From: Tobias Brunner Date: Mon, 8 Jun 2020 15:13:50 +0000 (+0200) Subject: ikev1: Ensure local IP is known as identity fallback during Main Mode X-Git-Tag: 5.9.0dr2~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=364d8b2628e57e3e9630f9ce37fe5d38a826b4a1;p=thirdparty%2Fstrongswan.git ikev1: Ensure local IP is known as identity fallback during Main Mode We usually have a local IP already via ike_sa_t::resolve_hosts() before build_i() is called but if that's not the case, it's more likely we have one after we processed the first response (it might also have changed). There is a potential chance we still don't have one if the socket API doesn't provide us with the destination address of received messages, but that seems not very likely nowadays. --- diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 9416177abc..c1d12046fe 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -250,7 +250,6 @@ METHOD(task_t, build_i, status_t, { sa_payload_t *sa_payload; linked_list_t *proposals; - identification_t *id; packet_t *packet; DBG0(DBG_IKE, "initiating Main Mode IKE_SA %s[%d] to %H", @@ -262,8 +261,6 @@ METHOD(task_t, build_i, status_t, this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa); this->peer_cfg->get_ref(this->peer_cfg); - id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE); - this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); this->method = this->ph1->get_auth_method(this->ph1, this->peer_cfg); if (this->method == AUTH_NONE) @@ -305,8 +302,14 @@ METHOD(task_t, build_i, status_t, } case MM_SA: { + identification_t *id; uint16_t group; + /* we might need the identity to look up a PSK when processing the + * response */ + id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE); + this->ike_sa->set_my_id(this->ike_sa, id->clone(id)); + if (!this->ph1->create_hasher(this->ph1)) { return send_notify(this, NO_PROPOSAL_CHOSEN);