Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 389aae5)
ikev2: fix rekeying with multiple notify payloads 09/36809/2
authorAtzm Watanabe <atzmism@gmail.com>
Mon, 8 Aug 2022 06:45:36 +0000 (15:45 +0900)
committerAtzm Watanabe <atzmism@gmail.com>
Mon, 8 Aug 2022 07:33:39 +0000 (16:33 +0900)
Type: fix
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I065bd5c26055d863d786023970e7deeed261b31c

src/plugins/ikev2/ikev2.c patch | blob | history
test/test_ikev2.py patch | blob | history

diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 84b62d2..20be89e 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1367,7 +1367,6 @@ ikev2_process_create_child_sa_req (vlib_main_t * vm,
   int p = 0;
   u8 payload = ike->nextpayload;
   u8 *plaintext = 0;
-  u8 rekeying = 0;
   ikev2_rekey_t *rekey;
   ike_payload_header_t *ikep;
   ikev2_notify_t *n = 0;
@@ -1410,11 +1409,15 @@ ikev2_process_create_child_sa_req (vlib_main_t * vm,
        }
       else if (payload == IKEV2_PAYLOAD_NOTIFY)
        {
-         n = ikev2_parse_notify_payload (ikep, current_length);
-         if (n->msg_type == IKEV2_NOTIFY_MSG_REKEY_SA)
+         ikev2_notify_t *n0;
+         n0 = ikev2_parse_notify_payload (ikep, current_length);
+         if (n0->msg_type == IKEV2_NOTIFY_MSG_REKEY_SA)
            {
-             rekeying = 1;
+             vec_free (n);
+             n = n0;
            }
+         else
+           vec_free (n0);
        }
       else if (payload == IKEV2_PAYLOAD_DELETE)
        {
@@ -1478,7 +1481,7 @@ ikev2_process_create_child_sa_req (vlib_main_t * vm,
     }
   else
     {
-      if (rekeying)
+      if (n)
        {
          child_sa = ikev2_sa_get_child (sa, n->spi, n->protocol_id, 1);
          if (!child_sa)
diff --git a/test/test_ikev2.py b/test/test_ikev2.py
index 5b699dd..ac77a41 100644 (file)
--- a/test/test_ikev2.py
+++ b/test/test_ikev2.py
@@ -1391,7 +1391,14 @@ class TemplateResponder(IkePeer):
             plain = (
                 ikev2.IKEv2_payload_Nonce(load=self.sa.i_nonce, next_payload="SA")
                 / plain
-                / ikev2.IKEv2_payload_Notify(type="REKEY_SA", proto="ESP", SPI=c.ispi)
+                / ikev2.IKEv2_payload_Notify(
+                    type="REKEY_SA",
+                    proto="ESP",
+                    SPI=c.ispi,
+                    length=8 + len(c.ispi),
+                    next_payload="Notify",
+                )
+                / ikev2.IKEv2_payload_Notify(type="ESP_TFC_PADDING_NOT_SUPPORTED")
             )
         else:
             first_payload = "IDi"
Vector Packet Processing