diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2014-10-21 11:22:51 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2014-12-05 15:41:46 +0100 |
| commit | fac310a46718d72e4184217f3f40205599575cad (patch) | |
| tree | 36c52e09186ec0441155ca1ea742c1358454be6d /src/libcharon/encoding | |
| parent | 7bd55485386bc32f0b24fb39bc41d4a43ba3f03c (diff) | |
| download | strongswan-fac310a46718d72e4184217f3f40205599575cad.tar.bz2 strongswan-fac310a46718d72e4184217f3f40205599575cad.tar.xz | |
ike: Make check for known payloads depend on IKE version
Diffstat (limited to 'src/libcharon/encoding')
| -rw-r--r-- | src/libcharon/encoding/message.c | 2 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/payload.c | 60 | ||||
| -rw-r--r-- | src/libcharon/encoding/payloads/payload.h | 3 |
3 files changed, 40 insertions, 25 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index fd476532d..ba71238c8 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -2475,7 +2475,7 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat) was_encrypted = "encrypted fragment payload"; } - if (payload_is_known(type) && !was_encrypted && + if (payload_is_known(type, this->major_version) && !was_encrypted && !is_connectivity_check(this, payload) && this->exchange_type != AGGRESSIVE) { diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index 600b6dd68..cd014fd21 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -266,37 +266,51 @@ payload_t *payload_create(payload_type_t type) /** * See header. */ -bool payload_is_known(payload_type_t type) +bool payload_is_known(payload_type_t type, u_int8_t maj_ver) { if (type == PL_HEADER) { return TRUE; } - if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION) + switch (maj_ver) { - return TRUE; - } - if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA) - { - return TRUE; - } - if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP) - { - return TRUE; - } - if (type == PLV2_FRAGMENT) - { - return TRUE; - } + case 0: + case IKEV1_MAJOR_VERSION: + if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION) + { + return TRUE; + } + if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA) + { + return TRUE; + } + if (type >= PLV1_NAT_D_DRAFT_00_03 && type <= PLV1_FRAGMENT) + { + return TRUE; + } + if (maj_ver) + { + break; + } + /* fall-through */ + case IKEV2_MAJOR_VERSION: + if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP) + { + return TRUE; + } + if (type == PLV2_FRAGMENT) + { + return TRUE; + } #ifdef ME - if (type == PLV2_ID_PEER) - { - return TRUE; - } + if (type == PLV2_ID_PEER) + { + return TRUE; + } #endif - if (type >= PLV1_NAT_D_DRAFT_00_03 && type <= PLV1_FRAGMENT) - { - return TRUE; + break; + default: + break; } return FALSE; } diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 036cd422d..920779bd1 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -405,9 +405,10 @@ payload_t *payload_create(payload_type_t type); * Check if a specific payload is implemented, or handled as unknown payload. * * @param type type of the payload to check + * @param maj_ver major IKE version (use 0 to skip version check) * @return FALSE if payload type handled as unknown payload */ -bool payload_is_known(payload_type_t type); +bool payload_is_known(payload_type_t type, u_int8_t maj_ver); /** * Get the value field in a payload using encoding rules. |