From 1c8dfa30d01875f1df43aff6db75f3e188829b4f Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 28 Sep 2015 17:37:42 +0200
Subject: ikev1: Queue INFORMATIONAL request if AM is not complete yet

---
 src/libcharon/sa/ikev1/task_manager_v1.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index a027b749e..5b0438ffa 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1387,13 +1387,20 @@ METHOD(task_manager_t, process_message, status_t,
 		}
 
 		/* drop XAuth/Mode Config/Quick Mode messages until we received the last
-		 * Aggressive Mode message */
-		if (have_aggressive_mode_task(this) &&
-			msg->get_exchange_type(msg) != AGGRESSIVE)
+		 * Aggressive Mode message.  since Informational messages are not
+		 * retransmitted we queue them. */
+		if (have_aggressive_mode_task(this))
 		{
-			DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
-				 exchange_type_names, msg->get_exchange_type(msg));
-			return FAILED;
+			if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
+			{
+				return queue_message(this, msg);
+			}
+			else if (msg->get_exchange_type(msg) != AGGRESSIVE)
+			{
+				DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
+					 exchange_type_names, msg->get_exchange_type(msg));
+				return FAILED;
+			}
 		}
 
 		/* queue XAuth/Mode Config messages unless the Main Mode exchange we
-- 
cgit v1.2.3