ikev1: Also use message hashes for Quick Mode for the early retransmission check

We already did so during Phase 1 but because all three Quick Mode
message have the same message ID we occasionally dropped the third
message as retransmit, so we do it there too.  For INFORMATIONAL
and TRANSACTION exchanges we don't expect more than one inbound message
with the same message ID so we still use them there.

Fixes #1198.

diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 24bde31a442c0864b83f6fa93a5012f0cbe83fdb..389cbfe3bd866969f786b72963b7b0e0f0f1cd11 100644 (file)
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -1188,11 +1188,15 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*,
  */
 static u_int32_t get_message_id_or_hash(message_t *message)
 {
-       /* Use the message ID, or the message hash in IKEv1 Main/Aggressive mode */
-       if (message->get_major_version(message) == IKEV1_MAJOR_VERSION &&
-               message->get_message_id(message) == 0)
+       if (message->get_major_version(message) == IKEV1_MAJOR_VERSION)
        {
-               return chunk_hash(message->get_packet_data(message));
+               /* Use a hash for IKEv1 Phase 1, where we don't have a MID, and Quick
+                * Mode, where all three messages use the same message ID */
+               if (message->get_message_id(message) == 0 ||
+                       message->get_exchange_type(message) == QUICK_MODE)
+               {
+                       return chunk_hash(message->get_packet_data(message));
+               }
        }
        return message->get_message_id(message);
 }