ikev1: Queue INFORMATIONAL request if AM is not complete yet
authorTobias Brunner <tobias@strongswan.org>
Mon, 28 Sep 2015 15:37:42 +0000 (17:37 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 30 Oct 2015 09:30:30 +0000 (10:30 +0100)
src/libcharon/sa/ikev1/task_manager_v1.c

index a027b74..5b0438f 100644 (file)
@@ -1387,13 +1387,20 @@ METHOD(task_manager_t, process_message, status_t,
                }
 
                /* drop XAuth/Mode Config/Quick Mode messages until we received the last
-                * Aggressive Mode message */
-               if (have_aggressive_mode_task(this) &&
-                       msg->get_exchange_type(msg) != AGGRESSIVE)
+                * Aggressive Mode message.  since Informational messages are not
+                * retransmitted we queue them. */
+               if (have_aggressive_mode_task(this))
                {
-                       DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
-                                exchange_type_names, msg->get_exchange_type(msg));
-                       return FAILED;
+                       if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
+                       {
+                               return queue_message(this, msg);
+                       }
+                       else if (msg->get_exchange_type(msg) != AGGRESSIVE)
+                       {
+                               DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
+                                        exchange_type_names, msg->get_exchange_type(msg));
+                               return FAILED;
+                       }
                }
 
                /* queue XAuth/Mode Config messages unless the Main Mode exchange we