diff options
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index fb8ad54b08b..0f66d326eae 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.106 2011/04/23 03:17:04 lum Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.107 2011/12/12 07:35:29 yasuoka Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -1088,6 +1088,14 @@ initiator_recv_HASH_SA_NONCE(struct message *msg) case IPSEC_ID_IPV6_ADDR_SUBNET: break; + case IPSEC_ID_FQDN: + /* + * FQDN may be used for in NAT-T with transport mode. + * We can handle the message in this case. In the + * other cases we'll drop the message later. + */ + break; + default: message_drop(msg, ISAKMP_NOTIFY_INVALID_ID_INFORMATION, 0, 1, 0); @@ -1532,6 +1540,14 @@ responder_recv_HASH_SA_NONCE(struct message *msg) case IPSEC_ID_IPV6_ADDR_SUBNET: break; + case IPSEC_ID_FQDN: + /* + * FQDN may be used for in NAT-T with transport mode. + * We can handle the message in this case. In the + * other cases we'll drop the message later. + */ + break; + default: message_drop(msg, ISAKMP_NOTIFY_INVALID_ID_INFORMATION, 0, 1, 0); |