Hello Nan, the source code in question is
if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2) { loglog(RC_LOG_SERIOUS , "DPD: R_U_THERE_ACK has invalid SPI length (%d)" , n->isan_spisize); return STF_FAIL + ISAKMP_PAYLOAD_MALFORMED; } COOKIE_SIZE is a constant with a value of 8 bytes and n->isan_spisize is output as 16 bytes in the error message. This means that the second half || pbs_left(pbs) < COOKIE_SIZE * 2) triggers the error. This means that the received R_U_THERE_ACK message does not contain 2 COOKIES. Regards Andreas On 08/24/2011 03:34 AM, Nan Luo wrote: > Hi, > > I have seen this error in the pluto debug log "secure" when testing DPD > against my SeGW, I wonder what this error really means. Per RFC3706, the > SPI length should be set to 16 in the R_U_THERE/R_U_THERE_ACK messages. > So does this error mean something else wrong in the R_U_THERE_ACK sent > by my SeGW? strongSwan sent a MALFORMED-PAYLOAD back to my SeGW after > printing out this error > > Thanks for your help > > Nan ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users