[Swan-commit] Changes to ref refs/heads/fragmentation

Paul Wouters paul at vault.libreswan.fi
Wed Feb 20 17:57:58 EET 2013


New commits:
commit 0b6b498f8f80782929583b7fe6a28daba058eae0
Author: Paul Wouters <pwouters at redhat.com>
Date:   Wed Feb 20 10:53:51 2013 -0500

    * fragmentation: Remove spurious Racoon non-ESP marker
    
    During testing we found that racoon sometimes adds a bogus non-esp marker
    to the IKE packet. This confuses libreswan, because it causes the ICOOKIE
    to not match to an existing state.
    
    We assume now that if the ICOOKIE starts with 00 00 00 00, that it is
    such a bogus marker, and we use out_raw() to remove the 4 bytes from
    the packet stream. However, it still looks like racoon gets it wrong,
    because the ISAKMP header is still not properly formatted.
    
    We're still investigating



More information about the Swan-commit mailing list