Block XAuth transaction on established IKE_SAs, but allow Mode Config
authorMartin Willi <martin@revosec.ch>
Fri, 3 Aug 2012 11:07:19 +0000 (13:07 +0200)
committerMartin Willi <martin@revosec.ch>
Fri, 3 Aug 2012 11:07:57 +0000 (13:07 +0200)
src/libcharon/sa/ike_sa.c
src/libcharon/sa/ikev1/task_manager_v1.c

index 7f5accc..0a7c52a 100644 (file)
@@ -1209,7 +1209,6 @@ METHOD(ike_sa_t, process_message, status_t,
        {
                case ID_PROT:
                case AGGRESSIVE:
-               case TRANSACTION:
                case IKE_SA_INIT:
                case IKE_AUTH:
                        if (this->state != IKE_CREATED &&
index 0e88c9e..d71f540 100644 (file)
@@ -879,7 +879,7 @@ static status_t process_request(private_task_manager_t *this,
                                }
                                break;
                        case TRANSACTION:
-                               if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
+                               if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
                                {
                                        task = (task_t *)mode_config_create(this->ike_sa, FALSE);
                                }