Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
ikev2: fix msg IDs generation
[vpp.git]
/
src
/
plugins
/
ikev2
/
ikev2.c
diff --git
a/src/plugins/ikev2/ikev2.c
b/src/plugins/ikev2/ikev2.c
index
a2e4247
..
b4af9ca
100644
(file)
--- a/
src/plugins/ikev2/ikev2.c
+++ b/
src/plugins/ikev2/ikev2.c
@@
-435,6
+435,7
@@
ikev2_complete_sa_data (ikev2_sa_t * sa, ikev2_sa_t * sai)
sa->i_auth.data = _(sai->i_auth.data);
sa->i_auth.key = _(sai->i_auth.key);
sa->last_sa_init_req_packet_data = _(sai->last_sa_init_req_packet_data);
sa->i_auth.data = _(sai->i_auth.data);
sa->i_auth.key = _(sai->i_auth.key);
sa->last_sa_init_req_packet_data = _(sai->last_sa_init_req_packet_data);
+ sa->last_init_msg_id = sai->last_init_msg_id;
sa->childs = _(sai->childs);
sa->udp_encap = sai->udp_encap;
sa->ipsec_over_udp_port = sai->ipsec_over_udp_port;
sa->childs = _(sai->childs);
sa->udp_encap = sai->udp_encap;
sa->ipsec_over_udp_port = sai->ipsec_over_udp_port;
@@
-1408,7
+1409,8
@@
ikev2_process_create_child_sa_req (vlib_main_t * vm,
p += plen;
}
p += plen;
}
- if (sa->is_initiator && proposal->protocol_id == IKEV2_PROTOCOL_ESP)
+ if (sa->is_initiator && proposal
+ && proposal->protocol_id == IKEV2_PROTOCOL_ESP)
{
ikev2_rekey_t *rekey = &sa->rekey[0];
rekey->protocol_id = proposal->protocol_id;
{
ikev2_rekey_t *rekey = &sa->rekey[0];
rekey->protocol_id = proposal->protocol_id;
@@
-2463,11
+2465,6
@@
ikev2_generate_message (vlib_buffer_t * b, ikev2_sa_t * sa,
if (sa->is_initiator)
ike->flags |= IKEV2_HDR_FLAG_INITIATOR;
if (sa->is_initiator)
ike->flags |= IKEV2_HDR_FLAG_INITIATOR;
- if (ike_hdr_is_request (ike))
- {
- sa->last_init_msg_id = clib_net_to_host_u32 (ike->msgid);
- }
-
if (ike->exchange == IKEV2_EXCHANGE_SA_INIT)
{
tlen += vec_len (chain->data);
if (ike->exchange == IKEV2_EXCHANGE_SA_INIT)
{
tlen += vec_len (chain->data);
@@
-2961,6
+2958,9
@@
ikev2_node_internal (vlib_main_t * vm,
ikev2_calc_keys (sa0);
ikev2_sa_auth_init (sa0);
ike0->flags = IKEV2_HDR_FLAG_INITIATOR;
ikev2_calc_keys (sa0);
ikev2_sa_auth_init (sa0);
ike0->flags = IKEV2_HDR_FLAG_INITIATOR;
+ ike0->msgid =
+ clib_net_to_host_u32 (sai->last_init_msg_id);
+ sa0->last_init_msg_id = sai->last_init_msg_id + 1;
slen =
ikev2_generate_message (b0, sa0, ike0, 0, udp0);
if (~0 == slen)
slen =
ikev2_generate_message (b0, sa0, ike0, 0, udp0);
if (~0 == slen)
@@
-3033,6
+3033,7
@@
ikev2_node_internal (vlib_main_t * vm,
}
else
{
}
else
{
+ ike0->flags = IKEV2_HDR_FLAG_RESPONSE;
slen = ikev2_generate_message (b0, sa0, ike0, 0, udp0);
if (~0 == slen)
vlib_node_increment_counter (vm, node->node_index,
slen = ikev2_generate_message (b0, sa0, ike0, 0, udp0);
if (~0 == slen)
vlib_node_increment_counter (vm, node->node_index,
@@
-3633,8
+3634,8
@@
ikev2_initiate_delete_ike_sa_internal (vlib_main_t * vm,
ike0->ispi = clib_host_to_net_u64 (sa->ispi);
ike0->rspi = clib_host_to_net_u64 (sa->rspi);
ike0->flags = 0;
ike0->ispi = clib_host_to_net_u64 (sa->ispi);
ike0->rspi = clib_host_to_net_u64 (sa->rspi);
