From: Martin Willi <martin@revosec.ch>
Date: Tue, 1 Feb 2011 08:46:32 +0000 (+0100)
Subject: Accept non-encrypted INFORMATIONALs for ME connectivity checks
X-Git-Tag: 4.5.1~80
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=fe79cd4257953d5519e7f95250c7a34d90211352;p=thirdparty%2Fstrongswan.git

Accept non-encrypted INFORMATIONALs for ME connectivity checks
---

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 860ef627ad..dbef340abb 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1248,6 +1248,31 @@ METHOD(message_t, parse_header, status_t,
 	return status;
 }
 
+/**
+ * Check if a payload is for a mediation extension connectivity check
+ */
+static bool is_connectivity_check(private_message_t *this, payload_t *payload)
+{
+#ifdef ME
+	if (this->exchange_type == INFORMATIONAL &&
+		payload->get_type(payload) == NOTIFY)
+	{
+		notify_payload_t *notify = (notify_payload_t*)payload;
+
+		switch (notify->get_notify_type(notify))
+		{
+			case ME_CONNECTID:
+			case ME_ENDPOINT:
+			case ME_CONNECTAUTH:
+				return TRUE;
+			default:
+				break;
+		}
+	}
+#endif /* !ME */
+	return FALSE;
+}
+
 /**
  * Decrypt payload from the encryption payload
  */
@@ -1319,7 +1344,8 @@ static status_t decrypt_payloads(private_message_t *this, aead_t *aead)
 			}
 			encryption->destroy(encryption);
 		}
-		if (payload_is_known(type) && !was_encrypted)
+		if (payload_is_known(type) && !was_encrypted &&
+			!is_connectivity_check(this, payload))
 		{
 			rule = get_payload_rule(this, type);
 			if (!rule || rule->encrypted)