Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
strongswan
0015-strongswan-5.3.3-ikev1-drop-transaction-qu...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0015-strongswan-5.3.3-ikev1-drop-transaction-quick-mode-requests.patch of Package strongswan
commit b0b0c9137d7bfd7afe54f64e49bc45d317a8e101 Author: Tobias Brunner <tobias@strongswan.org> Date: Mon Sep 28 17:30:36 2015 +0200 ikev1: Drop TRANSACTION/QUICK_MODE requests until we received the last AM message diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index e1747d2..1a6f868 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -935,6 +935,28 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid) } /** + * Check if we still have an aggressive mode task queued + */ +static bool have_aggressive_mode_task(private_task_manager_t *this) +{ + enumerator_t *enumerator; + task_t *task; + bool found = FALSE; + + enumerator = this->passive_tasks->create_enumerator(this->passive_tasks); + while (enumerator->enumerate(enumerator, &task)) + { + if (task->get_type(task) == TASK_AGGRESSIVE_MODE) + { + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + return found; +} + +/** * handle an incoming request message */ static status_t process_request(private_task_manager_t *this, @@ -1340,6 +1362,16 @@ METHOD(task_manager_t, process_message, status_t, } } + /* drop XAuth/Mode Config/Quick Mode messages until we received the last + * Aggressive Mode message */ + if (have_aggressive_mode_task(this) && + msg->get_exchange_type(msg) != AGGRESSIVE) + { + DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete", + exchange_type_names, msg->get_exchange_type(msg)); + return FAILED; + } + if (msg->get_exchange_type(msg) == TRANSACTION && this->active_tasks->get_count(this->active_tasks)) { /* main mode not yet complete, queue XAuth/Mode config tasks */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor