Hi tech@,
I noticed that the definition of IKEV2_CRITICAL_PAYLOAD in ikev2.h is
incorrect. According to RFC 7296, Section 3.2 the critical bit is the
first/high bit of the second octet of the IKE payload header. An octet
with only its first bit set results in a hex value of 0x80, not 0x01.
IKEV2_CRITICAL_PAYLOAD is only used to create a log message in
ikev2_pld_payloads (ikev2_pld.c), so the impact of this bug is small,
but correctly logging whether a payload is critical seems useful.
Best regards,
Thomas
--- a/ikev2.h
+++ b/ikev2.h
@@ -78,7 +78,7 @@ struct ikev2_payload {
uint16_t pld_length; /* Payload length with header */
} __packed;
-#define IKEV2_CRITICAL_PAYLOAD 0x01 /* First bit in the reserved field */
+#define IKEV2_CRITICAL_PAYLOAD 0x80 /* First bit in the reserved field */
/* IKEv2 payload types */
#define IKEV2_PAYLOAD_NONE 0 /* No payload */
