From 5122e997b817982e567ac8959bcb3aa7a6dd5cf7 Mon Sep 17 00:00:00 2001 From: Apple Date: Sat, 21 Feb 2009 18:08:11 +0000 Subject: [PATCH] ipsec-34.0.3.tar.gz --- ipsec-tools/racoon/isakmp.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/ipsec-tools/racoon/isakmp.c b/ipsec-tools/racoon/isakmp.c index 5fa5e07..dc58420 100644 --- a/ipsec-tools/racoon/isakmp.c +++ b/ipsec-tools/racoon/isakmp.c @@ -764,20 +764,23 @@ ph1_main(iph1, msg) [iph1->side] [iph1->status])(iph1, msg); if (error != 0) { -#if 0 /* XXX * When an invalid packet is received on phase1, it should * be selected to process this packet. That is to respond * with a notify and delete phase 1 handler, OR not to respond - * and keep phase 1 handler. + * and keep phase 1 handler. However, in PHASE1ST_START when + * acting as RESPONDER we must not keep phase 1 handler or else + * it will stay forever. */ - plog(LLV_ERROR, LOCATION, iph1->remote, - "failed to pre-process packet.\n"); - return -1; -#else - /* ignore the error and keep phase 1 handler */ - return 0; -#endif + + if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) { + plog(LLV_ERROR, LOCATION, iph1->remote, + "failed to pre-process packet.\n"); + return -1; + } else { + /* ignore the error and keep phase 1 handler */ + return 0; + } } /* free resend buffer */ -- 2.50.0