Feature #960
Raise ALERT_PROPOSAL_MISMATCH_IKE in IKE V1
Description
In IKE V2 StrongSwan raise ALERT_PROPOSAL_MISMATCH_IKE
We currently don't raise such an alert for IKEv1 , and it would make sense to do so.
patch attached.
History
#1 Updated by Martin Willi over 4 years ago
- Status changed from New to Feedback
- Assignee set to Martin Willi
- Target version set to 5.3.2
Hi,
Thanks for your patch. I've split it up to individual commits, cleaned it up and made some changes:
While strongSwan sends NO_PROPOSAL_CHOSEN in different situations, only some are actually due to a real proposal mismatch. I'd prefer to raise the alert only if it is actually results from a real proposal mismatch (not for protocol errors or the like).
Further, we should really catch proposal mismatches reported through INFORMATIONAL messages; this is the way most clients will report such errors.
The individual commits are available in the proposal-alerts branch.
Regards
Martin
#2 Updated by Tobias Brunner over 4 years ago
- Target version deleted (
5.3.2)
#3 Updated by Avinoam Meir over 4 years ago
The changes Looks good to me!
Thanks.
Avinoam
#4 Updated by Avinoam Meir over 4 years ago
Hey,
while looking another time in the branch, It seem that in quick_mode.c in the method process_i should also raise the ALERT_PROPOSAL_MISMATCH_CHILD alert if there it doesn't find proposal.
Thanks,
Avinoam
#5 Updated by Avinoam Meir over 4 years ago
Hi Martin,
Is there any update about this issue?
#6 Updated by Emeric Poupon over 2 years ago
Hello,
We are interested on this issue too. Any news?