca04ef
Merge: e5eafdd477 faed0f3805
Author: Andrew Cagney <[email protected]>
Date: Sat Feb 8 10:07:49 2025 -0500
ikev1: clarify modecfg code
Merge commit 'faed0f38053db81191b6e969a3878e425f964a3a'
commit faed0f38053db81191b6e969a3878e425f964a3a
Author: Andrew Cagney <[email protected]>
Date: Fri Feb 7 15:33:38 2025 -0500
ikev1: add/use modecfg_out_{open,attr,close}()
... for building modecfg payloads. Include
struct modecfg_pbs *modecfg_pbs
as a parameter to ensure that code passes in correct PBS
modecfg_out_close() still pads the payload (which is wrong)
(and there's still the one exception that got it right)
see:
second racoon (iOS) MODECFG response fails with isakmp_cfg_reply
invalid length of isakmp data, expected 4 actual 2 #2023
commit cacab1a4d090ac7112ec30bb713e04c3560c6039
Author: Andrew Cagney <[email protected]>
Date: Fri Feb 7 15:04:04 2025 -0500
ikev1: rename emit_v1_padding() to emit_v1_zero_padding(), comment on bugs
- for block mode, like for IKEv2, at least one byte
containing the padding length should always be added
but isn't
instead it is imply block-size aligned
- 4-byte padding is added to MODECFG (which includes XAUTH) payloads
nothing in the RFCs justifies this (although comments seem
imply it does with interop problems being the other ends fault).
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
