Added payloads for IKEv1 NAT-Traversal negotiation.
authorTobias Brunner <tobias@strongswan.org>
Tue, 29 Nov 2011 10:14:25 +0000 (11:14 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:31:09 +0000 (17:31 +0100)
src/libcharon/encoding/message.c
src/libcharon/encoding/payloads/hash_payload.c
src/libcharon/encoding/payloads/hash_payload.h
src/libcharon/encoding/payloads/id_payload.c
src/libcharon/encoding/payloads/id_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/encoding/payloads/payload.h
src/libcharon/sa/tasks/main_mode.c

index 6c6004f..835073a 100644 (file)
@@ -1412,7 +1412,7 @@ METHOD(message_t, generate, status_t,
                chunk_t hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
                if (hash.ptr)
                {       /* insert a HASH payload as first payload */
-                       hash_payload_t *hash_payload = hash_payload_create();
+                       hash_payload_t *hash_payload = hash_payload_create(HASH_V1);
                        hash_payload->set_hash(hash_payload, hash);
                        this->payloads->insert_first(this->payloads,
                                                                                 (payload_t*)hash_payload);
index 9542b1c..0cf63ba 100644 (file)
@@ -50,6 +50,11 @@ struct private_hash_payload_t {
         * The contained hash value.
         */
        chunk_t hash;
+
+       /**
+        * either HASH_V1 or NAT_D_V1
+        */
+       payload_type_t type;
 };
 
 /**
@@ -99,7 +104,7 @@ METHOD(payload_t, get_header_length, int,
 METHOD(payload_t, get_type, payload_type_t,
        private_hash_payload_t *this)
 {
-       return HASH_V1;
+       return this->type;
 }
 
 METHOD(payload_t, get_next_type, payload_type_t,
@@ -166,6 +171,7 @@ hash_payload_t *hash_payload_create(payload_type_t type)
                },
                .next_payload = NO_PAYLOAD,
                .payload_length = get_header_length(this),
+               .type = type,
        );
        return &this->public;
 }
index 9f4b6e5..cfe2846 100644 (file)
@@ -59,8 +59,9 @@ struct hash_payload_t {
 /**
  * Creates an empty hash_payload_t object.
  *
+ * @param type         either HASH_V1 or NAT_D_V1
  * @return                     hash_payload_t object
  */
-hash_payload_t *hash_payload_create();
+hash_payload_t *hash_payload_create(payload_type_t type);
 
 #endif /** HASH_PAYLOAD_H_ @}*/
index 317cbd6..96d713e 100644 (file)
@@ -1,9 +1,8 @@
 /*
- * Copyright (C) 2005-2010 Martin Willi
+ * Copyright (C) 2005-2011 Martin Willi
  * Copyright (C) 2010 revosec AG
- * Copyright (C) 2007 Tobias Brunner
+ * Copyright (C) 2007-2011 Tobias Brunner
  * Copyright (C) 2005 Jan Hutter
- *
  * Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -82,7 +81,7 @@ struct private_id_payload_t {
        u_int16_t port;
 
        /**
-        * one of ID_INITIATOR, ID_RESPONDER and IDv1
+        * one of ID_INITIATOR, ID_RESPONDER, IDv1 and NAT_OA_V1
         */
        payload_type_t type;
 };
@@ -92,9 +91,9 @@ struct private_id_payload_t {
  */
 static encoding_rule_t encodings_v2[] = {
        /* 1 Byte next payload type, stored in the field next_payload */
-       { U_INT_8,                      offsetof(private_id_payload_t, next_payload)    },
+       { U_INT_8,                      offsetof(private_id_payload_t, next_payload)    },
        /* the critical bit */
-       { FLAG,                         offsetof(private_id_payload_t, critical)                },
+       { FLAG,                         offsetof(private_id_payload_t, critical)                },
        /* 7 Bit reserved bits */
        { RESERVED_BIT,         offsetof(private_id_payload_t, reserved_bit[0]) },
        { RESERVED_BIT,         offsetof(private_id_payload_t, reserved_bit[1]) },
@@ -104,7 +103,7 @@ static encoding_rule_t encodings_v2[] = {
        { RESERVED_BIT,         offsetof(private_id_payload_t, reserved_bit[5]) },
        { RESERVED_BIT,         offsetof(private_id_payload_t, reserved_bit[6]) },
        /* Length of the whole payload*/
-       { PAYLOAD_LENGTH,       offsetof(private_id_payload_t, payload_length)  },
+       { PAYLOAD_LENGTH,       offsetof(private_id_payload_t, payload_length)  },
        /* 1 Byte ID type*/
        { U_INT_8,                      offsetof(private_id_payload_t, id_type)                 },
        /* 3 reserved bytes */
@@ -166,6 +165,13 @@ METHOD(payload_t, verify, status_t,
 {
        bool bad_length = FALSE;
 
