diff options
author | Thomas Egerer <thomas.egerer@secunet.com> | 2017-03-10 10:45:48 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-23 17:53:20 +0200 |
commit | 3a67df3b10ffb29c880823572b8fa01787931bdb (patch) | |
tree | e1e4aa76d8e8fc371ba11c22be71537d7f8709d5 /src/libcharon/network/receiver.c | |
parent | 6b9361f71418239fb0835e9ff5bf0b1816f9dc04 (diff) | |
download | strongswan-3a67df3b10ffb29c880823572b8fa01787931bdb.tar.bz2 strongswan-3a67df3b10ffb29c880823572b8fa01787931bdb.tar.xz |
receiver: Restrict init limit to half-open SAs as responder
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Diffstat (limited to 'src/libcharon/network/receiver.c')
-rw-r--r-- | src/libcharon/network/receiver.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 1bf93ad40..8fb48281f 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -321,18 +321,16 @@ static bool cookie_required(private_receiver_t *this, */ static bool drop_ike_sa_init(private_receiver_t *this, message_t *message) { - u_int half_open, half_open_r; + u_int half_open; uint32_t now; now = time_monotonic(NULL); half_open = charon->ike_sa_manager->get_half_open_count( - charon->ike_sa_manager, NULL, FALSE); - half_open_r = charon->ike_sa_manager->get_half_open_count( charon->ike_sa_manager, NULL, TRUE); /* check for cookies in IKEv2 */ if (message->get_major_version(message) == IKEV2_MAJOR_VERSION && - cookie_required(this, half_open_r, now) && !check_cookie(this, message)) + cookie_required(this, half_open, now) && !check_cookie(this, message)) { chunk_t cookie; |