From: Tobias Brunner Date: Tue, 10 Feb 2015 18:03:44 +0000 (+0100) Subject: ikev1: Set protocol ID and SPIs in INITIAL-CONTACT notification payloads X-Git-Tag: 5.3.0dr1~35 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=9fda0bf007b6e0454f2f0025c9c88eca40e11fda;p=thirdparty%2Fstrongswan.git ikev1: Set protocol ID and SPIs in INITIAL-CONTACT notification payloads The payload we sent before is not compliant with RFC 2407 and thus some peers might abort negotiation (e.g. with an INVALID-PROTOCOL-ID error). Fixes #819. --- diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 5065e70ffc..3ea4a2a85e 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -213,6 +213,10 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, { identification_t *idr; host_t *host; + notify_payload_t *notify; + ike_sa_id_t *ike_sa_id; + u_int64_t spi_i, spi_r; + chunk_t spi; idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE); if (idr && !idr->contains_wildcards(idr)) @@ -224,8 +228,15 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, if (!charon->ike_sa_manager->has_contact(charon->ike_sa_manager, idi, idr, host->get_family(host))) { - message->add_notify(message, FALSE, INITIAL_CONTACT_IKEV1, - chunk_empty); + notify = notify_payload_create_from_protocol_and_type( + PLV1_NOTIFY, PROTO_IKE, INITIAL_CONTACT_IKEV1); + ike_sa_id = this->ike_sa->get_id(this->ike_sa); + spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); + spi_r = ike_sa_id->get_responder_spi(ike_sa_id); + spi = chunk_cata("cc", chunk_from_thing(spi_i), + chunk_from_thing(spi_r)); + notify->set_spi_data(notify, spi); + message->add_payload(message, (payload_t*)notify); } } }