+       if (this->type == NAT_OA_V1 &&
+               this->id_type != ID_IPV4_ADDR && this->id_type != ID_IPV6_ADDR)
+       {
+               DBG1(DBG_ENC, "invalid ID type %N for %N payload", id_type_names,
+                        this->id_type, payload_type_short_names, this->type);
+               return FAILED;
+       }
        switch (this->id_type)
        {
                case ID_IPV4_ADDR_RANGE:
@@ -189,7 +195,7 @@ METHOD(payload_t, verify, status_t,
 METHOD(payload_t, get_encoding_rules, int,
        private_id_payload_t *this, encoding_rule_t **rules)
 {
-       if (this->type == ID_V1)
+       if (this->type == ID_V1 || this->type == NAT_OA_V1)
        {
                *rules = encodings_v1;
                return countof(encodings_v1);
index bc69200..22016bc 100644 (file)
@@ -63,7 +63,7 @@ struct id_payload_t {
 /**
  * Creates an empty id_payload_t object.
  *
- * @param type         one of ID_INITIATOR, ID_RESPONDER and ID_V1
+ * @param type         one of ID_INITIATOR, ID_RESPONDER, ID_V1 and NAT_OA_V1
  * @return                     id_payload_t object
  */
 id_payload_t *id_payload_create(payload_type_t payload_type);
@@ -71,7 +71,7 @@ id_payload_t *id_payload_create(payload_type_t payload_type);
 /**
  * Creates an id_payload_t from an existing identification_t object.
  *
- * @param type         one of ID_INITIATOR, ID_RESPONDER and ID_V1
+ * @param type         one of ID_INITIATOR, ID_RESPONDER, ID_V1 and NAT_OA_V1
  * @param id           identification_t object
  * @return                     id_payload_t object
  */
index 3a41160..baa8387 100644 (file)
@@ -55,7 +55,10 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, NO_PAYL
        "DELETE_V1",
        "VENDOR_ID_V1",
        "CONFIGURATION_V1");
-ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, CONFIGURATION_V1,
+ENUM_NEXT(payload_type_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1,
+       "NAT_D_V1",
+       "NAT_OA_V1");
+ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NAT_OA_V1,
        "SECURITY_ASSOCIATION",
        "KEY_EXCHANGE",
        "ID_INITIATOR",
@@ -121,7 +124,10 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION_V1, CONFIGURATION_V1, N
        "D",
        "V",
        "CP");
-ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, CONFIGURATION_V1,
+ENUM_NEXT(payload_type_short_names, NAT_D_V1, NAT_OA_V1, CONFIGURATION_V1,
+       "NAT-D",
+       "NAT-OA");
+ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, NAT_OA_V1,
        "SA",
        "KE",
        "IDi",
@@ -196,6 +202,7 @@ payload_t *payload_create(payload_type_t type)
                case ID_INITIATOR:
                case ID_RESPONDER:
                case ID_V1:
+               case NAT_OA_V1:
 #ifdef ME
                case ID_PEER:
 #endif /* ME */
@@ -226,7 +233,8 @@ payload_t *payload_create(payload_type_t type)
                case VENDOR_ID_V1:
                        return (payload_t*)vendor_id_payload_create(type);
                case HASH_V1:
-                       return (payload_t*)hash_payload_create();
+               case NAT_D_V1:
+                       return (payload_t*)hash_payload_create(type);
                case CONFIGURATION:
                case CONFIGURATION_V1:
                        return (payload_t*)cp_payload_create(type);
@@ -260,6 +268,10 @@ bool payload_is_known(payload_type_t type)
        {
                return TRUE;
        }
+       if (type >= NAT_D_V1 && type <= NAT_OA_V1)
+       {
+               return TRUE;
+       }
 #ifdef ME
        if (type == ID_PEER)
        {
index 6209b08..ed839fc 100644 (file)
@@ -118,6 +118,16 @@ enum payload_type_t {
        CONFIGURATION_V1 = 14,
 
        /**
+        * NAT discovery payload (NAT-D).
+        */
+       NAT_D_V1 = 20,
+
+       /**
+        * NAT original address payload (NAT-OA)
+        */
+       NAT_OA_V1 = 21,
+
+       /**
         * The security association (SA) payload containing proposals.
         */
        SECURITY_ASSOCIATION = 33,
index 3a051a6..4efcf0d 100644 (file)
@@ -193,7 +193,7 @@ static void build_hash(private_main_mode_t *this, bool initiator,
                                        this->ike_sa->get_id(this->ike_sa), this->sa_payload, id);
        free(dh.ptr);
 
-       hash_payload = hash_payload_create();
+       hash_payload = hash_payload_create(HASH_V1);
        hash_payload->set_hash(hash_payload, hash);
        free(hash.ptr);