Opened 12 years ago

Closed 11 years ago

#204 closed defect (fixed)

Promlem with format of IKEV2_MESSAGE_ID_SYNC and IPSEC_REPLAY_COUNTER_SYNC notification payload

Reported by: rsjenwar@… Owned by: Raj
Priority: normal Milestone:
Component: ipsecha-protocol Severity: Active WG Document
Keywords: Cc: ipsec@…; kivinen@…

Description

The IKEV2_MESSAGE_ID_SYNC and IPSEC_REPLAY_COUNTER_SYNC messages do not follow Notification payload syntax.

For the IKEV2_MESSAGE_ID_SYNC there is only the missing critical bit:

1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload | RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

...

instead of:

1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

For the IPSEC_REPLAY_COUNTER_SYNC it is bit more serious as it puts something else on the same plaCe where the C bit normally is:

1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |E| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

I.e it adds "ESN bit" on the generic IKEv2 header in the location where normally there is the critical bit.

There is not really any need for the ESN bit as the length of the delta value can be seen from the payload length field.

Change History (2)

comment:1 Changed 11 years ago by yaronf@…

  • Component changed from ipsec-ha to ipsecha-protocol

comment:2 Changed 11 years ago by yaronf@…

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in -03. No more ESN bit.

Note: See TracTickets for help on using tickets.