Block XAuth transaction on established IKE_SAs, but allow Mode Config

author: Martin Willi <martin@revosec.ch> 2012-08-03 13:07:19 +0200
committer: Martin Willi <martin@revosec.ch> 2012-08-03 13:07:57 +0200
commit: 764035d515e4532dfd9e95f96c67ef4bb0c4c4be (patch)
tree: d222e5e6f477848c242ac6f6780d6a47521eed3b /src
parent: decc467a4f7a0aa607e98858b8fe6242deceed21 (diff)
download: strongswan-764035d515e4532dfd9e95f96c67ef4bb0c4c4be.tar.bz2
strongswan-764035d515e4532dfd9e95f96c67ef4bb0c4c4be.tar.xz
2 files changed, 1 insertions, 2 deletions
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 7f5acccc0..0a7c52a74 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1209,7 +1209,6 @@ METHOD(ike_sa_t, process_message, status_t,
 	{
 		case ID_PROT:
 		case AGGRESSIVE:
-		case TRANSACTION:
 		case IKE_SA_INIT:
 		case IKE_AUTH:
 			if (this->state != IKE_CREATED &&
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 0e88c9e0f..d71f540fe 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -879,7 +879,7 @@ static status_t process_request(private_task_manager_t *this,
 				}
 				break;
 			case TRANSACTION:
-				if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
+				if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
 				{
 					task = (task_t *)mode_config_create(this->ike_sa, FALSE);
 				}
author	Martin Willi <martin@revosec.ch>	2012-08-03 13:07:19 +0200
committer	Martin Willi <martin@revosec.ch>	2012-08-03 13:07:57 +0200
commit	764035d515e4532dfd9e95f96c67ef4bb0c4c4be (patch)
tree	d222e5e6f477848c242ac6f6780d6a47521eed3b /src
parent	decc467a4f7a0aa607e98858b8fe6242deceed21 (diff)
download	strongswan-764035d515e4532dfd9e95f96c67ef4bb0c4c4be.tar.bz2 strongswan-764035d515e4532dfd9e95f96c67ef4bb0c4c4be.tar.xz