From b443fa61231357a4c09f0bfed22be05727427cda Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 21 Feb 2013 11:45:24 +0100
Subject: Don't reject OPAQUE ports while verifying traffic selector
 substructure

---
 src/libcharon/encoding/payloads/traffic_selector_substructure.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/libcharon/encoding/payloads/traffic_selector_substructure.c')

diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
index 15f791b95..334823db9 100644
--- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c
+++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c
@@ -114,7 +114,11 @@ METHOD(payload_t, verify, status_t,
 {
 	if (this->start_port > this->end_port)
 	{
-		return FAILED;
+		/* OPAQUE ports are the only exception */
+		if (this->start_port != 0xffff && this->end_port != 0)
+		{
+			return FAILED;
+		}
 	}
 	switch (this->ts_type)
 	{
-- 
cgit v1.2.3