Map fragmented initial initial Main or Aggressive Mode messages to the same IKE_SA

diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 9627876..260da8b 100644 (file)
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -968,14 +968,30 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this)
 static bool get_init_hash(private_ike_sa_manager_t *this, message_t *message,
                                                  chunk_t *hash)
 {
+       host_t *src;
+
        if (!this->hasher)
        {       /* this might be the case when flush() has been called */
                return FALSE;
        }
+       if (message->get_first_payload_type(message) == FRAGMENT_V1)
+       {       /* only hash the source IP and SPI for fragmented init messages */
+               u_int64_t spi;
+
+               src = message->get_source(message);
+               if (!this->hasher->allocate_hash(this->hasher,
+                                                                                src->get_address(src), NULL))
+               {
+                       return FALSE;
+               }
+               spi = message->get_initiator_spi(message);
+               return this->hasher->allocate_hash(this->hasher,
+                                                                                  chunk_from_thing(spi), hash);
+       }
        if (message->get_exchange_type(message) == ID_PROT)
        {       /* include the source for Main Mode as the hash will be the same if
                 * SPIs are reused by two initiators that use the same proposal */
-               host_t *src = message->get_source(message);
+               src = message->get_source(message);
 
                if (!this->hasher->allocate_hash(this->hasher,
                                                                                 src->get_address(src), NULL))