summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/ike_quick_mode.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c
index fb8ad54b08b..0f66d326eae 100644
--- a/sbin/isakmpd/ike_quick_mode.c
+++ b/sbin/isakmpd/ike_quick_mode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_quick_mode.c,v 1.106 2011/04/23 03:17:04 lum Exp $ */
+/* $OpenBSD: ike_quick_mode.c,v 1.107 2011/12/12 07:35:29 yasuoka Exp $ */
/* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */
/*
@@ -1088,6 +1088,14 @@ initiator_recv_HASH_SA_NONCE(struct message *msg)
case IPSEC_ID_IPV6_ADDR_SUBNET:
break;
+ case IPSEC_ID_FQDN:
+ /*
+ * FQDN may be used for in NAT-T with transport mode.
+ * We can handle the message in this case. In the
+ * other cases we'll drop the message later.
+ */
+ break;
+
default:
message_drop(msg, ISAKMP_NOTIFY_INVALID_ID_INFORMATION,
0, 1, 0);
@@ -1532,6 +1540,14 @@ responder_recv_HASH_SA_NONCE(struct message *msg)
case IPSEC_ID_IPV6_ADDR_SUBNET:
break;
+ case IPSEC_ID_FQDN:
+ /*
+ * FQDN may be used for in NAT-T with transport mode.
+ * We can handle the message in this case. In the
+ * other cases we'll drop the message later.
+ */
+ break;
+
default:
message_drop(msg, ISAKMP_NOTIFY_INVALID_ID_INFORMATION,
0, 1, 0);