[Swan-dev] DCOOKIE on server causes STF_FAIL with <no reason>
Paul Wouters 🔓
paul at nohats.ca
Tue Nov 25 17:22:26 EET 2014
Mostly cosmetic:
| busy mode on. received I1 without a valid dcookie
| send a dcookie and forget this state
packet from 2001:db8:11::ff:fe00:1700:500: sending unencrypted notification v2N_COOKIE to 2001:db8:11::ff:fe00:1700:500
| **emit ISAKMP Message:
| initiator cookie:
| 8b a2 e3 9b 35 71 11 88
| responder cookie:
| 00 00 00 00 00 00 00 00
| next payload type: ISAKMP_NEXT_v2N
| ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996)
| exchange type: ISAKMP_v2_SA_INIT
| flags: ISAKMP_FLAG_v2_MSG_RESPONSE
| message ID: 00 00 00 00
| Adding a v2N Payload
| ***emit IKEv2 Notify Payload:
| next payload type: ISAKMP_NEXT_v2NONE
| flags: none
| Protocol ID: PROTO_RESERVED
| SPI size: 0
| Notify Message Type: v2N_COOKIE
| emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
| Notify data 49 56 71 8d bb 29 1e 32 14 83 fb cd 1c ff a8 45
| Notify data b9 85 a0 71
| emitting length of IKEv2 Notify Payload: 28
| no IKE message padding required
| emitting length of ISAKMP Message: 56
| sending 56 bytes for send_v2_notification through eth1:500 to 2001:db8:11::ff:fe00:1700:500 (using #0)
| 8b a2 e3 9b 35 71 11 88 00 00 00 00 00 00 00 00
| 29 20 22 20 00 00 00 00 00 00 00 38 00 00 00 1c
| 00 00 40 06 49 56 71 8d bb 29 1e 32 14 83 fb cd
| 1c ff a8 45 b9 85 a0 71
| complete v2 state transition from STATE_UNDEFINED with STF_FAIL
| state transition function for STATE_UNDEFINED failed: <no reason given>
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 48 seconds
| next event EVENT_PENDING_DDNS in 48 seconds
I guess STF_FAIL is okay, although it would probably be nice to have
"<no reason given>" changed for "sent dcookie" or something?
Paul
More information about the Swan-dev
mailing list