From: Martin Willi <martin@revosec.ch>
Date: Fri, 3 Aug 2012 11:07:19 +0000 (+0200)
Subject: Block XAuth transaction on established IKE_SAs, but allow Mode Config
X-Git-Tag: 5.0.1~231
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=764035d515e4532dfd9e95f96c67ef4bb0c4c4be;p=thirdparty%2Fstrongswan.git

Block XAuth transaction on established IKE_SAs, but allow Mode Config
---

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index 7f5acccc0b..0a7c52a748 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -1209,7 +1209,6 @@ METHOD(ike_sa_t, process_message, status_t,
 	{
 		case ID_PROT:
 		case AGGRESSIVE:
-		case TRANSACTION:
 		case IKE_SA_INIT:
 		case IKE_AUTH:
 			if (this->state != IKE_CREATED &&
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 0e88c9e0f3..d71f540fe9 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -879,7 +879,7 @@ static status_t process_request(private_task_manager_t *this,
 				}
 				break;
 			case TRANSACTION:
-				if (this->ike_sa->get_state(this->ike_sa) == IKE_ESTABLISHED)
+				if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)
 				{
 					task = (task_t *)mode_config_create(this->ike_sa, FALSE);
 				}