Never respond to 0-length UDP packets. Reduces, but does not eliminate

probability that isakmp service will be detected during port scans. OK hoexer@
author: cloder <cloder@openbsd.org> 2005-02-24 00:30:41 +0000
committer: cloder <cloder@openbsd.org> 2005-02-24 00:30:41 +0000
commit: eaa54ef92a10ee2d683dce193bad58b5fbe0ae7f (patch)
tree: c65b2348d967d8a331fffcf64863cb628a0bb0f3
parent: use a string format argument instead of nothing in the example (diff)
download: wireguard-openbsd-eaa54ef92a10ee2d683dce193bad58b5fbe0ae7f.tar.xz
wireguard-openbsd-eaa54ef92a10ee2d683dce193bad58b5fbe0ae7f.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/sbin/isakmpd/message.c b/sbin/isakmpd/message.c
index 47b89ce2256..6c03c1888bd 100644
--- a/sbin/isakmpd/message.c
+++ b/sbin/isakmpd/message.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: message.c,v 1.94 2005/02/22 21:42:14 hshoexer Exp $	 */
+/* $OpenBSD: message.c,v 1.95 2005/02/24 00:30:41 cloder Exp $	 */
 /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $	 */
 
 /*
@@ -1234,8 +1234,7 @@ message_recv(struct message *msg)
 	/* Messages shorter than an ISAKMP header are bad.  */
 	if (sz < ISAKMP_HDR_SZ || sz != GET_ISAKMP_HDR_LENGTH(buf)) {
 		log_print("message_recv: bad message length");
-		message_drop(msg, ISAKMP_NOTIFY_UNEQUAL_PAYLOAD_LENGTHS,
-		    0, 1, 1);
+		message_drop(msg, 0, 0, 1, 1);
 		return -1;
 	}
 #ifdef USE_DEBUG
author	cloder <cloder@openbsd.org>	2005-02-24 00:30:41 +0000
committer	cloder <cloder@openbsd.org>	2005-02-24 00:30:41 +0000
commit	eaa54ef92a10ee2d683dce193bad58b5fbe0ae7f (patch)
tree	c65b2348d967d8a331fffcf64863cb628a0bb0f3
parent	use a string format argument instead of nothing in the example (diff)
download	wireguard-openbsd-eaa54ef92a10ee2d683dce193bad58b5fbe0ae7f.tar.xz wireguard-openbsd-eaa54ef92a10ee2d683dce193bad58b5fbe0ae7f.zip