receiver: Send a single INVALID_MAJOR_VERSION notify for IKE version > 2

We sent both a notify using IKEv1 and IKEv2. This is a little more aggressive
than required, RFC 5996 says we "SHOULD send an unauthenticated Notify
message of type INVALID_MAJOR_VERSION containing the highest (closest) version
number it supports".

Fixes #657.

diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index a2a3b1f..5ce9471 100644 (file)
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -524,8 +524,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
 #ifdef USE_IKEV2
                        send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
                                                INVALID_MAJOR_VERSION, chunk_empty);
 #ifdef USE_IKEV2
                        send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
                                                INVALID_MAJOR_VERSION, chunk_empty);

-#endif /* USE_IKEV2 */
-#ifdef USE_IKEV1
+#elif defined(USE_IKEV1)

                        send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
                                                INVALID_MAJOR_VERSION, chunk_empty);
 #endif /* USE_IKEV1 */
                        send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
                                                INVALID_MAJOR_VERSION, chunk_empty);
 #endif /* USE_IKEV1 */


@@ -684,4 +683,3 @@ receiver_t *receiver_create()
 
        return &this->public;
 }
 
        return &this->public;
 }

-