[strongSwan-dev] [PATCH 5/5] ikev1: Fragmentation support for windows clients

Volker Rümelin vr_strongswan at t-online.de
Mon Mar 10 22:38:37 CET 2014


Windows clients send the FRAGMENTATION VID without capabilities flags.
This patch allows Strongswan to recognize this VID. Stongswan always sends
this VID with capabilities, because Windows clients accept it with and
without capablilities flags.
---
 src/libcharon/sa/ikev1/tasks/isakmp_vendor.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 596baa9..ef6d5ad 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -15,7 +15,7 @@
  */
 
 /*
- * Copyright (C) 2012 Volker Rümelin
+ * Copyright (C) 2012-2013 Volker Rümelin
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -106,7 +106,10 @@ static struct {
 	  "\x12\xf5\xf2\x8c\x45\x71\x68\xa9\x70\x2d\x9f\xe2\x74\xcc\x01\x00"},
 
 	/* Proprietary IKE fragmentation extension. Capabilities are handled
-	 * specially on receipt of this VID. */
+	 * specially on receipt of this VID.
+	 * Windows clients send this VID without capabilities, but accept it
+	 * with and without capabilities.
+	 */
 	{ "FRAGMENTATION", EXT_IKE_FRAGMENTATION, FALSE, 20,
 	  "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3\x80\x00\x00\x00"},
 
@@ -173,9 +176,15 @@ static const u_int32_t fragmentation_ike = 0x80000000;
 static bool fragmentation_supported(chunk_t data, int i)
 {
 	if (vendor_ids[i].extension == EXT_IKE_FRAGMENTATION &&
-		data.len == 20 && memeq(data.ptr, vendor_ids[i].id, 16))
+		data.len >= 16 && memeq(data.ptr, vendor_ids[i].id, 16))
 	{
-		return untoh32(&data.ptr[16]) & fragmentation_ike;
+		switch (data.len)
+		{
+			case 16:
+				return TRUE;
+			case 20:
+				return untoh32(&data.ptr[16]) & fragmentation_ike;
+		}
 	}
 	return FALSE;
 }
-- 
1.8.4.5




More information about the Dev mailing list