- added support for empty traffic selectors and empty sa payload in
IKE_AUTH request and reply
This commit is contained in:
parent
1d24f8fd03
commit
f4d8999cc1
|
@ -292,20 +292,22 @@ static void load_default_config (private_configuration_manager_t *this)
|
|||
proposals[0].integrity_algorithm_key_length = 16;
|
||||
proposals[0].pseudo_random_function = PRF_HMAC_MD5;
|
||||
proposals[0].pseudo_random_function_key_length = 16;
|
||||
proposals[0].diffie_hellman_group = MODP_1024_BIT;
|
||||
proposals[0].diffie_hellman_group = MODP_768_BIT;
|
||||
|
||||
proposals[1] = proposals[0];
|
||||
proposals[1].integrity_algorithm = AUTH_HMAC_SHA1_96;
|
||||
proposals[1].integrity_algorithm_key_length = 20;
|
||||
proposals[1].pseudo_random_function = PRF_HMAC_SHA1;
|
||||
proposals[1].pseudo_random_function_key_length = 20;
|
||||
proposals[1].diffie_hellman_group = MODP_1024_BIT;
|
||||
|
||||
init_config1->add_proposal(init_config1,1,proposals[0]);
|
||||
init_config1->add_proposal(init_config1,1,proposals[1]);
|
||||
init_config2->add_proposal(init_config2,1,proposals[0]);
|
||||
init_config1->add_proposal(init_config1,1,proposals[0]);
|
||||
init_config2->add_proposal(init_config2,1,proposals[1]);
|
||||
init_config3->add_proposal(init_config3,1,proposals[0]);
|
||||
init_config2->add_proposal(init_config2,1,proposals[0]);
|
||||
init_config3->add_proposal(init_config3,1,proposals[1]);
|
||||
init_config3->add_proposal(init_config3,1,proposals[0]);
|
||||
|
||||
|
||||
sa_config1 = sa_config_create(ID_IPV4_ADDR, "152.96.193.130",
|
||||
ID_IPV4_ADDR, "152.96.193.131",
|
||||
|
|
|
@ -128,7 +128,7 @@ encoding_rule_t ts_payload_encodings[] = {
|
|||
static status_t verify(private_ts_payload_t *this)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
status_t status = FAILED;
|
||||
status_t status = SUCCESS;
|
||||
|
||||
if (this->critical)
|
||||
{
|
||||
|
@ -340,7 +340,7 @@ ts_payload_t *ts_payload_create(bool is_initiator)
|
|||
this->next_payload = NO_PAYLOAD;
|
||||
this->payload_length =TS_PAYLOAD_HEADER_LENGTH;
|
||||
this->is_initiator = is_initiator;
|
||||
this->number_of_traffic_selectors=0;
|
||||
this->number_of_traffic_selectors = 0;
|
||||
this->traffic_selectors = linked_list_create();
|
||||
|
||||
return &(this->public);
|
||||
|
|
|
@ -407,8 +407,7 @@ static status_t process_ts_payload(private_ike_auth_requested_t *this, bool ts_i
|
|||
/* check if the responder selected valid proposals */
|
||||
if (ts_selected_count != ts_received_count)
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors. Deleting IKE_SA");
|
||||
status = DELETE_ME;
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUTH reply contained not offered traffic selectors.");
|
||||
}
|
||||
|
||||
/* cleanup */
|
||||
|
|
|
@ -414,9 +414,13 @@ static status_t build_sa_payload(private_ike_sa_init_responded_t *this, sa_paylo
|
|||
}
|
||||
else
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Deleting IKE_SA");
|
||||
this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
|
||||
status = DELETE_ME;
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any proposals. Don't create CHILD_SA.");
|
||||
/* this->ike_sa->send_notify(this->ike_sa, IKE_AUTH, NO_PROPOSAL_CHOSEN, CHUNK_INITIALIZER);
|
||||
status = DELETE_ME; */
|
||||
sa_response = sa_payload_create();
|
||||
response->add_payload(response, (payload_t*)sa_response);
|
||||
|
||||
status = SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
@ -484,7 +488,9 @@ static status_t build_ts_payload(private_ike_sa_init_responded_t *this, bool ts_
|
|||
}
|
||||
if(ts_selected_count == 0)
|
||||
{
|
||||
status = DELETE_ME;
|
||||
this->logger->log(this->logger, AUDIT, "IKE_AUH request did not contain any traffic selectors.");
|
||||
ts_response = ts_payload_create(ts_initiator);
|
||||
response->add_payload(response, (payload_t*)ts_response);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue