Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:tbadm
strongswan
0005-ikev1-Don-t-retransmit-Aggressive-Mode-res...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch of Package strongswan
From 4e16732c1c668c27e73574724d2d90537a74f67a Mon Sep 17 00:00:00 2001 From: Tobias Brunner <tobias@strongswan.org> Date: Fri, 17 Jun 2016 18:19:48 +0200 Subject: [PATCH] ikev1: Don't retransmit Aggressive Mode response These could theoretically be used for an amplified DDoS attack. --- src/libcharon/sa/ikev1/task_manager_v1.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 48ec3e7..0912555 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -770,8 +770,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request) continue; case NEED_MORE: /* processed, but task needs another exchange */ - if (task->get_type(task) == TASK_QUICK_MODE || - task->get_type(task) == TASK_AGGRESSIVE_MODE) + if (task->get_type(task) == TASK_QUICK_MODE) { /* we rely on initiator retransmission, except for * three-message exchanges */ expect_request = TRUE; -- 2.13.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor