ike: Make check for known payloads depend on IKE version
authorTobias Brunner <tobias@strongswan.org>
Tue, 21 Oct 2014 09:22:51 +0000 (11:22 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 5 Dec 2014 14:41:46 +0000 (15:41 +0100)
src/libcharon/encoding/message.c
src/libcharon/encoding/payloads/payload.c
src/libcharon/encoding/payloads/payload.h
src/libcharon/sa/ikev2/task_manager_v2.c

index fd47653..ba71238 100644 (file)
@@ -2475,7 +2475,7 @@ static status_t decrypt_payloads(private_message_t *this, keymat_t *keymat)
                        was_encrypted = "encrypted fragment payload";
                }
 
-               if (payload_is_known(type) && !was_encrypted &&
+               if (payload_is_known(type, this->major_version) && !was_encrypted &&
                        !is_connectivity_check(this, payload) &&
                        this->exchange_type != AGGRESSIVE)
                {
index 600b6dd..cd014fd 100644 (file)
@@ -266,37 +266,51 @@ payload_t *payload_create(payload_type_t type)
 /**
  * See header.
  */
-bool payload_is_known(payload_type_t type)
+bool payload_is_known(payload_type_t type, u_int8_t maj_ver)
 {
        if (type == PL_HEADER)
        {
                return TRUE;
        }
-       if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION)
+       switch (maj_ver)
        {
-               return TRUE;
-       }
-       if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA)
-       {
-               return TRUE;
-       }
-       if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP)
-       {
-               return TRUE;
-       }
-       if (type == PLV2_FRAGMENT)
-       {
-               return TRUE;
-       }
+               case 0:
+               case IKEV1_MAJOR_VERSION:
+                       if (type >= PLV1_SECURITY_ASSOCIATION && type <= PLV1_CONFIGURATION)
+                       {
+                               return TRUE;
+                       }
+                       if (type >= PLV1_NAT_D && type <= PLV1_NAT_OA)
+                       {
+                               return TRUE;
+                       }
+                       if (type >= PLV1_NAT_D_DRAFT_00_03 && type <= PLV1_FRAGMENT)
+                       {
+                               return TRUE;
+                       }
+                       if (maj_ver)
+                       {
+                               break;
+                       }
+                       /* fall-through */
+               case IKEV2_MAJOR_VERSION:
+                       if (type >= PLV2_SECURITY_ASSOCIATION && type <= PLV2_EAP)
+                       {
+                               return TRUE;
+                       }
+                       if (type == PLV2_FRAGMENT)
+                       {
+                               return TRUE;
+                       }
 #ifdef ME
-       if (type == PLV2_ID_PEER)
-       {
-               return TRUE;
-       }
+                       if (type == PLV2_ID_PEER)
+                       {
+                               return TRUE;
+                       }
 #endif
-       if (type >= PLV1_NAT_D_DRAFT_00_03 && type <= PLV1_FRAGMENT)
-       {
-               return TRUE;
+                       break;
+               default:
+                       break;
        }
        return FALSE;
 }
index 036cd42..920779b 100644 (file)
@@ -405,9 +405,10 @@ payload_t *payload_create(payload_type_t type);
  * Check if a specific payload is implemented, or handled as unknown payload.
  *
  * @param type         type of the payload to check
+ * @param maj_ver      major IKE version (use 0 to skip version check)
  * @return                     FALSE if payload type handled as unknown payload
  */
-bool payload_is_known(payload_type_t type);
+bool payload_is_known(payload_type_t type, u_int8_t maj_ver);
 
 /**
  * Get the value field in a payload using encoding rules.
index eb7df35..e9a677a 100644 (file)
@@ -1170,7 +1170,7 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg)
                {
                        unknown = (unknown_payload_t*)payload;
                        type = payload->get_type(payload);
-                       if (!payload_is_known(type) &&
+                       if (!payload_is_known(type, msg->get_major_version(msg)) &&
                                unknown->is_critical(unknown))
                        {
                                DBG1(DBG_ENC, "payload type %N is not supported, "