From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 21 Dec 2012 15:40:58 +0000 (+0100)
Subject: Add message rules to properly handle IKE fragments
X-Git-Tag: 5.0.2dr4~8^2~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9b1659f52c9dba7f5c4c827a7cda474bb83d992f;p=thirdparty%2Fstrongswan.git

Add message rules to properly handle IKE fragments

These are sent in unencrypted messages and are the only payload
contained in such messages.
---

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index c0f4686635..28fdda7353 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -442,6 +442,7 @@ static payload_rule_t id_prot_i_rules[] = {
 	{CERTIFICATE_V1,			0,	2,						TRUE,	FALSE},
 	{SIGNATURE_V1,				0,	1,						TRUE,	FALSE},
 	{HASH_V1,					0,	1,						TRUE,	FALSE},
+	{FRAGMENT_V1,				0,	1,						FALSE,	TRUE},
 };
 
 /**
@@ -461,6 +462,7 @@ static payload_order_t id_prot_i_order[] = {
 	{VENDOR_ID_V1,				0},
 	{NAT_D_V1,					0},
 	{NAT_D_DRAFT_00_03_V1,		0},
+	{FRAGMENT_V1,				0},
 };
 
 /**
@@ -480,6 +482,7 @@ static payload_rule_t id_prot_r_rules[] = {
 	{CERTIFICATE_V1,			0,	2,						TRUE,	FALSE},
 	{SIGNATURE_V1,				0,	1,						TRUE,	FALSE},
 	{HASH_V1,					0,	1,						TRUE,	FALSE},
+	{FRAGMENT_V1,				0,	1,						FALSE,	TRUE},
 };
 
 /**
@@ -499,6 +502,7 @@ static payload_order_t id_prot_r_order[] = {
 	{VENDOR_ID_V1,				0},
 	{NAT_D_V1,					0},
 	{NAT_D_DRAFT_00_03_V1,		0},
+	{FRAGMENT_V1,				0},
 };
 
 /**
@@ -518,6 +522,7 @@ static payload_rule_t aggressive_i_rules[] = {
 	{CERTIFICATE_V1,			0,	1,						TRUE,	FALSE},
 	{SIGNATURE_V1,				0,	1,						TRUE,	FALSE},
 	{HASH_V1,					0,	1,						TRUE,	FALSE},
+	{FRAGMENT_V1,				0,	1,						FALSE,	TRUE},
 };
 
 /**
@@ -537,6 +542,7 @@ static payload_order_t aggressive_i_order[] = {
 	{CERTIFICATE_REQUEST_V1,	0},
 	{NOTIFY_V1,					0},
 	{VENDOR_ID_V1,				0},
+	{FRAGMENT_V1,				0},
 };
 
 /**
@@ -556,6 +562,7 @@ static payload_rule_t aggressive_r_rules[] = {
 	{CERTIFICATE_V1,			0,	1,						FALSE,	FALSE},
 	{SIGNATURE_V1,				0,	1,						FALSE,	FALSE},
 	{HASH_V1,					0,	1,						FALSE,	FALSE},
+	{FRAGMENT_V1,				0,	1,						FALSE,	TRUE},
 };
 
 /**
@@ -575,6 +582,7 @@ static payload_order_t aggressive_r_order[] = {
 	{CERTIFICATE_REQUEST_V1,	0},
 	{NOTIFY_V1,					0},
 	{VENDOR_ID_V1,				0},
+	{FRAGMENT_V1,				0},
 };
 
 /**