[Swan-dev] testing/pluto/ikev2-algo-sha2-05 succeeded in an odd way

Paul Wouters paul at nohats.ca
Sun Feb 12 20:08:51 UTC 2017


We are sending an unencrypted error reply that should be encrypted (but unauthenticated)

It is a bug on our end on handling IKE_AUTH failures nicely.

Paul

Sent from my iPhone

> On Feb 12, 2017, at 14:28, D. Hugh Redelmeier <hugh at mimosa.com> wrote:
> 
> [I have not investigated this.]
> 
> In my recent test run, testing/pluto/ikev2-algo-sha2-05 passed, but with 
> an EXPECTATION.  When I look at west.pluto.txt, I find this:
> 
> 
> | processing payload: ISAKMP_NEXT_v2N (len=8)
> | selected state microcode roof
> | no useful state microcode entry found
> packet from 192.1.2.23:500: missing payload(s) (ISAKMP_NEXT_v2SK). Message dropped.
> | #0 complete v2 state transition from STATE_UNDEFINED with v2N_INVALID_SYNTAX
> packet from 192.1.2.23:500: EXPECTATION FAILED: st != NULL && st->st_event != NULL && st->st_event->ev_type == EVENT_v2_RETRANSMIT (in complete_v2_state_transition at /source/programs/pluto/ikev2.c:2115)
> | state transition function for STATE_UNDEFINED failed: v2N_INVALID_SYNTAX
> | pluto_sd: executing action action: reloading(4), status 0
> 
> 
> What's up with this?  Why are we getting a packet that cannot be handled?
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev



More information about the Swan-dev mailing list