ike-cfg: Add option to prefer supplied proposals over locally configured ones

diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index a92622c..7d52ac8 100644 (file)
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2016 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -310,42 +310,57 @@ METHOD(ike_cfg_t, get_proposals, linked_list_t*,
 }
 
 METHOD(ike_cfg_t, select_proposal, proposal_t*,
-       private_ike_cfg_t *this, linked_list_t *proposals, bool private)
+       private_ike_cfg_t *this, linked_list_t *proposals, bool private,
+       bool prefer_self)
 {
-       enumerator_t *stored_enum, *supplied_enum;
-       proposal_t *stored, *supplied, *selected;
+       enumerator_t *prefer_enum, *match_enum;
+       proposal_t *proposal, *match, *selected = NULL;
 
-       stored_enum = this->proposals->create_enumerator(this->proposals);
-       supplied_enum = proposals->create_enumerator(proposals);
-
-
-       /* compare all stored proposals with all supplied. Stored ones are preferred.*/
-       while (stored_enum->enumerate(stored_enum, (void**)&stored))
+       if (prefer_self)
+       {
+               prefer_enum = this->proposals->create_enumerator(this->proposals);
+               match_enum = proposals->create_enumerator(proposals);
+       }
+       else
        {
-               proposals->reset_enumerator(proposals, supplied_enum);
+               prefer_enum = proposals->create_enumerator(proposals);
+               match_enum = this->proposals->create_enumerator(this->proposals);
+       }
 
-               while (supplied_enum->enumerate(supplied_enum, (void**)&supplied))
+       while (prefer_enum->enumerate(prefer_enum, (void**)&proposal))
+       {
+               if (prefer_self)
+               {
+                       proposals->reset_enumerator(proposals, match_enum);
+               }
+               else
                {
-                       selected = stored->select(stored, supplied, private);
+                       this->proposals->reset_enumerator(this->proposals, match_enum);
+               }
+               while (match_enum->enumerate(match_enum, (void**)&match))
+               {
+                       selected = proposal->select(proposal, match, private);
                        if (selected)
                        {
-                               /* they match, return */
-                               stored_enum->destroy(stored_enum);
-                               supplied_enum->destroy(supplied_enum);
                                DBG2(DBG_CFG, "received proposals: %#P", proposals);
                                DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
                                DBG2(DBG_CFG, "selected proposal: %P", selected);
-                               return selected;
+                               break;
                        }
                }
+               if (selected)
+               {
+                       break;
+               }
        }
-       /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */
-       stored_enum->destroy(stored_enum);
-       supplied_enum->destroy(supplied_enum);
-       DBG1(DBG_CFG, "received proposals: %#P", proposals);
-       DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
-
-       return NULL;
+       prefer_enum->destroy(prefer_enum);
+       match_enum->destroy(match_enum);
+       if (!selected)
+       {
+               DBG1(DBG_CFG, "received proposals: %#P", proposals);
+               DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
+       }
+       return selected;
 }
 
 METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t,

diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index c6d9554..5655a34 100644 (file)
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2016 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -165,16 +165,17 @@ struct ike_cfg_t {
        linked_list_t* (*get_proposals) (ike_cfg_t *this);
 
        /**
-        * Select a proposed from suggested proposals.
+        * Select a proposal from a list of supplied proposals.
         *
         * Returned proposal must be destroyed after use.
         *
         * @param proposals             list of proposals to select from
         * @param private               accept algorithms from a private range
+        * @param prefer_self   whether to prefer configured or supplied proposals
         * @return                              selected proposal, or NULL if none matches.
         */
        proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals,
-                                                                       bool private);
+                                                                       bool private, bool prefer_self);
 
        /**
         * Should we send a certificate request in IKE_SA_INIT?

diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index af3a139..9bc6a6e 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -402,7 +402,7 @@ METHOD(task_t, process_r, status_t,
 
                        list = sa_payload->get_proposals(sa_payload);
                        this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
-                                                                                                                       list, FALSE);
+                                                                                                                       list, FALSE, TRUE);
                        list->destroy_offset(list, offsetof(proposal_t, destroy));
                        if (!this->proposal)
                        {
@@ -640,7 +640,7 @@ METHOD(task_t, process_i, status_t,
                }
                list = sa_payload->get_proposals(sa_payload);
                this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
-                                                                                                               list, FALSE);
+                                                                                                               list, FALSE, TRUE);
                list->destroy_offset(list, offsetof(proposal_t, destroy));
                if (!this->proposal)
                {

diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index f0c145f..e702b61 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -394,7 +394,7 @@ METHOD(task_t, process_r, status_t,
                        private = this->ike_sa->supports_extension(this->ike_sa,
                                                                                                                   EXT_STRONGSWAN);
                        this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
-                                                                                                                       list, private);
+                                                                                                                       list, private, TRUE);
                        list->destroy_offset(list, offsetof(proposal_t, destroy));
                        if (!this->proposal)
                        {
@@ -641,7 +641,7 @@ METHOD(task_t, process_i, status_t,
                        private = this->ike_sa->supports_extension(this->ike_sa,
                                                                                                                   EXT_STRONGSWAN);
                        this->proposal = this->ike_cfg->select_proposal(this->ike_cfg,
-                                                                                                                       list, private);
+                                                                                                                       list, private, TRUE);
                        list->destroy_offset(list, offsetof(proposal_t, destroy));
                        if (!this->proposal)
                        {

diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index b96969e..cb51cfe 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -379,7 +379,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
                                private = this->ike_sa->supports_extension(this->ike_sa,
                                                                                                                   EXT_STRONGSWAN);
                                this->proposal = this->config->select_proposal(this->config,
-                                                                                                               proposal_list, private);
+                                                                                               proposal_list, private, TRUE);
                                if (!this->proposal)
                                {
                                        charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE,