aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libcharon/sa/ikev1/task_manager_v1.c96
1 files changed, 81 insertions, 15 deletions
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index e1747d2c6..a839f51e7 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -935,6 +935,28 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid)
}
/**
+ * Check if we still have an aggressive mode task queued
+ */
+static bool have_aggressive_mode_task(private_task_manager_t *this)
+{
+ enumerator_t *enumerator;
+ task_t *task;
+ bool found = FALSE;
+
+ enumerator = this->passive_tasks->create_enumerator(this->passive_tasks);
+ while (enumerator->enumerate(enumerator, &task))
+ {
+ if (task->get_type(task) == TASK_AGGRESSIVE_MODE)
+ {
+ found = TRUE;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found;
+}
+
+/**
* handle an incoming request message
*/
static status_t process_request(private_task_manager_t *this,
@@ -1073,6 +1095,22 @@ static status_t process_request(private_task_manager_t *this,
* the same message again. */
clear_packets(this->responding.packets);
}
+ if (this->queued &&
+ this->queued->get_exchange_type(this->queued) == INFORMATIONAL_V1)
+ {
+ message_t *queued;
+ status_t status;
+
+ queued = this->queued;
+ this->queued = NULL;
+ status = this->public.task_manager.process_message(
+ &this->public.task_manager, queued);
+ queued->destroy(queued);
+ if (status == DESTROY_ME)
+ {
+ return status;
+ }
+ }
if (this->passive_tasks->get_count(this->passive_tasks) == 0 &&
this->queued_tasks->get_count(this->queued_tasks) > 0)
{
@@ -1145,7 +1183,8 @@ static status_t process_response(private_task_manager_t *this,
this->initiating.type = EXCHANGE_TYPE_UNDEFINED;
clear_packets(this->initiating.packets);
- if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0)
+ if (this->queued && !this->active_tasks->get_count(this->active_tasks) &&
+ this->queued->get_exchange_type(this->queued) == TRANSACTION)
{
queued = this->queued;
this->queued = NULL;
@@ -1240,6 +1279,29 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg)
return status;
}
+/**
+ * Queue the given message if possible
+ */
+static status_t queue_message(private_task_manager_t *this, message_t *msg)
+{
+ if (this->queued)
+ {
+ DBG1(DBG_IKE, "ignoring %N request, queue full",
+ exchange_type_names, msg->get_exchange_type(msg));
+ return FAILED;
+ }
+ this->queued = message_create_from_packet(msg->get_packet(msg));
+ if (this->queued->parse_header(this->queued) != SUCCESS)
+ {
+ this->queued->destroy(this->queued);
+ this->queued = NULL;
+ return FAILED;
+ }
+ DBG1(DBG_IKE, "queueing %N request as tasks still active",
+ exchange_type_names, msg->get_exchange_type(msg));
+ return SUCCESS;
+}
+
METHOD(task_manager_t, process_message, status_t,
private_task_manager_t *this, message_t *msg)
{
@@ -1340,25 +1402,29 @@ METHOD(task_manager_t, process_message, status_t,
}
}
- if (msg->get_exchange_type(msg) == TRANSACTION &&
- this->active_tasks->get_count(this->active_tasks))
- { /* main mode not yet complete, queue XAuth/Mode config tasks */
- if (this->queued)
+ /* drop XAuth/Mode Config/Quick Mode messages until we received the last
+ * Aggressive Mode message. since Informational messages are not
+ * retransmitted we queue them. */
+ if (have_aggressive_mode_task(this))
+ {
+ if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
{
- DBG1(DBG_IKE, "ignoring additional %N request, queue full",
- exchange_type_names, TRANSACTION);
- return SUCCESS;
+ return queue_message(this, msg);
}
- this->queued = message_create_from_packet(msg->get_packet(msg));
- if (this->queued->parse_header(this->queued) != SUCCESS)
+ else if (msg->get_exchange_type(msg) != AGGRESSIVE)
{
- this->queued->destroy(this->queued);
- this->queued = NULL;
+ DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
+ exchange_type_names, msg->get_exchange_type(msg));
return FAILED;
}
- DBG1(DBG_IKE, "queueing %N request as tasks still active",
- exchange_type_names, TRANSACTION);
- return SUCCESS;
+ }
+
+ /* queue XAuth/Mode Config messages unless the Main Mode exchange we
+ * initiated is complete */
+ if (msg->get_exchange_type(msg) == TRANSACTION &&
+ this->active_tasks->get_count(this->active_tasks))
+ {
+ return queue_message(this, msg);
}
msg->set_request(msg, TRUE);
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-17 21:21:29 +0000