Hi tech@, I noticed that the definition of IKEV2_CRITICAL_PAYLOAD in ikev2.h is incorrect. According to RFC 7296, Section 3.2 the critical bit is the first/high bit of the second octet of the IKE payload header. An octet with only its first bit set results in a hex value of 0x80, not 0x01.
IKEV2_CRITICAL_PAYLOAD is only used to create a log message in ikev2_pld_payloads (ikev2_pld.c), so the impact of this bug is small, but correctly logging whether a payload is critical seems useful. Best regards, Thomas --- a/ikev2.h +++ b/ikev2.h @@ -78,7 +78,7 @@ struct ikev2_payload { uint16_t pld_length; /* Payload length with header */ } __packed; -#define IKEV2_CRITICAL_PAYLOAD 0x01 /* First bit in the reserved field */ +#define IKEV2_CRITICAL_PAYLOAD 0x80 /* First bit in the reserved field */ /* IKEv2 payload types */ #define IKEV2_PAYLOAD_NONE 0 /* No payload */