Hi Andreas, I tested in strongswan-5.0.0rc1 as well, but same problem. I'll debug some more and post here updates.
Thanks, Gowri Shankar On Saturday 30 June 2012 08:38 PM, Andreas Steffen wrote: > Hi Gowri, > > have a look at the following piece of code in the git repository > > http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/network/receiver.c;h=f0cb0b2d17d153205e97f880e7daa0fdea89f974;hb=HEAD#l409 > > which is the basis of today's strongSwan 5.0.0 release. > > Regards > > Andreas > > On 06/30/2012 09:13 AM, gowrishankar wrote: >> strongswan: charon not reacting for higher major version in IKE header >> >> strongswan libcharon is found to be not reacting for invalid (or >> higher) major version in IKE header of received packet. >> >> As per RFC 4306 Section 2.5: >> If an endpoint receives a message with a higher major version number, >> it MUST drop the message and SHOULD send an unauthenticated >> notification message containing the highest version number it >> supports. >> >> and RFC 5996 Section 2.5 clarifies the notification message type as >> "INVALID_MAJOR_VERSION". Though current implementation shows >> portion of code libcharon/network/receiver.c, but it is not executing >> while sending IKE_SA_INIT request with invalid major version (and >> I am not seeing any debug info in charon.log for received packet >> by net or enc threads). >> >> I tested with strongswan based on 4.6. >> >> Can some one have a look on this ? >> >> Thanks, >> Gowri Shankar >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
