Avoid returning COOKIEs right after system boot
authorTobias Brunner <tobias@strongswan.org>
Thu, 31 Jan 2013 17:42:26 +0000 (18:42 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Mar 2013 15:19:11 +0000 (16:19 +0100)
When the monotonic timer is initialized to 0 right after the system is
booted the daemon responded with COOKIES for COOKIE_CALMDOWN_DELAY (10s).

Since the COOKIE verification code actually produces an overflow for
COOKIE_LIFETIME (10s) it wouldn't even accept properly returned COOKIEs.

Checking for last_cookie makes sense anyway as that condition must only
apply if we actually sent a COOKIE before.

src/libcharon/network/receiver.c

index f683cf8..6b2c2bf 100644 (file)
@@ -296,7 +296,7 @@ static bool cookie_required(private_receiver_t *this,
                this->last_cookie = now;
                return TRUE;
        }
-       if (now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
+       if (this->last_cookie && now < this->last_cookie + COOKIE_CALMDOWN_DELAY)
        {
                /* We don't disable cookies unless we haven't seen IKE_SA_INITs
                 * for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between