Select IKEv1 configurations by main/aggressive mode option
authorMartin Willi <martin@revosec.ch>
Mon, 9 Jan 2012 16:33:15 +0000 (16:33 +0000)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:34 +0000 (17:31 +0100)
src/libcharon/sa/ikev1/phase1.c
src/libcharon/sa/ikev1/phase1.h
src/libcharon/sa/ikev1/tasks/aggressive_mode.c
src/libcharon/sa/ikev1/tasks/main_mode.c

index 8d844ac..ed5fbe5 100644 (file)
@@ -416,7 +416,8 @@ METHOD(phase1_t, get_auth_method, auth_method_t,
 }
 
 METHOD(phase1_t, select_config, peer_cfg_t*,
-       private_phase1_t *this, auth_method_t method, identification_t *id)
+       private_phase1_t *this, auth_method_t method, bool aggressive,
+       identification_t *id)
 {
        enumerator_t *enumerator;
        peer_cfg_t *current, *found = NULL;
@@ -430,7 +431,8 @@ METHOD(phase1_t, select_config, peer_cfg_t*,
                                                                                                        me, other, NULL, id, IKEV1);
        while (enumerator->enumerate(enumerator, &current))
        {
-               if (get_auth_method(this, current) == method)
+               if (get_auth_method(this, current) == method &&
+                       current->use_aggressive(current) == aggressive)
                {
                        found = current->get_ref(current);
                        break;
index 22b9dd6..994c85b 100644 (file)
@@ -91,11 +91,12 @@ struct phase1_t {
         * Select a peer config as responder.
         *
         * @param method                used authentication method
+        * @param aggressive    TRUE to get an aggressive mode config
         * @param id                    initiator identity
         * @return                              selected peer config, NULL if none found
         */
        peer_cfg_t* (*select_config)(phase1_t *this, auth_method_t method,
-                                                                identification_t *id);
+                                                                bool aggressive, identification_t *id);
 
        /**
         * Get configured identity from peer config.
index 2c4e14e..483351d 100644 (file)
@@ -380,7 +380,7 @@ METHOD(task_t, process_r, status_t,
                        this->id_data = id_payload->get_encoded(id_payload);
                        this->ike_sa->set_other_id(this->ike_sa, id);
                        this->peer_cfg = this->ph1->select_config(this->ph1,
-                                                                                                         this->method, id);
+                                                                                                         this->method, TRUE, id);
                        if (!this->peer_cfg)
                        {
                                DBG1(DBG_IKE, "no peer config found");
index a3b5678..52c2258 100644 (file)
@@ -393,7 +393,7 @@ METHOD(task_t, process_r, status_t,
                        id = id_payload->get_identification(id_payload);
                        this->ike_sa->set_other_id(this->ike_sa, id);
                        this->peer_cfg = this->ph1->select_config(this->ph1,
-                                                                                                         this->method, id);
+                                                                                                         this->method, FALSE, id);
                        if (!this->peer_cfg)
                        {
                                DBG1(DBG_IKE, "no peer config found");