summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Smith <mgsmith@netgate.com>2017-04-26 15:42:39 -0500
committerDamjan Marion <dmarion.lists@gmail.com>2017-04-27 12:54:09 +0000
commit1e19ee4458b652058a251b5094c72d57c03fb680 (patch)
tree7f036a7c06fd5e136c240a6ed50f6a25c91d2f3f
parentf7e655d69a3325b8050eb09bc6065fac10bcb81b (diff)
VPP-716: IKEv2 responder fails to authenticate initiator
Fix handling of IDi and IDr when processing payloads in ikev2_process_auth_req Change-Id: If0d4441dc89f08f3753f38987406c002d43558ec Signed-off-by: Matthew Smith <mgsmith@netgate.com>
-rw-r--r--src/vnet/ipsec/ikev2.c31
1 files changed, 16 insertions, 15 deletions
diff --git a/src/vnet/ipsec/ikev2.c b/src/vnet/ipsec/ikev2.c
index 3f9978a7520..296654ecbac 100644
--- a/src/vnet/ipsec/ikev2.c
+++ b/src/vnet/ipsec/ikev2.c
@@ -875,25 +875,26 @@ ikev2_process_auth_req (vlib_main_t * vm, ikev2_sa_t * sa, ike_header_t * ike)
first_child_sa->i_proposals = ikev2_parse_sa_payload (ikep);
}
}
- else if (payload == IKEV2_PAYLOAD_IDI || payload == IKEV2_PAYLOAD_IDR) /* 35, 36 */
+ else if (payload == IKEV2_PAYLOAD_IDI) /* 35 */
{
ike_id_payload_header_t *id = (ike_id_payload_header_t *) ikep;
- if (sa->is_initiator)
- {
- sa->r_id.type = id->id_type;
- vec_free (sa->r_id.data);
- vec_add (sa->r_id.data, id->payload, plen - sizeof (*id));
- }
- else
- {
- sa->i_id.type = id->id_type;
- vec_free (sa->i_id.data);
- vec_add (sa->i_id.data, id->payload, plen - sizeof (*id));
- }
+ sa->i_id.type = id->id_type;
+ vec_free (sa->i_id.data);
+ vec_add (sa->i_id.data, id->payload, plen - sizeof (*id));
+
+ clib_warning ("received payload IDi, len %u id_type %u",
+ plen - sizeof (*id), id->id_type);
+ }
+ else if (payload == IKEV2_PAYLOAD_IDR) /* 36 */
+ {
+ ike_id_payload_header_t *id = (ike_id_payload_header_t *) ikep;
+
+ sa->r_id.type = id->id_type;
+ vec_free (sa->r_id.data);
+ vec_add (sa->r_id.data, id->payload, plen - sizeof (*id));
- clib_warning ("received payload %s, len %u id_type %u",
- (payload == IKEV2_PAYLOAD_IDI ? "IDi" : "IDr"),
+ clib_warning ("received payload IDr len %u id_type %u",
plen - sizeof (*id), id->id_type);
}
else if (payload == IKEV2_PAYLOAD_AUTH) /* 39 */