#include "sa_payload.h"
#include <encoding/payloads/encodings.h>
-#include <utils/linked_list.h>
+#include <collections/linked_list.h>
#include <daemon.h>
/* IKEv1 situation */
/* Situation*/
{ U_INT_32, offsetof(private_sa_payload_t, situation) },
/* Proposals are stored in a proposal substructure list */
- { PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE_V1,
+ { PAYLOAD_LIST + PLV1_PROPOSAL_SUBSTRUCTURE,
offsetof(private_sa_payload_t, proposals) },
};
/* Length of the whole SA payload*/
{ PAYLOAD_LENGTH, offsetof(private_sa_payload_t, payload_length) },
/* Proposals are stored in a proposal substructure list */
- { PAYLOAD_LIST + PROPOSAL_SUBSTRUCTURE,
+ { PAYLOAD_LIST + PLV2_PROPOSAL_SUBSTRUCTURE,
offsetof(private_sa_payload_t, proposals) },
};
enumerator_t *enumerator;
proposal_substructure_t *substruct;
- if (this->type == SECURITY_ASSOCIATION)
+ if (this->type == PLV2_SECURITY_ASSOCIATION)
{
expected_number = 1;
}
METHOD(payload_t, get_encoding_rules, int,
private_sa_payload_t *this, encoding_rule_t **rules)
{
- if (this->type == SECURITY_ASSOCIATION_V1)
+ if (this->type == PLV1_SECURITY_ASSOCIATION)
{
*rules = encodings_v1;
return countof(encodings_v1);
METHOD(payload_t, get_header_length, int,
private_sa_payload_t *this)
{
- if (this->type == SECURITY_ASSOCIATION_V1)
+ if (this->type == PLV1_SECURITY_ASSOCIATION)
{
return 12;
}
proposal_substructure_t *substruct;
linked_list_t *substructs, *list;
- if (this->type == SECURITY_ASSOCIATION_V1)
+ if (this->type == PLV1_SECURITY_ASSOCIATION)
{ /* IKEv1 proposals start with 0 */
struct_number = ignore_struct_number = -1;
}
{
int current_proposal = -1, unsupported_proposal = -1;
enumerator_t *enumerator;
- proposal_substructure_t *substruct, *esp = NULL, *ipcomp = NULL;
+ proposal_substructure_t *substruct, *espah = NULL, *ipcomp = NULL;
linked_list_t *list;
- /* we currently only support the combination ESP+IPComp, find the first */
+ /* we currently only support the combination ESP|AH+IPComp, find the first */
enumerator = this->proposals->create_enumerator(this->proposals);
while (enumerator->enumerate(enumerator, &substruct))
{
{
continue;
}
- if (protocol_id != PROTO_ESP && protocol_id != PROTO_IPCOMP)
+ if (protocol_id != PROTO_ESP && protocol_id != PROTO_AH &&
+ protocol_id != PROTO_IPCOMP)
{ /* unsupported combination */
- esp = ipcomp = NULL;
+ espah = ipcomp = NULL;
unsupported_proposal = current_proposal;
continue;
}
if (proposal_number != current_proposal)
{ /* start of a new proposal */
- if (esp && ipcomp)
+ if (espah && ipcomp)
{ /* previous proposal is valid */
break;
}
- esp = ipcomp = NULL;
+ espah = ipcomp = NULL;
current_proposal = proposal_number;
}
switch (protocol_id)
{
case PROTO_ESP:
- esp = substruct;
+ case PROTO_AH:
+ espah = substruct;
break;
case PROTO_IPCOMP:
ipcomp = substruct;
enumerator->destroy(enumerator);
list = linked_list_create();
- if (esp && ipcomp && ipcomp->get_cpi(ipcomp, cpi))
+ if (espah && ipcomp && ipcomp->get_cpi(ipcomp, cpi))
{
- esp->get_proposals(esp, list);
+ espah->get_proposals(espah, list);
}
return list;
}
.get_encap_mode = _get_encap_mode,
.destroy = _destroy,
},
- .next_payload = NO_PAYLOAD,
+ .next_payload = PL_NONE,
.proposals = linked_list_create(),
.type = type,
/* for IKEv1 only */
enumerator_t *enumerator;
proposal_t *proposal;
- this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION);
+ this = (private_sa_payload_t*)sa_payload_create(PLV2_SECURITY_ASSOCIATION);
enumerator = proposals->create_enumerator(proposals);
while (enumerator->enumerate(enumerator, &proposal))
{
{
private_sa_payload_t *this;
- this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION);
+ this = (private_sa_payload_t*)sa_payload_create(PLV2_SECURITY_ASSOCIATION);
add_proposal_v2(this, proposal);
return &this->public;
*/
sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals,
u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp,
- u_int16_t cpi)
+ auth_method_t auth, ipsec_mode_t mode,
+ encap_t udp, u_int16_t cpi)
{
proposal_substructure_t *substruct;
private_sa_payload_t *this;
- this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION_V1);
+ this = (private_sa_payload_t*)sa_payload_create(PLV1_SECURITY_ASSOCIATION);
+
+ if (!proposals || !proposals->get_count(proposals))
+ {
+ return &this->public;
+ }
/* IKEv1 encodes multiple proposals in a single substructure
* TODO-IKEv1: Encode ESP+AH proposals in two substructs with same num */
substruct->set_is_last_proposal(substruct, FALSE);
if (cpi)
{
+ u_int8_t proposal_number = substruct->get_proposal_number(substruct);
+
substruct = proposal_substructure_create_for_ipcomp_v1(lifetime,
- lifebytes, cpi, substruct->get_proposal_number(substruct));
+ lifebytes, cpi, mode, udp, proposal_number);
+ this->proposals->insert_last(this->proposals, substruct);
+ substruct->set_is_last_proposal(substruct, FALSE);
+ /* add the proposals again without IPComp */
+ substruct = proposal_substructure_create_from_proposals_v1(proposals,
+ lifetime, lifebytes, auth, mode, udp);
+ substruct->set_proposal_number(substruct, proposal_number + 1);
this->proposals->insert_last(this->proposals, substruct);
}
substruct->set_is_last_proposal(substruct, TRUE);
*/
sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal,
u_int32_t lifetime, u_int64_t lifebytes,
- auth_method_t auth, ipsec_mode_t mode, bool udp,
- u_int16_t cpi)
+ auth_method_t auth, ipsec_mode_t mode,
+ encap_t udp, u_int16_t cpi)
{
- proposal_substructure_t *substruct;
private_sa_payload_t *this;
+ linked_list_t *proposals;
- this = (private_sa_payload_t*)sa_payload_create(SECURITY_ASSOCIATION_V1);
-
- substruct = proposal_substructure_create_from_proposal_v1(proposal,
- lifetime, lifebytes, auth, mode, udp);
- this->proposals->insert_last(this->proposals, substruct);
- substruct->set_is_last_proposal(substruct, FALSE);
- if (cpi)
- {
- substruct = proposal_substructure_create_for_ipcomp_v1(lifetime,
- lifebytes, cpi, substruct->get_proposal_number(substruct));
- this->proposals->insert_last(this->proposals, substruct);
- }
- substruct->set_is_last_proposal(substruct, TRUE);
- compute_length(this);
-
+ proposals = linked_list_create();
+ proposals->insert_last(proposals, proposal);
+ this = (private_sa_payload_t*)sa_payload_create_from_proposals_v1(proposals,
+ lifetime, lifebytes, auth, mode, udp, cpi);
+ proposals->destroy(proposals);
return &this->public;
}
projects / strongswan.git / blobdiff