diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-02-10 10:11:31 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-03-03 17:32:03 +0100 |
| commit | 91d80298f9de5e7d792b7cb0a6c7a2c61784d744 (patch) | |
| tree | 9ad98aa0caa4c775764afd3eaf76327d9eb7e8ea /src/libcharon/sa/ikev1/tasks | |
| parent | 2f3c08d268a6ead9e7d9e74b523600d76e3e5722 (diff) | |
| download | strongswan-91d80298f9de5e7d792b7cb0a6c7a2c61784d744.tar.bz2 strongswan-91d80298f9de5e7d792b7cb0a6c7a2c61784d744.tar.xz | |
ikev1: Send and verify IPv6 addresses correctly
According to the mode-config draft there is no prefix sent for
IPv6 addresses in IKEv1. We still accept 17 bytes long addresses for
backwards compatibility with older strongSwan releases.
Fixes #1304.
Diffstat (limited to 'src/libcharon/sa/ikev1/tasks')
| -rw-r--r-- | src/libcharon/sa/ikev1/tasks/mode_config.c | 37 |
1 files changed, 11 insertions, 26 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index a03477e18..b9f924009 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -76,35 +76,20 @@ typedef struct { */ static configuration_attribute_t *build_vip(host_t *vip) { - configuration_attribute_type_t type; - chunk_t chunk, prefix; + configuration_attribute_type_t type = INTERNAL_IP4_ADDRESS; + chunk_t chunk; - if (vip->get_family(vip) == AF_INET) + if (vip->get_family(vip) == AF_INET6) { - type = INTERNAL_IP4_ADDRESS; - if (vip->is_anyaddr(vip)) - { - chunk = chunk_empty; - } - else - { - chunk = vip->get_address(vip); - } + type = INTERNAL_IP6_ADDRESS; + } + if (vip->is_anyaddr(vip)) + { + chunk = chunk_empty; } else { - type = INTERNAL_IP6_ADDRESS; - if (vip->is_anyaddr(vip)) - { - chunk = chunk_empty; - } - else - { - prefix = chunk_alloca(1); - *prefix.ptr = 64; - chunk = vip->get_address(vip); - chunk = chunk_cata("cc", chunk, prefix); - } + chunk = vip->get_address(vip); } return configuration_attribute_create_chunk(PLV1_CONFIGURATION_ATTRIBUTE, type, chunk); @@ -165,8 +150,8 @@ static void process_attribute(private_mode_config_t *this, } else { - /* skip prefix byte in IPv6 payload*/ - if (family == AF_INET6) + /* skip prefix byte in IPv6 payload sent by older releases */ + if (family == AF_INET6 && addr.len == 17) { addr.len--; } |