Hi Gowri, have a look at the following piece of code in the git repository
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/network/receiver.c;h=f0cb0b2d17d153205e97f880e7daa0fdea89f974;hb=HEAD#l409 which is the basis of today's strongSwan 5.0.0 release. Regards Andreas On 06/30/2012 09:13 AM, gowrishankar wrote: > strongswan: charon not reacting for higher major version in IKE header > > strongswan libcharon is found to be not reacting for invalid (or > higher) major version in IKE header of received packet. > > As per RFC 4306 Section 2.5: > If an endpoint receives a message with a higher major version number, > it MUST drop the message and SHOULD send an unauthenticated > notification message containing the highest version number it > supports. > > and RFC 5996 Section 2.5 clarifies the notification message type as > "INVALID_MAJOR_VERSION". Though current implementation shows > portion of code libcharon/network/receiver.c, but it is not executing > while sending IKE_SA_INIT request with invalid major version (and > I am not seeing any debug info in charon.log for received packet > by net or enc threads). > > I tested with strongswan based on 4.6. > > Can some one have a look on this ? > > Thanks, > Gowri Shankar > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
