From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 22 Sep 2022 13:47:34 +0000 (+0200)
Subject: ikev2: The ike-me task does not have to run before the ike-auth task
X-Git-Tag: 5.9.8rc1~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3da04c05e04c3bf627bb49035625e6bb801fd9a;p=thirdparty%2Fstrongswan.git

ikev2: The ike-me task does not have to run before the ike-auth task

Since e334bd46b184 ("ike-auth: Move packet collection to post_build()
method") tasks and plugins can modify the IKE_SA_INIT message independent
of the ike-auth task.
---

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index f1228ab072..e2db835116 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -546,15 +546,11 @@ METHOD(task_manager_t, initiate, status_t,
 					exchange = IKE_SA_INIT;
 					activate_task(this, TASK_IKE_NATD);
 					activate_task(this, TASK_IKE_CERT_PRE);
+					activate_task(this, TASK_IKE_AUTH);
+					activate_task(this, TASK_IKE_CERT_POST);
 #ifdef ME
-					/* this task has to be activated before the TASK_IKE_AUTH
-					 * task, because that task pregenerates the packet after
-					 * which no payloads can be added to the message anymore.
-					 */
 					activate_task(this, TASK_IKE_ME);
 #endif /* ME */
-					activate_task(this, TASK_IKE_AUTH);
-					activate_task(this, TASK_IKE_CERT_POST);
 					activate_task(this, TASK_IKE_CONFIG);
 					activate_task(this, TASK_CHILD_CREATE);
 					activate_task(this, TASK_IKE_AUTH_LIFETIME);
@@ -1145,14 +1141,14 @@ static status_t process_request(private_task_manager_t *this,
 				array_insert(this->passive_tasks, ARRAY_TAIL, task);
 				task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE);
 				array_insert(this->passive_tasks, ARRAY_TAIL, task);
-#ifdef ME
-				task = (task_t*)ike_me_create(this->ike_sa, FALSE);
-				array_insert(this->passive_tasks, ARRAY_TAIL, task);
-#endif /* ME */
 				task = (task_t*)ike_auth_create(this->ike_sa, FALSE);
 				array_insert(this->passive_tasks, ARRAY_TAIL, task);
 				task = (task_t*)ike_cert_post_create(this->ike_sa, FALSE);
 				array_insert(this->passive_tasks, ARRAY_TAIL, task);
+#ifdef ME
+				task = (task_t*)ike_me_create(this->ike_sa, FALSE);
+				array_insert(this->passive_tasks, ARRAY_TAIL, task);
+#endif /* ME */
 				task = (task_t*)ike_config_create(this->ike_sa, FALSE);
 				array_insert(this->passive_tasks, ARRAY_TAIL, task);
 				task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE,