summaryrefslogtreecommitdiff
path: root/src/libcharon/sa/ikev1/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon/sa/ikev1/tasks')
-rw-r--r--src/libcharon/sa/ikev1/tasks/isakmp_vendor.c3
-rw-r--r--src/libcharon/sa/ikev1/tasks/quick_mode.c40
2 files changed, 29 insertions, 14 deletions
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index f28b83e8a..dc86fc504 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -102,6 +102,7 @@ static struct {
{ "DPD", EXT_DPD, TRUE, 16,
"\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00"},
+ /* CISCO-UNITY, similar to DPD the last two bytes indicate the version */
{ "Cisco Unity", EXT_CISCO_UNITY, FALSE, 16,
"\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"},
@@ -190,6 +191,8 @@ static bool is_known_vid(chunk_t data, int i)
break;
case EXT_MS_WINDOWS:
return data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16);
+ case EXT_CISCO_UNITY:
+ return data.len == 16 && memeq(data.ptr, vendor_ids[i].id, 14);
default:
return chunk_equals(data, chunk_create(vendor_ids[i].id,
vendor_ids[i].len));
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index bbd1cb09f..6b896416a 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -348,10 +348,6 @@ static bool install(private_quick_mode_t *this)
this->initiator, FALSE, FALSE, tsr, tsi);
}
}
- chunk_clear(&integ_i);
- chunk_clear(&integ_r);
- chunk_clear(&encr_i);
- chunk_clear(&encr_r);
if (status_i != SUCCESS || status_o != SUCCESS)
{
@@ -361,22 +357,38 @@ static bool install(private_quick_mode_t *this)
(status_o != SUCCESS) ? "outbound " : "");
tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
- return FALSE;
- }
-
- if (this->initiator)
- {
- status = this->child_sa->add_policies(this->child_sa, tsi, tsr);
+ status = FAILED;
}
else
{
- status = this->child_sa->add_policies(this->child_sa, tsr, tsi);
+ if (this->initiator)
+ {
+ status = this->child_sa->add_policies(this->child_sa, tsi, tsr);
+ }
+ else
+ {
+ status = this->child_sa->add_policies(this->child_sa, tsr, tsi);
+ }
+ tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
+ tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
+ if (status != SUCCESS)
+ {
+ DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
+ }
+ else
+ {
+ charon->bus->child_derived_keys(charon->bus, this->child_sa,
+ this->initiator, encr_i, encr_r,
+ integ_i, integ_r);
+ }
}
- tsi->destroy_offset(tsi, offsetof(traffic_selector_t, destroy));
- tsr->destroy_offset(tsr, offsetof(traffic_selector_t, destroy));
+ chunk_clear(&integ_i);
+ chunk_clear(&integ_r);
+ chunk_clear(&encr_i);
+ chunk_clear(&encr_r);
+
if (status != SUCCESS)
{
- DBG1(DBG_IKE, "unable to install IPsec policies (SPD) in kernel");
return FALSE;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:03:19 +0000