[Swan-dev] ikev2parent_inI1outR1 parsing questions

Andrew Cagney andrew.cagney at gmail.com
Fri Jan 22 14:17:47 UTC 2016


On 21 January 2016 at 17:24, Paul Wouters <paul at nohats.ca> wrote:
> On Thu, 21 Jan 2016, Andrew Cagney wrote:
>
>> That, fortunately, is beyond the scope of what I'm changing.
>
>
> :)
>
>> Yes.  For instance, given:
>>
>> - initiator proposes KE=1500 MODP=1500 2000
>> - responder has MODP=4000,2000
>>
>> then if tje responder sends back INVALID_KE(4000) (its default),
>> instead of INVALID_KE(2000) (from matching proposal), then the
>> initiator is going to drop that response on the floor and an interop
>> that should work won't.
>
>
> We should never send back a KE value along with INVALID_KE that the
> originator did not propose - unless maybe only when there is no
> overlap between initiator and responder groups, so that at least
> the initiator knows what to add to their proposal next time.

Right; pluto did.  That's finally fixed.


More information about the Swan-dev mailing list