diff options
author | Tobias Brunner <tobias@strongswan.org> | 2009-07-31 18:10:39 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2009-08-04 11:08:58 +0200 |
commit | 56ee8fcc96f1e16ae9eeac3ca5bafbb647d2b37c (patch) | |
tree | e749a39f8d664a54f0e5460c74943e63e2c74933 /src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | |
parent | e8c3cdb25b75bef0f7571c81f5b2b572abef1ebe (diff) | |
download | strongswan-56ee8fcc96f1e16ae9eeac3ca5bafbb647d2b37c.tar.bz2 strongswan-56ee8fcc96f1e16ae9eeac3ca5bafbb647d2b37c.tar.xz |
FreeBSD and Mac OS X both set the sequence number of an SADB_X_SPDGET response to zero, we accept that for now.
Diffstat (limited to 'src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
-rw-r--r-- | src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 592af431a..ce34f19fa 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -751,6 +751,8 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket this->mutex_pfkey->lock(this->mutex_pfkey); + /* FIXME: our usage of sequence numbers is probably wrong. check RFC 2367, + * in particular the behavior in response to an SADB_ACQUIRE. */ in->sadb_msg_seq = ++this->seq; in->sadb_msg_pid = getpid(); @@ -812,14 +814,23 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket } if (msg->sadb_msg_seq != this->seq) { - DBG1(DBG_KNL, "received PF_KEY message with invalid sequence number, " - "was %d expected %d", msg->sadb_msg_seq, this->seq); - if (msg->sadb_msg_seq < this->seq) + DBG1(DBG_KNL, "received PF_KEY message with unexpected sequence " + "number, was %d expected %d", msg->sadb_msg_seq, this->seq); + if (msg->sadb_msg_seq == 0) + { + /* FreeBSD and Mac OS X do this for the response to + * SADB_X_SPDGET (but not for the response to SADB_GET). + * FreeBSD: 'key_spdget' in /usr/src/sys/netipsec/key.c. */ + } + else if (msg->sadb_msg_seq < this->seq) { continue; } - this->mutex_pfkey->unlock(this->mutex_pfkey); - return FAILED; + else + { + this->mutex_pfkey->unlock(this->mutex_pfkey); + return FAILED; + } } if (msg->sadb_msg_type != in->sadb_msg_type) { |