Do not update hosts based on retransmitted messages.
authorTobias Brunner <tobias@strongswan.org>
Tue, 7 Sep 2010 09:52:16 +0000 (11:52 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 12 Oct 2010 09:11:04 +0000 (11:11 +0200)
src/libcharon/sa/ike_sa.c
src/libcharon/sa/task_manager.c

index a5dd199..998095f 100644 (file)
@@ -1239,15 +1239,12 @@ METHOD(ike_sa_t, process_message, status_t,
        }
        else
        {
-               host_t *me, *other;
-
-               me = message->get_destination(message);
-               other = message->get_source(message);
-
                /* if this IKE_SA is virgin, we check for a config */
                if (this->ike_cfg == NULL)
                {
                        job_t *job;
+                       host_t *me = message->get_destination(message),
+                                  *other = message->get_source(message);
                        this->ike_cfg = charon->backends->get_ike_cfg(charon->backends,
                                                                                                                  me, other);
                        if (this->ike_cfg == NULL)
@@ -1264,16 +1261,8 @@ METHOD(ike_sa_t, process_message, status_t,
                                                                                 HALF_OPEN_IKE_SA_TIMEOUT);
                }
                this->stats[STAT_INBOUND] = time_monotonic(NULL);
-               /* check if message is trustworthy, and update host information */
-               if (this->state == IKE_CREATED || this->state == IKE_CONNECTING ||
-                       message->get_exchange_type(message) != IKE_SA_INIT)
-               {
-                       if (!supports_extension(this, EXT_MOBIKE))
-                       {       /* with MOBIKE, we do no implicit updates */
-                               update_hosts(this, me, other);
-                       }
-               }
-               status = this->task_manager->process_message(this->task_manager, message);
+               status = this->task_manager->process_message(this->task_manager,
+                                                                                                        message);
                if (message->get_exchange_type(message) == IKE_AUTH &&
                        this->state == IKE_ESTABLISHED &&
                        lib->settings->get_bool(lib->settings,
index a725884..18703ce 100644 (file)
@@ -883,11 +883,21 @@ METHOD(task_manager_t, process_message, status_t,
        private_task_manager_t *this, message_t *msg)
 {
        u_int32_t mid = msg->get_message_id(msg);
+       host_t *me = msg->get_destination(msg), *other = msg->get_source(msg);
 
        if (msg->get_request(msg))
        {
                if (mid == this->responding.mid)
                {
+                       if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
+                               this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
+                               msg->get_exchange_type(msg) != IKE_SA_INIT)
+                       {       /* only do host updates based on verified messages */
+                               if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
+                               {       /* with MOBIKE, we do no implicit updates */
+                                       this->ike_sa->update_hosts(this->ike_sa, me, other);
+                               }
+                       }
                        charon->bus->message(charon->bus, msg, TRUE);
                        if (process_request(this, msg) != SUCCESS)
                        {
@@ -920,6 +930,15 @@ METHOD(task_manager_t, process_message, status_t,
        {
                if (mid == this->initiating.mid)
                {
+                       if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
+                               this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING ||
+                               msg->get_exchange_type(msg) != IKE_SA_INIT)
+                       {       /* only do host updates based on verified messages */
+                               if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
+                               {       /* with MOBIKE, we do no implicit updates */
+                                       this->ike_sa->update_hosts(this->ike_sa, me, other);
+                               }
+                       }
                        charon->bus->message(charon->bus, msg, TRUE);
                        if (process_response(this, msg) != SUCCESS)
                        {