[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(racoon 896) Re: "DOI value of CONNECTED Notify Message has problem"
- To: <haoda@ysh.com.cn>
- Subject: (racoon 896) Re: "DOI value of CONNECTED Notify Message has problem"
- From: Satoshi Inoue <inoue@ntes.ipv6.nec.co.jp>
- Date: Fri, 14 Jan 2005 20:19:26 +0900
- Cc: haoda@64translator.com, racoon@kame.net
- Delivered-to: racoon-archive@kame.net
- Delivered-to: racoon-outgo@kame.net
- Delivered-to: racoon@kame.net
- In-reply-to: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4clGGxss90uSRwqTHnmng8KAAAAQAAAAyQPwC5p/WUiEl4Ue/2ZiFgEAAAAA@ysh.com.cn>
- References: <20050111153545.D857.YUTAPON@tera.ics.keio.ac.jp> <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4clGGxss90uSRwqTHnmng8KAAAAQAAAAyQPwC5p/WUiEl4Ue/2ZiFgEAAAAA@ysh.com.cn>
- Reply-to: racoon@kame.net
- Sender: owner-racoon@kame.net
On Fri, 14 Jan 2005 19:36:45 +0900
"Haoda" <haoda@64translator.com> wrote:
> I think the 4th message sent from responder to initiator is not correct.
> Because according to RFC, when the responder receive the 3rd message, it
> will wait for the next Notify payload from initiator and don't send any
> packet. I think maybe racoon sent the improperly packet after it received
> the 3rd message.
>
> How about you think about this?
My understanding of CONNECTED notification goes like this;
Initiator Responder
----------- -----------
HDR*, HASH(1), SA, Ni
[, KE ] [, IDci, IDcr ] -->
<-- HDR(commit)*, HASH(2), SA, Nr
[, KE ] [, IDci, IDcr ]
HDR*, HASH(3) -->
<-- CONNECTED
Commit bit is used to signal the use of CONNECTED notification by the
sending entity, Responder in this case. Initiator waits for CONNECTED
notification, IPsec SAs are established after the receipt and
processing of this notification. IMHO, only the AM/QM responders get
the advantage of this functionality, i.e. not much use for initiators
to set the commit bit.