diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-01-31 18:42:26 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-03-19 16:19:11 +0100 |
| commit | 68bfee4bc414b9b254dbe73cace5b6f5133ad0be (patch) | |
| tree | 87e3f71dccfcd443c212a0bf764c3046a1353c5d | |
| parent | 2071dd63d6812392a4b939cd592826e94aaf5341 (diff) | |
| download | strongswan-68bfee4bc414b9b254dbe73cace5b6f5133ad0be.tar.bz2 strongswan-68bfee4bc414b9b254dbe73cace5b6f5133ad0be.tar.xz | |
Avoid returning COOKIEs right after system boot
When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).
Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.
Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.
| -rw-r--r-- | src/libcharon/network/receiver.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index f683cf818..6b2c2bf5b 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -296,7 +296,7 @@ static bool cookie_required(private_receiver_t *this, this->last_cookie = now; return TRUE; } - if (now < this->last_cookie + COOKIE_CALMDOWN_DELAY) + if (this->last_cookie && now < this->last_cookie + COOKIE_CALMDOWN_DELAY) { /* We don't disable cookies unless we haven't seen IKE_SA_INITs * for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between |