[Swan-dev] length of ISAKMP Message is larger than can fit
Paul Wouters
paul at nohats.ca
Mon Jul 1 17:40:43 UTC 2019
It seems we can end up entering in_struct() when we got an ICMP instead
of an IKE message.
Simply launch pluto against an IP that is not running pluto, and you
will see:
"private#192.1.2.23/32"[1] ...192.1.2.23 #4: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response
length of ISAKMP Message is larger than can fit
"private#192.1.2.23/32"[1] ...192.1.2.23 #4: STATE_PARENT_I1: retransmission; will wait 1 seconds for response
length of ISAKMP Message is larger than can fit
"private#192.1.2.23/32"[1] ...192.1.2.23 #4: STATE_PARENT_I1: retransmission; will wait 2 seconds for response
length of ISAKMP Message is larger than can fit
"private#192.1.2.23/32"[1] ...192.1.2.23 #4: STATE_PARENT_I1: 3 second timeout exceeded after 3 retransmits. No response (or no acceptable response) to our first IKEv2 message
"private#192.1.2.23/32"[1] ...192.1.2.23 #4: deleting state (STATE_PARENT_I1) aged 4.020s and NOT sending notification
length of ISAKMP Message is larger than can fit
I guess someone changed the err msg queue handling?
Paul
More information about the Swan-dev
mailing list