Yesterday we ran into an interoperability issue with Cisco. Libreswan split out the Notify Protocol ID values from the Delete Protocol ID values and Proposal Protocol ID values. While these "registries" are basically the same, they are subtly different. We basically changed it like this: -extern enum_names ikev2_sec_proto_id_names; +extern enum_names ikev2_proposal_protocol_id_names; /* 1=IKE SA, 2=AH, 3=ESP */ +extern enum_names ikev2_delete_protocol_id_names; /* 1=IKE SA, 2=AH, 3=ESP */ +extern enum_names ikev2_notify_protocol_id_names; /* NONE=0, 2=AH, 3=ESP; NOT IKE! */ Note that Notify payloads cannot have Protocol ID set to 1. However, this is what Cisco is sending. Libreswan incorrectly did not ignore this, resulting in these two bugs causing an interop failure. We have fixed our code to handle this, but it would be good if Cisco fixed their bug as well, and for other implementations to have a look if they perhaps made a similar mistake. Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
