compare exchange types as well when looking up a message;

proceed with a response only when the appropriate request
is found.

3 files changed, 16 insertions, 22 deletions

diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index 72f3147f6c7..33fbb2a4f72 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.49 2012/06/22 16:28:20 mikeb Exp $	*/
+/*	$OpenBSD: iked.h,v 1.50 2012/06/26 11:00:28 mikeb Exp $	*/
 /*	$vantronix: iked.h,v 1.61 2010/06/03 07:57:33 reyk Exp $	*/
 
 /*
@@ -435,6 +435,7 @@ struct iked_message {
 	struct iked_sa		*msg_sa;
 
 	u_int32_t		 msg_msgid;
+	u_int8_t		 msg_exchange;
 
 	/* Parsed information */
 	struct iked_proposals	 msg_proposals;
@@ -743,7 +744,7 @@ void	 ikev2_msg_dispose(struct iked *, struct iked_msgqueue *,
 void	 ikev2_msg_flushqueue(struct iked *, struct iked_msgqueue *);
 struct iked_message *
 	 ikev2_msg_lookup(struct iked *, struct iked_msgqueue *,
-	    struct iked_message *);
+	    struct iked_message *, struct ike_header *);
 
 /* ikev2_pld.c */
 int	 ikev2_pld_parse(struct iked *, struct ike_header *,
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 6d56b5224c9..7cb42f9ae93 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.67 2012/06/22 16:28:20 mikeb Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.68 2012/06/26 11:00:28 mikeb Exp $	*/
 /*	$vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $	*/
 
 /*
@@ -399,7 +399,6 @@ ikev2_recv(struct iked *env, struct iked_message *msg)
 		break;
 	case ST_REQUEST:
 		if (msg->msg_msgid >= sa->sa_msgid) {
-			/* Update if we've initiated this exchange */
 			if (flag)
 				initiator = 0;
 			state = ST_FINISH;
@@ -412,9 +411,10 @@ ikev2_recv(struct iked *env, struct iked_message *msg)
 		}
 		break;
 	case ST_RESPONSE:
-		if (msg->msg_msgid < sa->sa_reqid) {
+		if (msg->msg_msgid < sa->sa_reqid &&
+		    (hdr->ike_exchange != IKEV2_EXCHANGE_INFORMATIONAL &&
+		     ikev2_msg_lookup(env, &sa->sa_requests, msg, hdr))) {
 			response = 1;
-			/* Update if we've initiated this exchange */
 			if (flag)
 				initiator = 1;
 			state = ST_FINISH;
@@ -436,13 +436,13 @@ ikev2_recv(struct iked *env, struct iked_message *msg)
 		/*
 		 * There's no need to keep the request around anymore
 		 */
-		if ((m = ikev2_msg_lookup(env, &sa->sa_requests, msg)))
+		if ((m = ikev2_msg_lookup(env, &sa->sa_requests, msg, hdr)))
 			ikev2_msg_dispose(env, &sa->sa_requests, m);
 	} else {
 		/*
 		 * See if we have responded to this request before
 		 */
-		if ((m = ikev2_msg_lookup(env, &sa->sa_responses, msg))) {
+		if ((m = ikev2_msg_lookup(env, &sa->sa_responses, msg, hdr))) {
 			if (ikev2_msg_retransmit_response(env, sa, m)) {
 				log_warn("%s: failed to retransmit a "
 				    "response", __func__);
diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c
index 43504723986..c70c4a53b36 100644
--- a/sbin/iked/ikev2_msg.c
+++ b/sbin/iked/ikev2_msg.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_msg.c,v 1.16 2012/06/22 16:28:20 mikeb Exp $	*/
+/*	$OpenBSD: ikev2_msg.c,v 1.17 2012/06/26 11:00:28 mikeb Exp $	*/
 /*	$vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $	*/
 
 /*
@@ -49,9 +49,6 @@
 
 void	 ikev2_msg_response_timeout(struct iked *, void *);
 void	 ikev2_msg_retransmit_timeout(struct iked *, void *);
-struct iked_message *
-	 ikev2_msg_lookup_by_id(struct iked *, struct iked_msgqueue *,
-	    u_int32_t);
 
 void
 ikev2_msg_cb(int fd, short event, void *arg)
@@ -290,6 +287,7 @@ ikev2_msg_send(struct iked *env, struct iked_message *msg)
 		log_debug("%s: failed to copy a message", __func__);
 		return (-1);
 	}
+	m->msg_exchange = hdr->ike_exchange;
 
 	if (hdr->ike_flags & IKEV2_FLAG_RESPONSE) {
 		TAILQ_INSERT_TAIL(&sa->sa_responses, m, msg_entry);
@@ -921,23 +919,18 @@ ikev2_msg_flushqueue(struct iked *env, struct iked_msgqueue *queue)
 }
 
 struct iked_message *
-ikev2_msg_lookup_by_id(struct iked *env, struct iked_msgqueue *queue,
-    u_int32_t msgid)
+ikev2_msg_lookup(struct iked *env, struct iked_msgqueue *queue,
+    struct iked_message *msg, struct ike_header *hdr)
 {
 	struct iked_message	*m = NULL;
 
 	TAILQ_FOREACH(m, queue, msg_entry) {
-		if (m->msg_msgid == msgid)
+		if (m->msg_msgid == msg->msg_msgid &&
+		    m->msg_exchange == hdr->ike_exchange)
 			break;
 	}
-	return (m);
-}
 
-struct iked_message *
-ikev2_msg_lookup(struct iked *env, struct iked_msgqueue *queue,
-    struct iked_message *msg)
-{
-	return (ikev2_msg_lookup_by_id(env, queue, msg->msg_msgid));
+	return (m);
 }
 
 int