*v2: update the commit log and refine the code comments.
There are three kinds of IKE Exchange process:
#1. Initial Exchange
#2. CREATE_CHILD_SA_Exchange
#3. Information Exchange
The IKE header "FLAG" update is incorrect in #2 and #3 exchange,
which may cause the continue session failure. This patch is used
to correct the updates of IKE header "FLAG" according the RFC4306
section 3.1.
Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
} \r
\r
if (ChildSaSession->SessionCommon.IsInitiator) {\r
- IkePacket->Header->Flags = IKE_HEADER_FLAGS_CHILD_INIT;\r
- } else {\r
- IkePacket->Header->Flags = IKE_HEADER_FLAGS_RESPOND;\r
+ IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;\r
}\r
\r
} else {\r
} \r
\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
- IkePacket->Header->Flags = IKE_HEADER_FLAGS_CHILD_INIT;\r
- } else {\r
- IkePacket->Header->Flags = IKE_HEADER_FLAGS_RESPOND;\r
+ IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;\r
}\r
- } \r
+ }\r
+\r
+ if (MessageId != NULL) {\r
+ IkePacket->Header->Flags |= IKE_HEADER_FLAGS_RESPOND;\r
+ }\r
\r
//\r
// According to RFC4306, Chapter 4.\r
//\r
// Generate the reply packet if needed and send it out.\r
//\r
- if (IkePacket->Header->Flags != IKE_HEADER_FLAGS_RESPOND) {\r
+ if (!(IkePacket->Header->Flags & IKE_HEADER_FLAGS_RESPOND)) {\r
Reply = mIkev2CreateChild.Generator ((UINT8 *) IkeSaSession, &IkePacket->Header->MessageId);\r
if (Reply != NULL) {\r
Status = Ikev2SendIkePacket (UdpService, (UINT8 *) &(IkeSaSession->SessionCommon), Reply, 0);\r
// The input parameter is not correct.\r
//\r
goto ERROR_EXIT;\r
- } \r
+ }\r
+\r
+ if (IkeSaSession->SessionCommon.IsInitiator) {\r
+ IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;\r
+ } \r
} else {\r
//\r
// Delete the Child SA Information Exchagne\r
// Change the IsOnDeleting Flag\r
//\r
ChildSaSession->SessionCommon.IsOnDeleting = TRUE;\r
+\r
+ if (ChildSaSession->SessionCommon.IsInitiator) {\r
+ IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;\r
+ }\r
}\r
\r
- if (InfoContext == NULL) {\r
- IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;\r
- } else {\r
- IkePacket->Header->Flags = IKE_HEADER_FLAGS_RESPOND;\r
+ if (InfoContext != NULL) {\r
+ IkePacket->Header->Flags |= IKE_HEADER_FLAGS_RESPOND;\r
}\r
+ \r
return IkePacket;\r
\r
ERROR_EXIT:\r
/** @file\r
The Definitions related to IKEv2 payload.\r
\r
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
#define IKEV2_PAYLOAD_TYPE_EAP 48\r
\r
//\r
-// IKE header Flag for IKEv2\r
+// IKE header Flag (1 octet) for IKEv2, defined in RFC 4306 section 3.1 \r
+//\r
+// I(nitiator) (bit 3 of Flags, 0x08) - This bit MUST be set in messages sent by the \r
+// original initiator of the IKE_SA\r
+//\r
+// R(esponse) (bit 5 of Flags, 0x20) - This bit indicates that this message is a response to \r
+// a message containing the same message ID.\r
//\r
#define IKE_HEADER_FLAGS_INIT 0x08\r
#define IKE_HEADER_FLAGS_RESPOND 0x20\r
-#define IKE_HEADER_FLAGS_CHILD_INIT 0\r
\r
//\r
// IKE Header Exchange Type for IKEv2\r
projects / mirror_edk2.git / commitdiff