aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/encoding/message.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/encoding/message.c')
-rw-r--r--src/libcharon/encoding/message.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 55e9f33fc..28fdda735 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -442,6 +442,7 @@ static payload_rule_t id_prot_i_rules[] = {
{CERTIFICATE_V1, 0, 2, TRUE, FALSE},
{SIGNATURE_V1, 0, 1, TRUE, FALSE},
{HASH_V1, 0, 1, TRUE, FALSE},
+ {FRAGMENT_V1, 0, 1, FALSE, TRUE},
};
/**
@@ -461,6 +462,7 @@ static payload_order_t id_prot_i_order[] = {
{VENDOR_ID_V1, 0},
{NAT_D_V1, 0},
{NAT_D_DRAFT_00_03_V1, 0},
+ {FRAGMENT_V1, 0},
};
/**
@@ -480,6 +482,7 @@ static payload_rule_t id_prot_r_rules[] = {
{CERTIFICATE_V1, 0, 2, TRUE, FALSE},
{SIGNATURE_V1, 0, 1, TRUE, FALSE},
{HASH_V1, 0, 1, TRUE, FALSE},
+ {FRAGMENT_V1, 0, 1, FALSE, TRUE},
};
/**
@@ -499,6 +502,7 @@ static payload_order_t id_prot_r_order[] = {
{VENDOR_ID_V1, 0},
{NAT_D_V1, 0},
{NAT_D_DRAFT_00_03_V1, 0},
+ {FRAGMENT_V1, 0},
};
/**
@@ -518,6 +522,7 @@ static payload_rule_t aggressive_i_rules[] = {
{CERTIFICATE_V1, 0, 1, TRUE, FALSE},
{SIGNATURE_V1, 0, 1, TRUE, FALSE},
{HASH_V1, 0, 1, TRUE, FALSE},
+ {FRAGMENT_V1, 0, 1, FALSE, TRUE},
};
/**
@@ -537,6 +542,7 @@ static payload_order_t aggressive_i_order[] = {
{CERTIFICATE_REQUEST_V1, 0},
{NOTIFY_V1, 0},
{VENDOR_ID_V1, 0},
+ {FRAGMENT_V1, 0},
};
/**
@@ -556,6 +562,7 @@ static payload_rule_t aggressive_r_rules[] = {
{CERTIFICATE_V1, 0, 1, FALSE, FALSE},
{SIGNATURE_V1, 0, 1, FALSE, FALSE},
{HASH_V1, 0, 1, FALSE, FALSE},
+ {FRAGMENT_V1, 0, 1, FALSE, TRUE},
};
/**
@@ -575,6 +582,7 @@ static payload_order_t aggressive_r_order[] = {
{CERTIFICATE_REQUEST_V1, 0},
{NOTIFY_V1, 0},
{VENDOR_ID_V1, 0},
+ {FRAGMENT_V1, 0},
};
/**
@@ -1693,6 +1701,12 @@ METHOD(message_t, parse_header, status_t,
}
this->first_payload = ike_header->payload_interface.get_next_type(
&ike_header->payload_interface);
+ if (this->first_payload == FRAGMENT_V1 && this->is_encrypted)
+ { /* racoon sets the encryted bit when sending a fragment, but these
+ * messages are really not encrypted */
+ this->is_encrypted = FALSE;
+ }
+
for (i = 0; i < countof(this->reserved); i++)
{
reserved = payload_get_field(&ike_header->payload_interface,
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-17 04:12:44 +0000