Accept non-encrypted INFORMATIONALs for ME connectivity checks
authorMartin Willi <martin@revosec.ch>
Tue, 1 Feb 2011 08:46:32 +0000 (09:46 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 1 Feb 2011 08:47:36 +0000 (09:47 +0100)
src/libcharon/encoding/message.c

index 860ef62..dbef340 100644 (file)
@@ -1249,6 +1249,31 @@ METHOD(message_t, parse_header, status_t,
 }
 
 /**
+ * Check if a payload is for a mediation extension connectivity check
+ */
+static bool is_connectivity_check(private_message_t *this, payload_t *payload)
+{
+#ifdef ME
+       if (this->exchange_type == INFORMATIONAL &&
+               payload->get_type(payload) == NOTIFY)
+       {
+               notify_payload_t *notify = (notify_payload_t*)payload;
+
+               switch (notify->get_notify_type(notify))
+               {
+                       case ME_CONNECTID:
+                       case ME_ENDPOINT:
+                       case ME_CONNECTAUTH:
+                               return TRUE;
+                       default:
+                               break;
+               }
+       }
+#endif /* !ME */
+       return FALSE;
+}
+
+/**
  * Decrypt payload from the encryption payload
  */
 static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
@@ -1319,7 +1344,8 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
                        }
                        encryption->destroy(encryption);
                }
-               if (payload_is_known(type) && !was_encrypted)
+               if (payload_is_known(type) && !was_encrypted &&
+                       !is_connectivity_check(this, payload))
                {
                        rule = get_payload_rule(this, type);
                        if (!rule || rule->encrypted)