summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHakan Olsson <ho@cvs.openbsd.org>2004-06-22 03:44:56 +0000
committerHakan Olsson <ho@cvs.openbsd.org>2004-06-22 03:44:56 +0000
commit48e173e619472dce9fa16a21cb6fb6ac6a9e3d24 (patch)
tree48e16752f065389e7df90c0c4ef1f2025ba9b51f
parentc2d8a7a969288b224172afc470a2d204e2d754e5 (diff)
The NAT-T drafts suggest we should drop incoming messages arriving on
the old port (500) after we've switched to the new one.
-rw-r--r--sbin/isakmpd/virtual.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/sbin/isakmpd/virtual.c b/sbin/isakmpd/virtual.c
index 629d50119af..d8aff3ad9d4 100644
--- a/sbin/isakmpd/virtual.c
+++ b/sbin/isakmpd/virtual.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: virtual.c,v 1.3 2004/06/21 18:40:01 ho Exp $ */
+/* $OpenBSD: virtual.c,v 1.4 2004/06/22 03:44:55 ho Exp $ */
/*
* Copyright (c) 2004 Håkan Olsson. All rights reserved.
@@ -606,6 +606,20 @@ virtual_handle_message(struct transport *t)
return;
}
+ /*
+ * As per the NAT-T draft, in case we have already switched ports,
+ * any messages recieved on the old (500) port SHOULD be discarded.
+ * (Actually, while phase 1 messages should be discarded,
+ * informational exchanges MAY be processed normally. For now, we
+ * discard them all.)
+ */
+ if (((struct virtual_transport *)t->virtual)->encap_is_active &&
+ ((struct virtual_transport *)t->virtual)->main == t) {
+ LOG_DBG((LOG_MESSAGE, 10, "virtual_handle_message: "
+ "message on old port discarded"));
+ return;
+ }
+
t->vtbl->handle_message(t);
}