diff options
| author | Martin Willi <martin@revosec.ch> | 2013-02-25 11:42:50 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-02-25 12:12:19 +0100 |
| commit | cdf75a39e3c6eb5e7e59d831d8b2441d8af08516 (patch) | |
| tree | 61ec8b3e37ea89b03965becdeead971937b49bbb /src/libcharon/sa/ikev1/task_manager_v1.c | |
| parent | 9eaed7a5bb11726e8a2bca5e82fde78f25803237 (diff) | |
| download | strongswan-cdf75a39e3c6eb5e7e59d831d8b2441d8af08516.tar.bz2 strongswan-cdf75a39e3c6eb5e7e59d831d8b2441d8af08516.tar.xz | |
Move initial message dropping to task manager
When the last request message of the initial tunnel setup is retransmitted,
we must retransmit the response instead of ignoring the request.
Fixes #295.
Diffstat (limited to 'src/libcharon/sa/ikev1/task_manager_v1.c')
| -rw-r--r-- | src/libcharon/sa/ikev1/task_manager_v1.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 8a4761d5c..7a84d1cef 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1471,6 +1471,21 @@ METHOD(task_manager_t, process_message, status_t, charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg); return SUCCESS; } + + /* reject Main/Agressive Modes once established */ + if (msg->get_exchange_type(msg) == ID_PROT || + msg->get_exchange_type(msg) == AGGRESSIVE) + { + if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED && + this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING && + msg->get_first_payload_type(msg) != FRAGMENT_V1) + { + DBG1(DBG_IKE, "ignoring %N in established IKE_SA state", + exchange_type_names, msg->get_exchange_type(msg)); + return FAILED; + } + } + if (msg->get_exchange_type(msg) == TRANSACTION && this->active_tasks->get_count(this->active_tasks)) { /* main mode not yet complete, queue XAuth/Mode config tasks */ @@ -2030,4 +2045,3 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) return &this->public; } - |