NetworkPkg/IpSecDxe: Fix wrong IKE header "FLAG" update

*v2: update the commit log and refine the code comments.

There are three kinds of IKE Exchange process:
#1. Initial Exchange
#2. CREATE_CHILD_SA_Exchange
#3. Information Exchange

The IKE header "FLAG" update is incorrect in #2 and #3 exchange,
which may cause the continue session failure. This patch is used
to correct the updates of IKE header "FLAG" according the RFC4306
section 3.1.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
Jiaxin Wu
2016-08-15 11:49:56 +08:00
parent 40b83d6114
commit 7822a1d91d
4 changed files with 28 additions and 16 deletions

View File

@@ -128,7 +128,11 @@ Ikev2InfoGenerator (
// The input parameter is not correct.
//
goto ERROR_EXIT;
}
}
if (IkeSaSession->SessionCommon.IsInitiator) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;
}
} else {
//
// Delete the Child SA Information Exchagne
@@ -180,13 +184,16 @@ Ikev2InfoGenerator (
// Change the IsOnDeleting Flag
//
ChildSaSession->SessionCommon.IsOnDeleting = TRUE;
if (ChildSaSession->SessionCommon.IsInitiator) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT ;
}
}
if (InfoContext == NULL) {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_INIT;
} else {
IkePacket->Header->Flags = IKE_HEADER_FLAGS_RESPOND;
if (InfoContext != NULL) {
IkePacket->Header->Flags |= IKE_HEADER_FLAGS_RESPOND;
}
return IkePacket;
ERROR_EXIT: