diff options
author | Filip Tehlar <ftehlar@cisco.com> | 2020-10-31 02:17:16 +0000 |
---|---|---|
committer | Beno�t Ganne <bganne@cisco.com> | 2020-11-09 10:05:21 +0000 |
commit | f6b02e0d0bfd7e0f1d79e8ee426f48ca37ae5ff3 (patch) | |
tree | 8102e8afb08a5bb1e8babfc07b0b6679f592d874 | |
parent | 67b8a7fa76d8ec2d73f1b2380e11bf8e2793448e (diff) |
ikev2: fix msg IDs generation
Type: fix
Change-Id: Id922895c269f0d2450e55fcb6871b6857f443462
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
-rw-r--r-- | src/plugins/ikev2/ikev2.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c index a2e4247275b..b4af9caacef 100644 --- a/src/plugins/ikev2/ikev2.c +++ b/src/plugins/ikev2/ikev2.c @@ -435,6 +435,7 @@ ikev2_complete_sa_data (ikev2_sa_t * sa, ikev2_sa_t * sai) sa->i_auth.data = _(sai->i_auth.data); sa->i_auth.key = _(sai->i_auth.key); sa->last_sa_init_req_packet_data = _(sai->last_sa_init_req_packet_data); + sa->last_init_msg_id = sai->last_init_msg_id; sa->childs = _(sai->childs); sa->udp_encap = sai->udp_encap; sa->ipsec_over_udp_port = sai->ipsec_over_udp_port; @@ -1408,7 +1409,8 @@ ikev2_process_create_child_sa_req (vlib_main_t * vm, p += plen; } - if (sa->is_initiator && proposal->protocol_id == IKEV2_PROTOCOL_ESP) + if (sa->is_initiator && proposal + && proposal->protocol_id == IKEV2_PROTOCOL_ESP) { ikev2_rekey_t *rekey = &sa->rekey[0]; rekey->protocol_id = proposal->protocol_id; @@ -2463,11 +2465,6 @@ ikev2_generate_message (vlib_buffer_t * b, ikev2_sa_t * sa, if (sa->is_initiator) ike->flags |= IKEV2_HDR_FLAG_INITIATOR; - if (ike_hdr_is_request (ike)) - { - sa->last_init_msg_id = clib_net_to_host_u32 (ike->msgid); - } - if (ike->exchange == IKEV2_EXCHANGE_SA_INIT) { tlen += vec_len (chain->data); @@ -2961,6 +2958,9 @@ ikev2_node_internal (vlib_main_t * vm, ikev2_calc_keys (sa0); ikev2_sa_auth_init (sa0); ike0->flags = IKEV2_HDR_FLAG_INITIATOR; + ike0->msgid = + clib_net_to_host_u32 (sai->last_init_msg_id); + sa0->last_init_msg_id = sai->last_init_msg_id + 1; slen = ikev2_generate_message (b0, sa0, ike0, 0, udp0); if (~0 == slen) @@ -3033,6 +3033,7 @@ ikev2_node_internal (vlib_main_t * vm, } else { + ike0->flags = IKEV2_HDR_FLAG_RESPONSE; slen = ikev2_generate_message (b0, sa0, ike0, 0, udp0); if (~0 == slen) vlib_node_increment_counter (vm, node->node_index, @@ -3633,8 +3634,8 @@ ikev2_initiate_delete_ike_sa_internal (vlib_main_t * vm, ike0->ispi = clib_host_to_net_u64 (sa->ispi); ike0->rspi = clib_host_to_net_u64 (sa->rspi); ike0->flags = 0; - ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id + 1); - sa->last_init_msg_id = clib_net_to_host_u32 (ike0->msgid); + ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id); + sa->last_init_msg_id += 1; len = ikev2_generate_message (b0, sa, ike0, 0, 0); if (~0 == len) return; @@ -4216,6 +4217,7 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name) ike0->ispi = clib_host_to_net_u64 (sa.ispi); ike0->rspi = 0; ike0->msgid = 0; + sa.last_init_msg_id += 1; /* store whole IKE payload - needed for PSK auth */ vec_reset_length (sa.last_sa_init_req_packet_data); @@ -4292,8 +4294,8 @@ ikev2_delete_child_sa_internal (vlib_main_t * vm, ikev2_sa_t * sa, vec_resize (sa->del, 1); sa->del->protocol_id = IKEV2_PROTOCOL_ESP; sa->del->spi = csa->i_proposals->spi; - ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id + 1); - sa->last_init_msg_id = clib_net_to_host_u32 (ike0->msgid); + ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id); + sa->last_init_msg_id += 1; len = ikev2_generate_message (b0, sa, ike0, 0, 0); if (~0 == len) return; @@ -4408,8 +4410,8 @@ ikev2_rekey_child_sa_internal (vlib_main_t * vm, ikev2_sa_t * sa, ike0->exchange = IKEV2_EXCHANGE_CREATE_CHILD_SA; ike0->ispi = clib_host_to_net_u64 (sa->ispi); ike0->rspi = clib_host_to_net_u64 (sa->rspi); - ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id + 1); - sa->last_init_msg_id = clib_net_to_host_u32 (ike0->msgid); + ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id); + sa->last_init_msg_id += 1; ikev2_rekey_t *rekey; vec_add2 (sa->rekey, rekey, 1); @@ -4867,9 +4869,9 @@ ikev2_send_informational_request (ikev2_sa_t * sa) ike0->exchange = IKEV2_EXCHANGE_INFORMATIONAL; ike0->ispi = clib_host_to_net_u64 (sa->ispi); ike0->rspi = clib_host_to_net_u64 (sa->rspi); - ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id + 1); + ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id); ike0->flags = 0; - sa->last_init_msg_id = clib_net_to_host_u32 (ike0->msgid); + sa->last_init_msg_id += 1; len = ikev2_generate_message (b0, sa, ike0, 0, 0); if (~0 == len) return; |