ikev2: Compare initiator flag again, partially reverts 17ec1c74de
authorTobias Brunner <tobias@strongswan.org>
Wed, 19 Aug 2015 14:47:45 +0000 (16:47 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 20 Aug 2015 14:58:09 +0000 (16:58 +0200)
We should ignore messages that have the flag set incorrectly.
This restores RFC compliance which was broken since the mentioned commit.

src/libcharon/sa/ike_sa_id.c
src/libcharon/sa/ike_sa_manager.c

index 0f0f1ab..e520864 100644 (file)
@@ -18,7 +18,7 @@
 #include "ike_sa_id.h"
 
 #include <stdio.h>
-
+#include <encoding/payloads/ike_header.h>
 
 typedef struct private_ike_sa_id_t private_ike_sa_id_t;
 
@@ -90,6 +90,8 @@ METHOD(ike_sa_id_t, equals, bool,
                return FALSE;
        }
        return this->ike_version == other->ike_version &&
+                  (this->ike_version == IKEV1_MAJOR_VERSION ||
+                       this->is_initiator_flag == other->is_initiator_flag) &&
                   this->initiator_spi == other->initiator_spi &&
                   this->responder_spi == other->responder_spi;
 }
index 987260d..3e6496d 100644 (file)
@@ -157,6 +157,8 @@ static bool entry_match_by_id(entry_t *entry, ike_sa_id_t *id)
        }
        if ((id->get_responder_spi(id) == 0 ||
                 entry->ike_sa_id->get_responder_spi(entry->ike_sa_id) == 0) &&
+               (id->get_ike_version(id) == IKEV1_MAJOR_VERSION ||
+                id->is_initiator(id) == entry->ike_sa_id->is_initiator(entry->ike_sa_id)) &&
                id->get_initiator_spi(id) == entry->ike_sa_id->get_initiator_spi(entry->ike_sa_id))
        {
                /* this is TRUE for IKE_SAs that we initiated but have not yet received a response */