added extensions management to IKE_SA
authorMartin Willi <martin@strongswan.org>
Mon, 18 Jun 2007 10:32:01 +0000 (10:32 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 18 Jun 2007 10:32:01 +0000 (10:32 -0000)
fixed NATD payload (port) when using route lookup

src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h
src/charon/sa/tasks/ike_natd.c

index e4e0762..a23bb4a 100644 (file)
@@ -143,6 +143,11 @@ struct private_ike_sa_t {
         * CA that issued the certificate of other
         */
        ca_info_t *other_ca;
+       
+       /**
+        * set of extensions the peer supports
+        */
+       ike_extension_t extensions;
 
        /**
         * Linked List containing the child sa's of the current IKE_SA.
@@ -1238,6 +1243,22 @@ static host_t* get_virtual_ip(private_ike_sa_t *this, bool local)
 }
 
 /**
+ * Implementation of ike_sa_t.enable_extension.
+ */
+static void enable_extension(private_ike_sa_t *this, ike_extension_t extension)
+{
+       this->extensions |= extension;
+}
+
+/**
+ * Implementation of ike_sa_t.has_extension.
+ */
+static bool supports_extension(private_ike_sa_t *this, ike_extension_t extension)
+{
+       return this->extensions & extension;
+}
+
+/**
  * Implementation of ike_sa_t.derive_keys.
  */
 static status_t derive_keys(private_ike_sa_t *this,
@@ -1851,6 +1872,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id;
        this->public.get_other_ca = (ca_info_t* (*)(ike_sa_t*)) get_other_ca;
        this->public.set_other_ca = (void (*)(ike_sa_t*,ca_info_t*)) set_other_ca;
+       this->public.enable_extension = (void(*)(ike_sa_t*, ike_extension_t extension))enable_extension;
+       this->public.supports_extension = (bool(*)(ike_sa_t*, ike_extension_t extension))supports_extension;
        this->public.retransmit = (status_t (*)(ike_sa_t *, u_int32_t)) retransmit;
        this->public.delete = (status_t (*)(ike_sa_t*))delete_;
        this->public.destroy = (void (*)(ike_sa_t*))destroy;
@@ -1887,6 +1910,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->my_id = identification_create_from_encoding(ID_ANY, chunk_empty);
        this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty);
        this->other_ca = NULL;
+       this->extensions = 0;
        this->crypter_in = NULL;
        this->crypter_out = NULL;
        this->signer_in = NULL;
index 5419998..3905a89 100644 (file)
@@ -25,6 +25,7 @@
 #ifndef IKE_SA_H_
 #define IKE_SA_H_
 
+typedef enum ike_extension_t ike_extension_t;
 typedef enum ike_sa_state_t ike_sa_state_t;
 typedef struct ike_sa_t ike_sa_t;
 
@@ -70,6 +71,21 @@ typedef struct ike_sa_t ike_sa_t;
  */
 #define RETRY_JITTER 20
 
+/**
+ * @brief Extensions (or optional features) the peer supports
+ */
+enum ike_extension_t {
+       
+       /**
+        * peer supports NAT traversal as specified in RFC4306
+        */
+       EXT_NATT,
+
+       /**
+        * peer supports MOBIKE (RFC4555)
+        */
+       EXT_MOBIKE,
+};
 
 /**
  * @brief State of an IKE_SA.
@@ -318,7 +334,27 @@ struct ike_sa_t {
         * @param config                peer_config to use
         */
        void (*set_peer_cfg) (ike_sa_t *this, peer_cfg_t *config);
-
+       
+       /**
+        * @brief Check if the peer supports an extension.
+        *
+        * @param this                  calling object
+        * @param extension             extension to check for support
+        * @return                              TRUE if peer supports it, FALSE otherwise
+        */
+       bool (*supports_extension)(ike_sa_t *this, ike_extension_t extension);
+       
+       /**
+        * @brief Enable an extension the peer supports.
+        *
+        * If support for an IKE extension is detected, this method is called
+        * to enable that extension and behave accordingly.
+        *
+        * @param this                  calling object
+        * @param extension             extension to enable
+        */
+       void (*enable_extension)(ike_sa_t *this, ike_extension_t extension);
+       
        /**
         * @brief Initiate a new connection.
         *
index 5ae3666..15c516c 100644 (file)
@@ -203,6 +203,8 @@ static void process_payloads(private_ike_natd_t *this, message_t *message)
        
        if (this->src_seen && this->dst_seen)
        {
+               this->ike_sa->enable_extension(this->ike_sa, EXT_NATT);
+       
                if (!this->dst_matched)
                {
                        this->ike_sa->enable_natt(this->ike_sa, TRUE);
@@ -266,6 +268,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
                                                                        this->ike_sa->get_other_host(this->ike_sa));
                if (host)
                {       /* 2. */
+                       host->set_port(host, IKEV2_UDP_PORT);
                        notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
                        message->add_payload(message, (payload_t*)notify);
                        host->destroy(host);