diff -Naur libreswan-3.15-orig/programs/pluto/ikev2.c libreswan-3.15/programs/pluto/ikev2.c
--- libreswan-3.15-orig/programs/pluto/ikev2.c 2016-09-07 10:10:59.477000000 -0400
+++ libreswan-3.15/programs/pluto/ikev2.c 2016-09-07 10:14:14.222000000 -0400
@@ -73,13 +73,6 @@
#include "plutoalg.h" /* for default_ike_groups */
-/* Note: same definition appears in programs/pluto/ikev2_parent.c */
-#define SEND_V2_NOTIFICATION(t) { \
- if (st != NULL) \
- send_v2_notification_from_state(st, t, NULL); \
- else \
- send_v2_notification_from_md(md, t, NULL); }
-
enum smf2_flags {
/*
* Check the value of the IKE_I flag in the header.
@@ -400,16 +393,6 @@
* <-- HDR, SK {[N,] [D,] [CP], ...}
*/
- { .story = "I2: process INFORMATIONAL",
- .state = STATE_PARENT_I2,
- .next_state = STATE_PARENT_I2,
- .flags = SMF2_IKE_I_CLEAR,
- .req_clear_payloads = P(SK),
- .opt_enc_payloads = P(N) | P(D) | P(CP),
- .processor = process_encrypted_informational_ikev2,
- .recv_type = ISAKMP_v2_INFORMATIONAL,
- .timeout_event = EVENT_RETAIN, },
-
{ .story = "I3: INFORMATIONAL",
.state = STATE_PARENT_I3,
.next_state = STATE_PARENT_I3,
@@ -420,16 +403,6 @@
.recv_type = ISAKMP_v2_INFORMATIONAL,
.timeout_event = EVENT_RETAIN, },
- { .story = "R1: process INFORMATIONAL",
- .state = STATE_PARENT_R1,
- .next_state = STATE_PARENT_R1,
- .flags = SMF2_IKE_I_SET,
- .req_clear_payloads = P(SK),
- .opt_enc_payloads = P(N) | P(D) | P(CP),
- .processor = process_encrypted_informational_ikev2,
- .recv_type = ISAKMP_v2_INFORMATIONAL,
- .timeout_event = EVENT_RETAIN, },
-
{ .story = "R2: process INFORMATIONAL",
.state = STATE_PARENT_R2,
.next_state = STATE_PARENT_R2,
@@ -1061,7 +1034,7 @@
* XXX: Returning INVALID_MESSAGE_ID seems
* pretty bogus.
*/
- SEND_V2_NOTIFICATION(v2N_INVALID_MESSAGE_ID);
+ SEND_V2_NOTIFICATION(v2N_INVALID_IKE_SPI);
}
return;
}
@@ -1353,6 +1326,7 @@
st.st_localport = md->iface->port;
cnx.interface = md->iface;
st.st_interface = md->iface;
+ st.st_reply_xchg = md->hdr.isa_xchg;
send_v2_notification(&st, type, NULL,
md->hdr.isa_icookie, md->hdr.isa_rcookie, data);
diff -Naur libreswan-3.15-orig/programs/pluto/ikev2.h libreswan-3.15/programs/pluto/ikev2.h
--- libreswan-3.15-orig/programs/pluto/ikev2.h 2015-08-24 22:28:32.000000000 -0400
+++ libreswan-3.15/programs/pluto/ikev2.h 2016-09-07 10:12:30.357000000 -0400
@@ -235,3 +235,9 @@
void ikev2_log_payload_errors(struct ikev2_payload_errors errors,
struct state *st);
+#define SEND_V2_NOTIFICATION(t) { \
+ if (st != NULL) \
+ send_v2_notification_from_state(st, t, NULL); \
+ else \
+ send_v2_notification_from_md(md, t, NULL); }
+
diff -Naur libreswan-3.15-orig/programs/pluto/ikev2_parent.c libreswan-3.15/programs/pluto/ikev2_parent.c
--- libreswan-3.15-orig/programs/pluto/ikev2_parent.c 2016-09-07 10:10:59.478000000 -0400
+++ libreswan-3.15/programs/pluto/ikev2_parent.c 2016-09-07 10:12:30.357000000 -0400
@@ -70,14 +70,6 @@
#include "ietf_constants.h"
-/* Note: same definition appears in programs/pluto/ikev2.c */
-#define SEND_V2_NOTIFICATION(t) { \
- if (st != NULL) \
- send_v2_notification_from_state(st, t, NULL); \
- else \
- send_v2_notification_from_md(md, t, NULL); \
- }
-
#ifdef XAUTH_HAVE_PAM
struct ikev2_pam_helper {
struct pam_thread_arg pam; /* writable inside thread */
@@ -3628,6 +3620,8 @@
hdr.isa_xchg = ISAKMP_v2_SA_INIT;
break;
}
+ if (p1st->st_reply_xchg != 0)
+ hdr.isa_xchg = p1st->st_reply_xchg; /* use received exchange type */
hdr.isa_np = ISAKMP_NEXT_v2N;
/* XXX unconditionally clearing original initiator flag is wrong */
diff -Naur libreswan-3.15-orig/programs/pluto/state.h libreswan-3.15/programs/pluto/state.h
--- libreswan-3.15-orig/programs/pluto/state.h 2015-08-24 22:28:32.000000000 -0400
+++ libreswan-3.15/programs/pluto/state.h 2016-09-07 10:14:43.847000000 -0400
@@ -480,6 +480,7 @@
bool st_xauth_soft; /* XAUTH failed but policy is to soft fail */
bool st_seen_fragvid; /* should really use st_seen_vendorid, but no one else is */
bool st_seen_fragments; /* did we receive ike fragments from peer, if so use them in return as well */
+ u_int8_t st_reply_xchg;
};
/* global variables */