From: Andreas Steffen Date: Sat, 28 Jul 2018 12:57:49 +0000 (+0200) Subject: tnccs-20: Defer handshake retry when sending SRETRY batch X-Git-Tag: 5.7.0dr8~1^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a59e1fa9e84de85d7cee0ab9180550333fd25d9;p=thirdparty%2Fstrongswan.git tnccs-20: Defer handshake retry when sending SRETRY batch Set a retry_handshake flag on a TNC server when sending a SRETRY batch and do the retry only after receiving the next CDATA batch from the TNC client. --- diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c index 86ae1c0996..32d950297c 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c @@ -91,6 +91,11 @@ struct private_tnccs_20_server_t { */ bool request_handshake_retry; + /** + * Flag set after sending SRETRY batch + */ + bool retry_handshake; + /** * SendMessage() by IMV only allowed if flag is set */ @@ -279,8 +284,9 @@ static void build_retry_batch(private_tnccs_20_server_t *this) change_batch_type(this, PB_BATCH_SRETRY); this->recs->clear_recommendation(this->recs); - tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id, - TNC_CONNECTION_STATE_HANDSHAKE); + + /* Handshake will be retried with next incoming CDATA batch */ + this->retry_handshake = TRUE; } METHOD(tnccs_20_handler_t, process, status_t, @@ -301,7 +307,17 @@ METHOD(tnccs_20_handler_t, process, status_t, pb_tnc_msg_t *msg; bool empty = TRUE; - if (batch_type == PB_BATCH_CRETRY) + if (batch_type == PB_BATCH_CDATA) + { + /* retry handshake after a previous SRETRY batch */ + if (this->retry_handshake) + { + tnc->imvs->notify_connection_change(tnc->imvs, + this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); + this->retry_handshake = FALSE; + } + } + else if (batch_type == PB_BATCH_CRETRY) { /* Send an SRETRY batch in response */ this->mutex->lock(this->mutex);