[Swan-commit] Changes to ref refs/heads/fragmentation
Paul Wouters
paul at vault.libreswan.fi
Wed Feb 20 17:57:58 EET 2013
New commits:
commit 0b6b498f8f80782929583b7fe6a28daba058eae0
Author: Paul Wouters <pwouters at redhat.com>
Date: Wed Feb 20 10:53:51 2013 -0500
* fragmentation: Remove spurious Racoon non-ESP marker
During testing we found that racoon sometimes adds a bogus non-esp marker
to the IKE packet. This confuses libreswan, because it causes the ICOOKIE
to not match to an existing state.
We assume now that if the ICOOKIE starts with 00 00 00 00, that it is
such a bogus marker, and we use out_raw() to remove the 4 bytes from
the packet stream. However, it still looks like racoon gets it wrong,
because the ISAKMP header is still not properly formatted.
We're still investigating
More information about the Swan-commit
mailing list