From: Martin Willi <martin@revosec.ch>
Date: Thu, 17 Jul 2014 07:32:22 +0000 (+0200)
Subject: receiver: Send a single INVALID_MAJOR_VERSION notify for IKE version > 2
X-Git-Tag: 5.2.1dr1~119
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75122b90bbc5985f1427fcef98742c296da93b94;p=thirdparty%2Fstrongswan.git

receiver: Send a single INVALID_MAJOR_VERSION notify for IKE version > 2

We sent both a notify using IKEv1 and IKEv2. This is a little more aggressive
than required, RFC 5996 says we "SHOULD send an unauthenticated Notify
message of type INVALID_MAJOR_VERSION containing the highest (closest) version
number it supports".

Fixes #657.
---

diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index a2a3b1f89a..5ce9471bd5 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -524,8 +524,7 @@ static job_requeue_t receive_packets(private_receiver_t *this)
 #ifdef USE_IKEV2
 			send_notify(message, IKEV2_MAJOR_VERSION, INFORMATIONAL,
 						INVALID_MAJOR_VERSION, chunk_empty);
-#endif /* USE_IKEV2 */
-#ifdef USE_IKEV1
+#elif defined(USE_IKEV1)
 			send_notify(message, IKEV1_MAJOR_VERSION, INFORMATIONAL_V1,
 						INVALID_MAJOR_VERSION, chunk_empty);
 #endif /* USE_IKEV1 */
@@ -684,4 +683,3 @@ receiver_t *receiver_create()
 
 	return &this->public;
 }
-