sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-08 00:02:03 -04:00
Code Issues Projects Releases Wiki Activity

Move initial message dropping to task manager

Browse Source 
When the last request message of the initial tunnel setup is retransmitted,
we must retransmit the response instead of ignoring the request.

Fixes #295.
This commit is contained in:
Martin Willi 2013-02-25 11:42:50 +01:00
parent 9eaed7a5bb
commit cdf75a39e3
3 changed files with 27 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/libcharon/sa/ike_sa.c
View File

@ -1250,24 +1250,6 @@ METHOD(ike_sa_t, process_message, status_t,
{ /* do not handle messages in passive state */ { /* do not handle messages in passive state */
return FAILED; return FAILED;
} }
switch (message->get_exchange_type(message))
{
case ID_PROT:
case AGGRESSIVE:
case IKE_SA_INIT:
case IKE_AUTH:
if (this->state != IKE_CREATED &&
this->state != IKE_CONNECTING &&
message->get_first_payload_type(message) != FRAGMENT_V1)
{
DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
exchange_type_names, message->get_exchange_type(message));
return FAILED;
}
break;
default:
break;
}
if (message->get_major_version(message) != this->version) if (message->get_major_version(message) != this->version)
{ {
DBG1(DBG_IKE, "ignoring %N IKEv%u exchange on %N SA", DBG1(DBG_IKE, "ignoring %N IKEv%u exchange on %N SA",

16
src/libcharon/sa/ikev1/task_manager_v1.c
View File

@ -1471,6 +1471,21 @@ METHOD(task_manager_t, process_message, status_t,
charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg); charon->bus->alert(charon->bus, ALERT_RETRANSMIT_RECEIVE, msg);
return SUCCESS; return SUCCESS;
} }
/* reject Main/Agressive Modes once established */
if (msg->get_exchange_type(msg) == ID_PROT ||
msg->get_exchange_type(msg) == AGGRESSIVE)
{
if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING &&
msg->get_first_payload_type(msg) != FRAGMENT_V1)
{
DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
exchange_type_names, msg->get_exchange_type(msg));
return FAILED;
}
}
if (msg->get_exchange_type(msg) == TRANSACTION && if (msg->get_exchange_type(msg) == TRANSACTION &&
this->active_tasks->get_count(this->active_tasks)) this->active_tasks->get_count(this->active_tasks))
{ /* main mode not yet complete, queue XAuth/Mode config tasks */ { /* main mode not yet complete, queue XAuth/Mode config tasks */
@ -2030,4 +2045,3 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa)
return &this->public; return &this->public;
} }

12
src/libcharon/sa/ikev2/task_manager_v2.c
View File

@ -1123,6 +1123,18 @@ METHOD(task_manager_t, process_message, status_t,
{ {
if (mid == this->responding.mid) if (mid == this->responding.mid)
{ {
/* reject initial messages once established */
if (msg->get_exchange_type(msg) == IKE_SA_INIT ||
msg->get_exchange_type(msg) == IKE_AUTH)
{
if (this->ike_sa->get_state(this->ike_sa) != IKE_CREATED &&
this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
{
DBG1(DBG_IKE, "ignoring %N in established IKE_SA state",
exchange_type_names, msg->get_exchange_type(msg));
return FAILED;
}
}
if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED || if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING || this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
msg->get_exchange_type(msg) != IKE_SA_INIT) msg->get_exchange_type(msg) != IKE_SA_INIT)