diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2011-12-12 07:35:30 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2011-12-12 07:35:30 +0000 |
| commit | 43e06dfb113499c6cc199e3ef6f73e4846af8a6f (patch) | |
| tree | a259cd6836c89325a3387fb454a7474149406866 | |
| parent | 95ff32580540b6b60c92de49abf3bdcceb9e4632 (diff) | |
Allow using FQDN as a ID payload type. Some client (eg Windows XP)
uses the FQDN type in NAT-T with transport mode.
ok markus
| -rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index fb8ad54b08b..0f66d326eae 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.106 2011/04/23 03:17:04 lum Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.107 2011/12/12 07:35:29 yasuoka Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -1088,6 +1088,14 @@ initiator_recv_HASH_SA_NONCE(struct message *msg) case IPSEC_ID_IPV6_ADDR_SUBNET: break; + case IPSEC_ID_FQDN: + /* + * FQDN may be used for in NAT-T with transport mode. + * We can handle the message in this case. In the + * other cases we'll drop the message later. + */ + break; + default: message_drop(msg, ISAKMP_NOTIFY_INVALID_ID_INFORMATION, 0, 1, 0); @@ -1532,6 +1540,14 @@ responder_recv_HASH_SA_NONCE(struct message *msg) case IPSEC_ID_IPV6_ADDR_SUBNET: break; + case IPSEC_ID_FQDN: + /* + * FQDN may be used for in NAT-T with transport mode. + * We can handle the message in this case. In the + * other cases we'll drop the message later. + */ + break; + default: message_drop(msg, ISAKMP_NOTIFY_INVALID_ID_INFORMATION, 0, 1, 0); |