struct payload_digest *p)
{
struct isakmp_delete *d = &(p->payload.delete);
+ identification_t *this_id, *that_id;
+ ip_address peer_addr;
size_t sizespi;
int i;
return;
}
+ if (d->isad_protoid == PROTO_ISAKMP)
+ {
+ struct end *this = &st->st_connection->spd.this;
+ struct end *that = &st->st_connection->spd.that;
+ this_id = this->id->clone(this->id);
+ that_id = that->id->clone(that->id);
+ peer_addr = st->st_connection->spd.that.host_addr;
+ }
+
for (i = 0; i < d->isad_nospi; i++)
{
u_char *spi = p->pbs.cur + (i * sizespi);
*/
struct state *dst = find_state(spi /*iCookie*/
, spi+COOKIE_SIZE /*rCookie*/
- , &st->st_connection->spd.that.host_addr
+ , &peer_addr
, MAINMODE_MSGID);
if (dst == NULL)
loglog(RC_LOG_SERIOUS, "ignoring Delete SA payload: "
"ISAKMP SA not found (maybe expired)");
}
- else if (!same_peer_ids(st->st_connection, dst->st_connection, NULL))
+ else if (! this_id->equals(this_id, dst->st_connection->spd.this.id) ||
+ ! that_id->equals(that_id, dst->st_connection->spd.that.id))
{
/* we've not authenticated the relevant identities */
loglog(RC_LOG_SERIOUS, "ignoring Delete SA payload: "
}
}
}
+
+ if (d->isad_protoid == PROTO_ISAKMP)
+ {
+ this_id->destroy(this_id);
+ that_id->destroy(that_id);
+ }
}
/* The whole message must be a multiple of 4 octets.
projects / thirdparty / strongswan.git / commitdiff
