Hi Tobias, The trace file is below.
(See attached file: syslog.txt) 01[CFG] loading control interface modules from '/usr/lib/ipsec/plugins/interfaces' 01[CFG] loading backend modules from '/usr/lib/ipsec/plugins/backends' 01[KNL] eth0 01[KNL] eth1 01[KNL] 2001:db8:1:1::1234 01[JOB] spawning 16 worker threads 05[CFG] added configuration 'host-host': 2001:db8:1:1::1234 [2001:db8:1:1::1234]...2001:db8:f:1::1[2001:db8:f:1::1] 06[CFG] received stroke: route 'host-host' 04[ENC] parsing HEADER payload, 456 bytes left 04[ENC] parsing payload from => 456 bytes @ 0x1005e270 04[ENC] parsing rule 10 FLAG 04[ENC] parsing rule 11 RESERVED_BIT 04[ENC] parsing rule 12 RESERVED_BIT 04[ENC] parsing rule 13 RESERVED_BIT 04[ENC] parsing rule 14 U_INT_32 10[ENC] parsing body of message, first payload is SECURITY_ASSOCIATION 10[ENC] parsing payload from => 428 bytes @ 0x1005e28c 10[ENC] 40 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE 10[ENC] parsing payload from => 424 bytes @ 0x1005e290 10[ENC] parsing rule 1 RESERVED_BYTE 10[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 416 bytes left 10[ENC] parsing payload from => 416 bytes @ 0x1005e298 10[ENC] parsing rule 1 RESERVED_BYTE 10[ENC] parsing rule 4 RESERVED_BYTE 10[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 408 bytes left 10[ENC] parsing payload from => 408 bytes @ 0x1005e2a0 10[ENC] parsing rule 1 RESERVED_BYTE 10[ENC] parsing rule 4 RESERVED_BYTE 10[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 400 bytes left 10[ENC] parsing payload from => 400 bytes @ 0x1005e2a8 10[ENC] parsing rule 1 RESERVED_BYTE 10[ENC] parsing rule 4 RESERVED_BYTE 10[ENC] 8 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE 10[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 392 bytes left 10[ENC] parsing payload from => 392 bytes @ 0x1005e2b0 10[ENC] parsing rule 1 RESERVED_BYTE 10[ENC] parsing rule 4 RESERVED_BYTE 10[ENC] parsing PROPOSAL_SUBSTRUCTURE payload finished 10[ENC] verifying payload of type SECURITY_ASSOCIATION 10[ENC] parsing payload from => 384 bytes @ 0x1005e2b8 10[ENC] parsing rule 10 U_INT_16 10[ENC] verifying payload of type KEY_EXCHANGE 10[ENC] parsing payload from => 248 bytes @ 0x1005e340 10[ENC] parsing NONCE payload finished 10[ENC] NONCE payload verified. Adding to payload list 10[ENC] found payload of type SECURITY_ASSOCIATION 10[ENC] found payload of type KEY_EXCHANGE 10[IKE] IKE_SA '(unnamed)' state change: CREATED => CONNECTING 10[ENC] added payload of type NONCE to message 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No CERTREQ ] 10[ENC] generating rule 15 HEADER_LENGTH 10[ENC] generating HEADER payload finished 10[ENC] generating rule 9 PAYLOAD_LENGTH 10[ENC] generating rule 10 PROPOSALS 10[ENC] generating rule 2 PAYLOAD_LENGTH 10[ENC] generating rule 8 TRANSFORMS 10[ENC] generating rule 2 PAYLOAD_LENGTH 10[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished 10[ENC] generating rule 2 PAYLOAD_LENGTH 10[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished 10[ENC] generating rule 2 PAYLOAD_LENGTH 10[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished 10[ENC] generating rule 2 PAYLOAD_LENGTH 10[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished 10[ENC] generating rule 9 PAYLOAD_LENGTH 10[ENC] generating rule 11 RESERVED_BYTE 10[ENC] generating rule 12 RESERVED_BYTE 10[ENC] generating rule 13 KEY_EXCHANGE_DATA 10[ENC] generating rule 9 PAYLOAD_LENGTH 10[ENC] => => 16 bytes @ 0x100622b0 10[ENC] generating payload of type CERTIFICATE_REQUEST 10[ENC] generating rule 9 PAYLOAD_LENGTH 10[ENC] => => 20 bytes @ 0x100617e8 10[ENC] generated data of this generator => 253 bytes @ 0x10061b88 10[ENC] message generated successfully 04[ENC] parsing HEADER payload, 252 bytes left 04[ENC] parsing payload from => 252 bytes @ 0x10063128 04[ENC] parsing rule 10 FLAG 04[ENC] parsing rule 11 RESERVED_BIT 04[ENC] parsing rule 12 RESERVED_BIT 04[ENC] parsing rule 13 RESERVED_BIT 04[ENC] parsing rule 