receiver: Send a single INVALID_MAJOR_VERSION notify for IKE version > 2
authorMartin Willi <martin@revosec.ch>
Thu, 17 Jul 2014 07:32:22 +0000 (09:32 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 17 Jul 2014 07:35:49 +0000 (09:35 +0200)
We sent both a notify using IKEv1 and IKEv2. This is a little more aggressive
than required, RFC 5996 says we "SHOULD send an unauthenticated Notify
message of type INVALID_MAJOR_VERSION containing the highest (closest) version
number it supports".

Fixes #657.

src/libcharon/network/receiver.c

index a2a3b1f..5ce9471 100644 (file)
@@ -524,8 +524,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
 #ifdef USE_IKEV2
                        send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
                                                INVALID_MAJOR_VERSION, chunk_empty);
 #ifdef USE_IKEV2
                        send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
                                                INVALID_MAJOR_VERSION, chunk_empty);
-#endif /* USE_IKEV2 */
-#ifdef USE_IKEV1
+#elif defined(USE_IKEV1)
                        send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
                                                INVALID_MAJOR_VERSION, chunk_empty);
 #endif /* USE_IKEV1 */
                        send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
                                                INVALID_MAJOR_VERSION, chunk_empty);
 #endif /* USE_IKEV1 */
@@ -684,4 +683,3 @@ receiver_t *receiver_create()
 
        return &this->public;
 }
 
        return &this->public;
 }
-