From 7e8464128a64b8db809633ebbe7720f992b6fd26 Mon Sep 17 00:00:00 2001
From: Reyk Floeter <reyk@cvs.openbsd.org>
Date: Mon, 14 Jun 2010 12:05:33 +0000
Subject: NAT detection with SPIr is always 0

---
 sbin/iked/ikev2.c     | 6 +++---
 sbin/iked/ikev2_pld.c | 7 +++++--
 2 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'sbin')

diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 32fbb023a12..fe9c2bb8a67 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2.c,v 1.9 2010/06/14 11:33:55 reyk Exp $	*/
+/*	$OpenBSD: ikev2.c,v 1.10 2010/06/14 12:05:32 reyk Exp $	*/
 /*	$vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $	*/
 
 /*
@@ -830,10 +830,10 @@ ikev2_nat_detection(struct iked_message *msg, void *ptr, size_t len,
 		if ((hdr = ibuf_seek(msg->msg_data, 0, sizeof(*hdr))) == NULL)
 			return (-1);
 		ispi = hdr->ike_ispi;
-		rspi = hdr->ike_rspi;
+		rspi = 0;
 	} else {
 		ispi = htobe64(sa->sa_hdr.sh_ispi);
-		rspi = htobe64(sa->sa_hdr.sh_rspi);
+		rspi = 0;
 	}
 
 	EVP_MD_CTX_init(&ctx);
diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c
index 36bdf17df3d..f9f3b1d8452 100644
--- a/sbin/iked/ikev2_pld.c
+++ b/sbin/iked/ikev2_pld.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ikev2_pld.c,v 1.3 2010/06/14 11:33:55 reyk Exp $	*/
+/*	$OpenBSD: ikev2_pld.c,v 1.4 2010/06/14 12:05:32 reyk Exp $	*/
 /*	$vantronix: ikev2.c,v 1.101 2010/06/03 07:57:33 reyk Exp $	*/
 
 /*
@@ -705,11 +705,14 @@ ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld,
 
 	print_hex(buf, 0, len);
 
+	if (!ikev2_msg_frompeer(msg))
+		return (0);
+
 	switch (type) {
 	case IKEV2_N_NAT_DETECTION_SOURCE_IP:
 	case IKEV2_N_NAT_DETECTION_DESTINATION_IP:
 		if (ikev2_nat_detection(msg, md, sizeof(md), type,
-		    msg->msg_response) == -1)
+		    ikev2_msg_frompeer(msg)) == -1)
 			return (-1);
 		if (len != sizeof(md) || memcmp(buf, md, len) != 0) {
 			log_debug("%s: %s detected NAT, enabling "
-- 
cgit v1.2.3