ike0->flags = 0;
- ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id
+ 1
);
- sa->last_init_msg_id
= clib_net_to_host_u32 (ike0->msgid)
;
+ ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id);
+ sa->last_init_msg_id
+= 1
;
len = ikev2_generate_message (b0, sa, ike0, 0, 0);
if (~0 == len)
return;
len = ikev2_generate_message (b0, sa, ike0, 0, 0);
if (~0 == len)
return;
@@
-4216,6
+4217,7
@@
ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name)
ike0->ispi = clib_host_to_net_u64 (sa.ispi);
ike0->rspi = 0;
ike0->msgid = 0;
ike0->ispi = clib_host_to_net_u64 (sa.ispi);
ike0->rspi = 0;
ike0->msgid = 0;
+ sa.last_init_msg_id += 1;
/* store whole IKE payload - needed for PSK auth */
vec_reset_length (sa.last_sa_init_req_packet_data);
/* store whole IKE payload - needed for PSK auth */
vec_reset_length (sa.last_sa_init_req_packet_data);
@@
-4292,8
+4294,8
@@
ikev2_delete_child_sa_internal (vlib_main_t * vm, ikev2_sa_t * sa,
vec_resize (sa->del, 1);
sa->del->protocol_id = IKEV2_PROTOCOL_ESP;
sa->del->spi = csa->i_proposals->spi;
vec_resize (sa->del, 1);
sa->del->protocol_id = IKEV2_PROTOCOL_ESP;
sa->del->spi = csa->i_proposals->spi;
- ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id
+ 1
);
- sa->last_init_msg_id
= clib_net_to_host_u32 (ike0->msgid)
;
+ ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id);
+ sa->last_init_msg_id
+= 1
;
len = ikev2_generate_message (b0, sa, ike0, 0, 0);
if (~0 == len)
return;
len = ikev2_generate_message (b0, sa, ike0, 0, 0);
if (~0 == len)
return;
@@
-4408,8
+4410,8
@@
ikev2_rekey_child_sa_internal (vlib_main_t * vm, ikev2_sa_t * sa,
ike0->exchange = IKEV2_EXCHANGE_CREATE_CHILD_SA;
ike0->ispi = clib_host_to_net_u64 (sa->ispi);
ike0->rspi = clib_host_to_net_u64 (sa->rspi);
ike0->exchange = IKEV2_EXCHANGE_CREATE_CHILD_SA;
ike0->ispi = clib_host_to_net_u64 (sa->ispi);
ike0->rspi = clib_host_to_net_u64 (sa->rspi);
- ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id
+ 1
);
- sa->last_init_msg_id
= clib_net_to_host_u32 (ike0->msgid)
;
+ ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id);
+ sa->last_init_msg_id
+= 1
;
ikev2_rekey_t *rekey;
vec_add2 (sa->rekey, rekey, 1);
ikev2_rekey_t *rekey;
vec_add2 (sa->rekey, rekey, 1);
@@
-4867,9
+4869,9
@@
ikev2_send_informational_request (ikev2_sa_t * sa)
ike0->exchange = IKEV2_EXCHANGE_INFORMATIONAL;
ike0->ispi = clib_host_to_net_u64 (sa->ispi);
ike0->rspi = clib_host_to_net_u64 (sa->rspi);
ike0->exchange = IKEV2_EXCHANGE_INFORMATIONAL;
ike0->ispi = clib_host_to_net_u64 (sa->ispi);
ike0->rspi = clib_host_to_net_u64 (sa->rspi);
- ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id
+ 1
);
+ ike0->msgid = clib_host_to_net_u32 (sa->last_init_msg_id);
ike0->flags = 0;
ike0->flags = 0;
- sa->last_init_msg_id
= clib_net_to_host_u32 (ike0->msgid)
;
+ sa->last_init_msg_id
+= 1
;
len = ikev2_generate_message (b0, sa, ike0, 0, 0);
if (~0 == len)
return;
len = ikev2_generate_message (b0, sa, ike0, 0, 0);
if (~0 == len)
return;