ikev2: Destroy IKE_SA when receiving invalid authenticated requests
authorTobias Brunner <tobias@strongswan.org>
Mon, 25 Nov 2019 13:43:36 +0000 (14:43 +0100)
committerTobias Brunner <tobias@strongswan.org>
Mon, 9 Dec 2019 11:26:54 +0000 (12:26 +0100)
commit10e0faf477edc8064b11471fd94deef2f49167c4
tree47315a7aab13149bc1f02a778bc87ef9f858b994
parent51ac22579d882dfa45cbf1b4aa3fb38809b65555
ikev2: Destroy IKE_SA when receiving invalid authenticated requests

RFC 7296, section 2.21.3:

   If a peer parsing a request notices that it is badly formatted (after
   it has passed the message authentication code checks and window
   checks) and it returns an INVALID_SYNTAX notification, then this
   error notification is considered fatal in both peers, meaning that
   the IKE SA is deleted without needing an explicit Delete payload.
src/libcharon/sa/ikev2/task_manager_v2.c