Project

General

Profile

Feature #1000

Raise ALERT_TS_MISMATCH in IKE V1

Added by Avinoam Meir about 5 years ago. Updated almost 5 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
libcharon
Target version:
-
Start date:
18.06.2015
Due date:
Estimated time:
Resolution:

Description

In IKE V2 StrongSwan raise ALERT_TS_MISMATCH

We currently don't raise such an alert for IKEv1 , and it would make sense to do so.
In addition, it can be helpful to know if our VPN determined it or we notified by the other peer.

patch attached.

History

#1 Updated by Martin Willi about 5 years ago

  • Status changed from New to Feedback

Hi,

Thanks for the patch.

+ * followed by a bool set to TRUE if mismatch is local. */

You are introducing this additional option to invoke the hook when receiving a TS_UNACCEPTABLE notify, and also raise it for IKEv2. However, your patch does never calls the hook with FALSE for IKEv1, which is somewhat inconsistent.

So either please don't introduce that additional option, or invoke the hook for IKEv1 as well (for INVALID_ID_INFORMATION).

Also, please consider submitting real git changesets instead of plain diffs, preferably over the developer mailing list.

Regards
Martin

#3 Updated by Avinoam Meir almost 5 years ago

Hi Martin,

Is there any update about this issue?

Also available in: Atom PDF