Use a dedicated message hash to detect IKEv1 retransmissions
authorMartin Willi <martin@revosec.ch>
Wed, 23 Nov 2011 12:56:51 +0000 (13:56 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:30:50 +0000 (17:30 +0100)
src/libcharon/sa/task_manager_v1.c

index 8bec310..c415b4e 100644 (file)
@@ -70,6 +70,11 @@ struct private_task_manager_t {
                u_int32_t mid;
 
                /**
+                * Hash of a previously received message
+                */
+               u_int32_t hash;
+
+               /**
                 * packet for retransmission
                 */
                packet_t *packet;
@@ -86,6 +91,11 @@ struct private_task_manager_t {
                u_int32_t mid;
 
                /**
+                * Hash of a previously received message
+                */
+               u_int32_t hash;
+
+               /**
                 * how many times we have retransmitted so far
                 */
                u_int retransmitted;
@@ -577,7 +587,6 @@ METHOD(task_manager_t, process_message, status_t,
        host_t *me, *other;
 
        mid = msg->get_message_id(msg);
-       hash = chunk_hash(msg->get_packet_data(msg));
 
        /* TODO-IKEv1: update hosts more selectively */
        me = msg->get_destination(msg);
@@ -597,8 +606,8 @@ METHOD(task_manager_t, process_message, status_t,
        }
        else
        {
-               if ((mid && mid == this->responding.mid) ||
-                       hash == this->responding.mid)
+               hash = chunk_hash(msg->get_packet_data(msg));
+               if (hash == this->responding.hash)
                {
                        DBG1(DBG_IKE, "received retransmit of request with ID %d, "
                                 "retransmitting response", mid);
@@ -614,11 +623,8 @@ METHOD(task_manager_t, process_message, status_t,
                        return DESTROY_ME;
                }
 
-               if (!mid)
-               {
-                       mid = hash;
-               }
                this->responding.mid = mid;
+               this->responding.hash = hash;
        }
        return SUCCESS;
 }