diff options
| author | Hakan Olsson <ho@cvs.openbsd.org> | 2004-06-22 03:44:56 +0000 |
|---|---|---|
| committer | Hakan Olsson <ho@cvs.openbsd.org> | 2004-06-22 03:44:56 +0000 |
| commit | 48e173e619472dce9fa16a21cb6fb6ac6a9e3d24 (patch) | |
| tree | 48e16752f065389e7df90c0c4ef1f2025ba9b51f /sbin | |
| parent | c2d8a7a969288b224172afc470a2d204e2d754e5 (diff) | |
The NAT-T drafts suggest we should drop incoming messages arriving on
the old port (500) after we've switched to the new one.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/isakmpd/virtual.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/sbin/isakmpd/virtual.c b/sbin/isakmpd/virtual.c index 629d50119af..d8aff3ad9d4 100644 --- a/sbin/isakmpd/virtual.c +++ b/sbin/isakmpd/virtual.c @@ -1,4 +1,4 @@ -/* $OpenBSD: virtual.c,v 1.3 2004/06/21 18:40:01 ho Exp $ */ +/* $OpenBSD: virtual.c,v 1.4 2004/06/22 03:44:55 ho Exp $ */ /* * Copyright (c) 2004 Håkan Olsson. All rights reserved. @@ -606,6 +606,20 @@ virtual_handle_message(struct transport *t) return; } + /* + * As per the NAT-T draft, in case we have already switched ports, + * any messages recieved on the old (500) port SHOULD be discarded. + * (Actually, while phase 1 messages should be discarded, + * informational exchanges MAY be processed normally. For now, we + * discard them all.) + */ + if (((struct virtual_transport *)t->virtual)->encap_is_active && + ((struct virtual_transport *)t->virtual)->main == t) { + LOG_DBG((LOG_MESSAGE, 10, "virtual_handle_message: " + "message on old port discarded")); + return; + } + t->vtbl->handle_message(t); } |