28 lines
1.1 KiB
Diff
28 lines
1.1 KiB
Diff
|
From 4e16732c1c668c27e73574724d2d90537a74f67a Mon Sep 17 00:00:00 2001
|
||
|
From: Tobias Brunner <tobias@strongswan.org>
|
||
|
Date: Fri, 17 Jun 2016 18:19:48 +0200
|
||
|
Subject: [PATCH] ikev1: Don't retransmit Aggressive Mode response
|
||
|
|
||
|
These could theoretically be used for an amplified DDoS attack.
|
||
|
---
|
||
|
src/libcharon/sa/ikev1/task_manager_v1.c | 3 +--
|
||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
|
||
|
index 48ec3e7..0912555 100644
|
||
|
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
|
||
|
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
|
||
|
@@ -770,8 +770,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
|
||
|
continue;
|
||
|
case NEED_MORE:
|
||
|
/* processed, but task needs another exchange */
|
||
|
- if (task->get_type(task) == TASK_QUICK_MODE ||
|
||
|
- task->get_type(task) == TASK_AGGRESSIVE_MODE)
|
||
|
+ if (task->get_type(task) == TASK_QUICK_MODE)
|
||
|
{ /* we rely on initiator retransmission, except for
|
||
|
* three-message exchanges */
|
||
|
expect_request = TRUE;
|
||
|
--
|
||
|
2.13.2
|
||
|
|