Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain fragments

Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
author: Tobias Brunner <tobias@strongswan.org> 2012-12-20 11:55:33 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2012-12-24 12:29:27 +0100
commit: b8160377398e3a2e2e040824cedbf863518e98ec (patch)
tree: 58f5ae97c6b6fffbe8cb2e4f74221f12c17de043 /src
parent: 8fc8383439675456e83e9aae5350124ab5758ea1 (diff)
download: strongswan-b8160377398e3a2e2e040824cedbf863518e98ec.tar.bz2
strongswan-b8160377398e3a2e2e040824cedbf863518e98ec.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index de050cd3c..4029db11d 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1232,7 +1232,8 @@ METHOD(ike_sa_t, process_message, status_t,
 		case IKE_SA_INIT:
 		case IKE_AUTH:
 			if (this->state != IKE_CREATED &&
-				this->state != IKE_CONNECTING)
+				this->state != IKE_CONNECTING &&
+				message->get_first_payload_type(message) != FRAGMENT_V1)
 			{
 				DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
 					 exchange_type_names, message->get_exchange_type(message));
author	Tobias Brunner <tobias@strongswan.org>	2012-12-20 11:55:33 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2012-12-24 12:29:27 +0100
commit	b8160377398e3a2e2e040824cedbf863518e98ec (patch)
tree	58f5ae97c6b6fffbe8cb2e4f74221f12c17de043 /src
parent	8fc8383439675456e83e9aae5350124ab5758ea1 (diff)
download	strongswan-b8160377398e3a2e2e040824cedbf863518e98ec.tar.bz2 strongswan-b8160377398e3a2e2e040824cedbf863518e98ec.tar.xz