diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-02-07 13:27:27 +0100 |
| commit | 7585facf05d927eb6df3929ce09ed5e60d905437 (patch) | |
| tree | e4d14b4dc180db20356b6b01ce0112f3a2d7897e /src/libcharon/encoding/message.c | |
| parent | c1343b3278cdf99533b7902744d15969f9d6fdc1 (diff) | |
| download | vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.tar.gz vyos-strongswan-7585facf05d927eb6df3929ce09ed5e60d905437.zip | |
Imported Upstream version 5.0.2
Diffstat (limited to 'src/libcharon/encoding/message.c')
| -rw-r--r-- | src/libcharon/encoding/message.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index d3b72ea95..28fdda735 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -57,7 +57,7 @@ /** * Max number of certificate request payloads per IKEv1 message */ -#define MAX_CERTREQ_PAYLOADS 5 +#define MAX_CERTREQ_PAYLOADS 20 /** * Max number of NAT-D payloads per IKEv1 message @@ -437,10 +437,12 @@ static payload_rule_t id_prot_i_rules[] = { {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {ID_V1, 0, 1, TRUE, FALSE}, {CERTIFICATE_V1, 0, 2, TRUE, FALSE}, {SIGNATURE_V1, 0, 1, TRUE, FALSE}, {HASH_V1, 0, 1, TRUE, FALSE}, + {FRAGMENT_V1, 0, 1, FALSE, TRUE}, }; /** @@ -459,6 +461,8 @@ static payload_order_t id_prot_i_order[] = { {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, {NAT_D_V1, 0}, + {NAT_D_DRAFT_00_03_V1, 0}, + {FRAGMENT_V1, 0}, }; /** @@ -473,10 +477,12 @@ static payload_rule_t id_prot_r_rules[] = { {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {ID_V1, 0, 1, TRUE, FALSE}, {CERTIFICATE_V1, 0, 2, TRUE, FALSE}, {SIGNATURE_V1, 0, 1, TRUE, FALSE}, {HASH_V1, 0, 1, TRUE, FALSE}, + {FRAGMENT_V1, 0, 1, FALSE, TRUE}, }; /** @@ -495,6 +501,8 @@ static payload_order_t id_prot_r_order[] = { {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, {NAT_D_V1, 0}, + {NAT_D_DRAFT_00_03_V1, 0}, + {FRAGMENT_V1, 0}, }; /** @@ -509,10 +517,12 @@ static payload_rule_t aggressive_i_rules[] = { {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {ID_V1, 0, 1, FALSE, FALSE}, {CERTIFICATE_V1, 0, 1, TRUE, FALSE}, {SIGNATURE_V1, 0, 1, TRUE, FALSE}, {HASH_V1, 0, 1, TRUE, FALSE}, + {FRAGMENT_V1, 0, 1, FALSE, TRUE}, }; /** @@ -526,11 +536,13 @@ static payload_order_t aggressive_i_order[] = { {ID_V1, 0}, {CERTIFICATE_V1, 0}, {NAT_D_V1, 0}, + {NAT_D_DRAFT_00_03_V1, 0}, {SIGNATURE_V1, 0}, {HASH_V1, 0}, {CERTIFICATE_REQUEST_V1, 0}, {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, + {FRAGMENT_V1, 0}, }; /** @@ -545,10 +557,12 @@ static payload_rule_t aggressive_r_rules[] = { {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, + {NAT_D_DRAFT_00_03_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {ID_V1, 0, 1, FALSE, FALSE}, {CERTIFICATE_V1, 0, 1, FALSE, FALSE}, {SIGNATURE_V1, 0, 1, FALSE, FALSE}, {HASH_V1, 0, 1, FALSE, FALSE}, + {FRAGMENT_V1, 0, 1, FALSE, TRUE}, }; /** @@ -562,11 +576,13 @@ static payload_order_t aggressive_r_order[] = { {ID_V1, 0}, {CERTIFICATE_V1, 0}, {NAT_D_V1, 0}, + {NAT_D_DRAFT_00_03_V1, 0}, {SIGNATURE_V1, 0}, {HASH_V1, 0}, {CERTIFICATE_REQUEST_V1, 0}, {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, + {FRAGMENT_V1, 0}, }; /** @@ -624,6 +640,7 @@ static payload_rule_t quick_mode_i_rules[] = { {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE}, {ID_V1, 0, 2, TRUE, FALSE}, {NAT_OA_V1, 0, 2, TRUE, FALSE}, + {NAT_OA_DRAFT_00_03_V1, 0, 2, TRUE, FALSE}, }; /** @@ -639,6 +656,7 @@ static payload_order_t quick_mode_i_order[] = { {KEY_EXCHANGE_V1, 0}, {ID_V1, 0}, {NAT_OA_V1, 0}, + {NAT_OA_DRAFT_00_03_V1, 0}, }; /** @@ -654,6 +672,7 @@ static payload_rule_t quick_mode_r_rules[] = { {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE}, {ID_V1, 0, 2, TRUE, FALSE}, {NAT_OA_V1, 0, 2, TRUE, FALSE}, + {NAT_OA_DRAFT_00_03_V1, 0, 2, TRUE, FALSE}, }; /** @@ -669,6 +688,7 @@ static payload_order_t quick_mode_r_order[] = { {KEY_EXCHANGE_V1, 0}, {ID_V1, 0}, {NAT_OA_V1, 0}, + {NAT_OA_DRAFT_00_03_V1, 0}, }; /** @@ -1681,6 +1701,12 @@ METHOD(message_t, parse_header, status_t, } this->first_payload = ike_header->payload_interface.get_next_type( &ike_header->payload_interface); + if (this->first_payload == FRAGMENT_V1 && this->is_encrypted) + { /* racoon sets the encryted bit when sending a fragment, but these + * messages are really not encrypted */ + this->is_encrypted = FALSE; + } + for (i = 0; i < countof(this->reserved); i++) { reserved = payload_get_field(&ike_header->payload_interface, |