From owner-freebsd-security  Thu Nov 15 19:25:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mine.kame.net (kame195.kame.net [203.178.141.195])
	by hub.freebsd.org (Postfix) with ESMTP id 8100B37B405
	for <freebsd-security@freebsd.org>; Thu, 15 Nov 2001 19:25:53 -0800 (PST)
Received: from localhost ([3ffe:501:41c:2000:e89c:3277:c904:dbcf])
	by mine.kame.net (8.11.1/3.7W) with ESMTP id fAG3L8x12055;
	Fri, 16 Nov 2001 12:21:09 +0900 (JST)
To: ns@BlueSkyFrog.COM
Cc: freebsd-security@freebsd.org
Subject: Re: KAME IPsec <--> Cisco
In-Reply-To: Your message of "Fri, 16 Nov 2001 12:25:12 +1000"
	<20011116122512.A24232@BlueSkyFrog.COM>
References: <20011116122512.A24232@BlueSkyFrog.COM>
X-Mailer: Cue version 0.6 (011026-1440/sakane)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Message-Id: <20011116122553J.sakane@kame.net>
Date: Fri, 16 Nov 2001 12:25:53 +0900
From: Shoichi Sakane <sakane@kame.net>
X-Dispatcher: imput version 20000228(IM140)
Lines: 23
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> 2001-11-16 12:13:20: DEBUG: isakmp.c:1462:isakmp_send(): 1 times of 296 bytes message will be sent.
	:
	(snip)
	:
> 2001-11-16 12:13:20: DEBUG: isakmp.c:234:isakmp_handler(): 96 bytes message received from 203.x.x.x[500]
> 2001-11-16 12:13:20: DEBUG: plog.c:193:plogdump(): 
> 016acbfe b84acd55 19e865f5 2b05b309 0b100500 00000000 00000060 00000044
> 00000001 0100000e 04000038 00000001 00000001 323b59e8 00000004 00000000
> 6225c09c 611cf22c 00000001 00000000 612ccc00 00000000 01000000 00000000

> 2001-11-16 12:13:20: DEBUG: isakmp_inf.c:114:isakmp_info_recv(): receive Information.

> 2001-11-16 12:13:20: ERROR: isakmp_inf.c:769:isakmp_info_recv_n(): delete phase1 handle.

> 2001-11-16 12:13:20: ERROR: isakmp_inf.c:792:isakmp_info_recv_n(): invalid spi_size in notification payload.

oh, it's the message for the phase 1 negotiation.  and there is a bug
to check the buffer size.  i've fix it.

> 2001-11-16 12:13:20: DEBUG: isakmp_inf.c:797:isakmp_info_recv_n(): notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=1 spi=(size=0).

but still the peer complained about something of the phase 1.
so check the phase 1 proposal of both.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message