aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAtzm Watanabe <atzmism@gmail.com>2022-08-08 15:45:36 +0900
committerAtzm Watanabe <atzmism@gmail.com>2022-08-08 16:33:39 +0900
commit03aae9637922023dd77955cb15caafb7ce309200 (patch)
treef3f300413201565cd63d3e3d31f53694fbaf2f4c
parent389aae573fb4baba278c033cb019201e246942ab (diff)
ikev2: fix rekeying with multiple notify payloads
Type: fix Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: I065bd5c26055d863d786023970e7deeed261b31c
-rw-r--r--src/plugins/ikev2/ikev2.c13
-rw-r--r--test/test_ikev2.py9
2 files changed, 16 insertions, 6 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 84b62d2a11e..20be89e1aaf 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1367,7 +1367,6 @@ ikev2_process_create_child_sa_req (vlib_main_t * vm,
int p = 0;
u8 payload = ike->nextpayload;
u8 *plaintext = 0;
- u8 rekeying = 0;
ikev2_rekey_t *rekey;
ike_payload_header_t *ikep;
ikev2_notify_t *n = 0;
@@ -1410,11 +1409,15 @@ ikev2_process_create_child_sa_req (vlib_main_t * vm,
}
else if (payload == IKEV2_PAYLOAD_NOTIFY)
{
- n = ikev2_parse_notify_payload (ikep, current_length);
- if (n->msg_type == IKEV2_NOTIFY_MSG_REKEY_SA)
+ ikev2_notify_t *n0;
+ n0 = ikev2_parse_notify_payload (ikep, current_length);
+ if (n0->msg_type == IKEV2_NOTIFY_MSG_REKEY_SA)
{
- rekeying = 1;
+ vec_free (n);
+ n = n0;
}
+ else
+ vec_free (n0);
}
else if (payload == IKEV2_PAYLOAD_DELETE)
{
@@ -1478,7 +1481,7 @@ ikev2_process_create_child_sa_req (vlib_main_t * vm,
}
else
{
- if (rekeying)
+ if (n)
{
child_sa = ikev2_sa_get_child (sa, n->spi, n->protocol_id, 1);
if (!child_sa)
diff --git a/test/test_ikev2.py b/test/test_ikev2.py
index 5b699dd0d8d..ac77a4163a1 100644
--- a/test/test_ikev2.py
+++ b/test/test_ikev2.py
@@ -1391,7 +1391,14 @@ class TemplateResponder(IkePeer):
plain = (
ikev2.IKEv2_payload_Nonce(load=self.sa.i_nonce, next_payload="SA")
/ plain
- / ikev2.IKEv2_payload_Notify(type="REKEY_SA", proto="ESP", SPI=c.ispi)
+ / ikev2.IKEv2_payload_Notify(
+ type="REKEY_SA",
+ proto="ESP",
+ SPI=c.ispi,
+ length=8 + len(c.ispi),
+ next_payload="Notify",
+ )
+ / ikev2.IKEv2_payload_Notify(type="ESP_TFC_PADDING_NOT_SUPPORTED")
)
else:
first_payload = "IDi"