From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 20 Dec 2012 11:14:25 +0000 (+0100)
Subject: Map fragmented initial initial Main or Aggressive Mode messages to the same IKE_SA
X-Git-Tag: 5.0.2dr4~8^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe26ddada93a5f55971caa6c1e63e9503f414172;p=thirdparty%2Fstrongswan.git

Map fragmented initial initial Main or Aggressive Mode messages to the same IKE_SA
---

diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 9627876476..260da8be1d 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -968,14 +968,30 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this)
 static bool get_init_hash(private_ike_sa_manager_t *this, message_t *message,
 						  chunk_t *hash)
 {
+	host_t *src;
+
 	if (!this->hasher)
 	{	/* this might be the case when flush() has been called */
 		return FALSE;
 	}
+	if (message->get_first_payload_type(message) == FRAGMENT_V1)
+	{	/* only hash the source IP and SPI for fragmented init messages */
+		u_int64_t spi;
+
+		src = message->get_source(message);
+		if (!this->hasher->allocate_hash(this->hasher,
+										 src->get_address(src), NULL))
+		{
+			return FALSE;
+		}
+		spi = message->get_initiator_spi(message);
+		return this->hasher->allocate_hash(this->hasher,
+										   chunk_from_thing(spi), hash);
+	}
 	if (message->get_exchange_type(message) == ID_PROT)
 	{	/* include the source for Main Mode as the hash will be the same if
 		 * SPIs are reused by two initiators that use the same proposal */
-		host_t *src = message->get_source(message);
+		src = message->get_source(message);
 
 		if (!this->hasher->allocate_hash(this->hasher,
 										 src->get_address(src), NULL))