strongswan/0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch

From 4e16732c1c668c27e73574724d2d90537a74f67a Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 17 Jun 2016 18:19:48 +0200
Subject: [PATCH] ikev1: Don't retransmit Aggressive Mode response

These could theoretically be used for an amplified DDoS attack.
---
 src/libcharon/sa/ikev1/task_manager_v1.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 48ec3e7..0912555 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -770,8 +770,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request)
 				continue;
 			case NEED_MORE:
 				/* processed, but task needs another exchange */
-				if (task->get_type(task) == TASK_QUICK_MODE ||
-					task->get_type(task) == TASK_AGGRESSIVE_MODE)
+				if (task->get_type(task) == TASK_QUICK_MODE)
 				{	/* we rely on initiator retransmission, except for
 					 * three-message exchanges */
 					expect_request = TRUE;
-- 
2.13.2