14 U_INT_32 11[ENC] parsing payload from => 224 bytes @ 0x10063144 11[ENC] parsing ENCRYPTED payload finished 11[ENC] ENCRYPTED payload verified. Adding to payload list 11[ENC] verify signature of encryption payload 11[ENC] decryption successful, trying to parse content 11[ENC] parsing payload from => 196 bytes @ 0x10061ae8 11[ENC] => => 16 bytes @ 0x100622b0 11[ENC] parsing AUTHENTICATION payload, 172 bytes left 11[ENC] parsing payload from => 172 bytes @ 0x10061b00 11[ENC] => => 20 bytes @ 0x10060bd0 11[ENC] parsing NOTIFY payload, 144 bytes left 11[ENC] parsing payload from => 144 bytes @ 0x10061b1c 11[ENC] parsing rule 11 SPI_SIZE 11[ENC] parsing rule 12 U_INT_16 11[ENC] parsing payload from => 136 bytes @ 0x10061b24 11[ENC] 36 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE 11[ENC] parsing payload from => 132 bytes @ 0x10061b28 11[ENC] parsing rule 1 RESERVED_BYTE 11[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 120 bytes left 11[ENC] parsing payload from => 120 bytes @ 0x10061b34 11[ENC] parsing rule 1 RESERVED_BYTE 11[ENC] parsing rule 4 RESERVED_BYTE 11[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 112 bytes left 11[ENC] parsing payload from => 112 bytes @ 0x10061b3c 11[ENC] parsing rule 1 RESERVED_BYTE 11[ENC] parsing rule 4 RESERVED_BYTE 11[ENC] 8 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE 11[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 104 bytes left 11[ENC] parsing payload from => 104 bytes @ 0x10061b44 11[ENC] parsing rule 1 RESERVED_BYTE 11[ENC] parsing rule 4 RESERVED_BYTE 11[ENC] parsing PROPOSAL_SUBSTRUCTURE payload finished 11[ENC] 40 bytes left, parsing recursively TRAFFIC_SELECTOR_SUBSTRUCTURE 11[ENC] => => 16 bytes @ 0x10061e08 11[ENC] => => 16 bytes @ 0x10060670 11[ENC] parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload finished 11[ENC] 40 bytes left, parsing recursively TRAFFIC_SELECTOR_SUBSTRUCTURE 11[ENC] => => 16 bytes @ 0x1005e460 11[ENC] => => 16 bytes @ 0x10061c60 11[ENC] parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload finished 11[ENC] insert unencrypted payload of type SECURITY_ASSOCIATION at end of list 11[ENC] process payload of type AUTHENTICATION 11[ENC] process payload of type NOTIFY 11[ENC] process payload of type TRAFFIC_SELECTOR_INITIATOR 11[ENC] process payload of type TRAFFIC_SELECTOR_RESPONDER 11[ENC] found payload of type ID_INITIATOR 11[ENC] found payload of type SECURITY_ASSOCIATION 11[AUD] authentication of '2001:db8:f:1::1' with pre-shared key failed 11[AUD] authentication of '2001:db8:f:1::1' with pre-shared key failed 11[ENC] generating rule 9 PAYLOAD_LENGTH 11[ENC] generating NOTIFY payload finished 11[ENC] data after encryption => 16 bytes @ 0x10061de8 11[ENC] data after encryption with IV and (invalid) signature => 36 bytes @ 0x10063728 11[ENC] added payload of type ENCRYPTED to message 11[ENC] generating rule 15 HEADER_LENGTH 11[ENC] generating HEADER payload finished 11[ENC] generating rule 9 PAYLOAD_LENGTH 11[ENC] => => 36 bytes @ 0x10063728 11[ENC] building signature 11[ENC] message generated successfully 01[LIB] finalizing libcurl Jamie Knight ([email protected]) IBM Power Firmware Development (512) 286-7017 (t/l 386-7017) office 045/2A-01 IBM Austin, TX From: Tobias Brunner <[email protected]> To: Rashmi Narasimhan/Austin/i...@ibmus Cc: Martin Willi <[email protected]>, Richard Knight/Austin/i...@ibmus, [email protected] Date: 06/29/2010 01:04 PM Subject: Re: [strongSwan] non-zero reserved fields in IKE_AUTH response. > If we change the reserved fields to to zero for the same given test-case > it works fine. > Would it then be a parse issue? It could be (the zeroed fields then not affecting the result). It would really help if you could add "enc 3" to charondebug in ipsec.conf and rerun the failing test. That would show us how exactly the ID payload is parsed. Regards, Tobias
syslog.txt
Description: Binary data
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
