Feature #1000
Raise ALERT_TS_MISMATCH in IKE V1
Description
In IKE V2 StrongSwan raise ALERT_TS_MISMATCH
We currently don't raise such an alert for IKEv1 , and it would make sense to do so.
In addition, it can be helpful to know if our VPN determined it or we notified by the other peer.
patch attached.
History
#1 Updated by Martin Willi over 5 years ago
- Status changed from New to Feedback
Hi,
Thanks for the patch.
+ * followed by a bool set to TRUE if mismatch is local. */
You are introducing this additional option to invoke the hook when receiving a TS_UNACCEPTABLE notify, and also raise it for IKEv2. However, your patch does never calls the hook with FALSE for IKEv1, which is somewhat inconsistent.
So either please don't introduce that additional option, or invoke the hook for IKEv1 as well (for INVALID_ID_INFORMATION).
Also, please consider submitting real git changesets instead of plain diffs, preferably over the developer mailing list.
Regards
Martin
#2 Updated by Avinoam Meir about 5 years ago
- File 0004-ikev1-Raise-TS_MISMATCH-alert-from-INFORMATIONAL-err.patch 0004-ikev1-Raise-TS_MISMATCH-alert-from-INFORMATIONAL-err.patch added
- File 0003-quick-Raise-TS_MISMATCH-during-quick-mode.patch 0003-quick-Raise-TS_MISMATCH-during-quick-mode.patch added
- File 0002-child_create-Raise-TS_MISMATCH-when-getting-TS_UNACC.patch 0002-child_create-Raise-TS_MISMATCH-when-getting-TS_UNACC.patch added
- File 0001-bus-Add-a-boolean-argument-to-TS_MISMATCH_-alerts-to.patch 0001-bus-Add-a-boolean-argument-to-TS_MISMATCH_-alerts-to.patch added
Hi,
I add patch to invoke the hook also in ike v1, and upload patches in standard git format.
Thank you.
#3 Updated by Avinoam Meir about 5 years ago
Hi Martin,
Is there any update about this issue?