[Swan-dev] state machine issue with mismatched child in initial exchange
Paul Wouters
paul at nohats.ca
Mon Jul 13 21:34:17 EEST 2015
I noticed the following error on the initiator when the child sa
is mismatched on the initial exchange:
Jul 13 14:05:18: | ***parse IKEv2 Notify Payload:
Jul 13 14:05:18: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
Jul 13 14:05:18: | flags: none (0x0)
Jul 13 14:05:18: | length: 8 (0x8)
Jul 13 14:05:18: | Protocol ID: PROTO_RESERVED (0x0)
Jul 13 14:05:18: | SPI size: 0 (0x0)
Jul 13 14:05:18: | Notify Message Type: v2N_NO_PROPOSAL_CHOSEN (0xe)
Jul 13 14:05:18: | processing payload: ISAKMP_NEXT_v2N (len=8)
Jul 13 14:05:18: | selected state microcode roof
Jul 13 14:05:18: | processing connection "westnet-eastnet-mismatch"
Jul 13 14:05:18: | ended up with STATE_IKEv2_ROOF
Jul 13 14:05:18: "westnet-eastnet-mismatch" #1: missing payload(s) (ISAKMP_NEXT_v2SK). Message dropped.
Jul 13 14:05:18: | #1 complete v2 state transition from STATE_PARENT_I2 with v2N_INVALID_SYNTAX
Jul 13 14:05:18: "westnet-eastnet-mismatch" #1: EXPECTATION FAILED at /source/programs/pluto/ikev2.c:1824: st != NULL && st->st_event != NULL && st->st_event->ev_type == EVENT_v2_RETRANSMIT
Jul 13 14:05:18: | state transition function for STATE_PARENT_I2 failed: v2N_INVALID_SYNTAX
It looks like a bug in the state machine. Either ISAKMP_NEXT_v2SK should
become optional or we should have two seperate states for these.
West then retransmits the same, but then east gives a different answer?
Jul 13 14:05:18: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Jul 13 14:05:18: | ***parse IKEv2 Notify Payload:
Jul 13 14:05:18: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
Jul 13 14:05:18: | flags: none (0x0)
Jul 13 14:05:18: | length: 8 (0x8)
Jul 13 14:05:18: | Protocol ID: PROTO_RESERVED (0x0)
Jul 13 14:05:18: | SPI size: 0 (0x0)
Jul 13 14:05:18: | Notify Message Type: v2N_INVALID_MESSAGE_ID (0x9)
Paul
More information about the Swan-dev
mailing list