3.3.5.3 Receiving Other IKE Messages

On receipt of an IKE message, the host MUST check if the message contains a Fragment payload. If a Fragment payload is present, and the payload is not the only payload in the message, the host MUST silently discard the message.

On receipt of a Fragment payload, the host MUST:

  • Retrieve the Fragment ID from the Fragment_ID field in the Fragment payload.

  • Start a fragmentation reassembly timer for this Fragment ID if no fragments are currently queued for this Fragment ID.

  • If the queue for this Fragment ID already contains a fragment with the same Fragment Number, the host MUST silently discard the message. If not, the host MUST add an entry to the Fragment queue in the corresponding entry of the MMSAD, with the queue entry fields initialized based on the associated fields of the Fragment payload.

In addition, the host SHOULD set the Fragmentation active flag in the corresponding MMSAD entry.<18>

The host MUST then check whether all Fragment payloads for this Fragment ID have been received (that is, whether Fragment payloads that have a Fragment Number from 1 to n have been received, and fragment n has the Flags field set to LAST_FRAGMENT).

The host MUST silently discard all Fragment payloads for this Fragment ID if any of the following error conditions occur:

  • More than one Fragment payload has the Flags field set to LAST_FRAGMENT.

  • A Fragment payload has been received with a Fragment Number greater than the Fragment Number of an entry in the Fragment queue with the Flags field set to LAST_FRAGMENT.

If all Fragment payloads for a Fragment ID have been received, the host MUST construct the reassembled message by concatenating the following:

  • The ISAKMP header from the first fragment.

  • Fragment payloads (without the Fragment payload header) in the order of their Fragment Number.

The host MUST then stop the fragment reassembly timer and process the reassembled IKE message as a typical message.

If the received message is a response to a previously sent message, the host MUST clear the fragmentation timer for the previously sent message.

If the processing of the IKE message results in the host sending a message, and the Fragmentation active flag is set for the corresponding MM SA, the host SHOULD fragment this message following the steps specified in section 3.3.6.1. If the Fragmentation active flag is not set, the host MUST start the fragmentation timer for the message it is about to send.<19>