Hi, I am testing IKEv2 implementation for invalid but critical payload type. strongswan seems to be sending notification payload of message type "UNSUPPORTED_CRITICAL_PAYLOAD" as expected. But, notification data is corrupted where as it should be a "one-octet payload type" as per Section 2.5 of RFC 5996 (or 4306).
From charon.log: Jun 30 22:45:07 16[ENC] payload type (100) is not supported, but its critical! Jun 30 22:45:07 16[IKE] critical unknown payloads found Jun 30 22:45:07 16[ENC] added payload of type NOTIFY to message Jun 30 22:45:07 16[ENC] added payload of type NOTIFY to message Jun 30 22:45:07 16[ENC] generating CREATE_CHILD_SA response 2 [ N(CRIT) ] Jun 30 22:45:07 16[ENC] insert payload NOTIFY to encryption payload ... .. Jun 30 22:45:07 16[ENC] generating payload of type NOTIFY ... .. Jun 30 22:45:07 16[ENC] generating rule 14 NOTIFICATION_DATA Jun 30 22:45:07 16[ENC] => => 1 bytes @ 0xad7005a8 Jun 30 22:45:07 16[ENC] 0: 2D - Jun 30 22:45:07 16[ENC] generating NOTIFY payload finished Also, I found this problem might have been fixed in 5.0.0 version (thou- gh I have not yet tested), by a rework applied to handle variable length of payload data. http://wiki.strongswan.org/projects/strongswan/repository/revisions/95a26523afc0d2a997cd1d4f738c287ae045ae4e Can someone confirm if this was already reported (if so, strongswan bug id?) or I can open a defect to down-stream the patch in 4.6.x ? Thanks, Gowri Shankar _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
