From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 28 Sep 2015 15:37:42 +0000 (+0200)
Subject: ikev1: Queue INFORMATIONAL request if AM is not complete yet
X-Git-Tag: 5.3.4dr1~11^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1c8dfa30d01875f1df43aff6db75f3e188829b4f;p=thirdparty%2Fstrongswan.git

ikev1: Queue INFORMATIONAL request if AM is not complete yet
---

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index a027b749e7..5b0438ffa2 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1387,13 +1387,20 @@ METHOD(task_manager_t, process_message, status_t,
 		}
 
 		/* drop XAuth/Mode Config/Quick Mode messages until we received the last
-		 * Aggressive Mode message */
-		if (have_aggressive_mode_task(this) &&
-			msg->get_exchange_type(msg) != AGGRESSIVE)
+		 * Aggressive Mode message.  since Informational messages are not
+		 * retransmitted we queue them. */
+		if (have_aggressive_mode_task(this))
 		{
-			DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
-				 exchange_type_names, msg->get_exchange_type(msg));
-			return FAILED;
+			if (msg->get_exchange_type(msg) == INFORMATIONAL_V1)
+			{
+				return queue_message(this, msg);
+			}
+			else if (msg->get_exchange_type(msg) != AGGRESSIVE)
+			{
+				DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete",
+					 exchange_type_names, msg->get_exchange_type(msg));
+				return FAILED;
+			}
 		}
 
 		/* queue XAuth/Mode Config messages unless the Main Mode exchange we