ike-init: Notify initiator if childless IKE_SAs are accepted
authorTobias Brunner <tobias@strongswan.org>
Fri, 29 Mar 2019 14:18:08 +0000 (15:18 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 25 Apr 2019 12:31:39 +0000 (14:31 +0200)
src/libcharon/sa/ike_sa.h
src/libcharon/sa/ikev2/tasks/ike_init.c

index c7ef1fe..d511081 100644 (file)
@@ -161,6 +161,11 @@ enum ike_extension_t {
         * Postquantum Preshared Keys, draft-ietf-ipsecme-qr-ikev2
         */
        EXT_PPK = (1<<15),
+
+       /**
+        * Responder accepts childless IKE_SAs, RFC 6023
+        */
+       EXT_IKE_CHILDLESS = (1<<16),
 };
 
 /**
index b570904..04ce504 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2018 Tobias Brunner
+ * Copyright (C) 2008-2019 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -433,6 +433,13 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
        {
                message->add_notify(message, FALSE, USE_PPK, chunk_empty);
        }
+       /* notify the peer if we accept childless IKE_SAs */
+       if (!this->old_sa && !this->initiator &&
+                ike_cfg->childless(ike_cfg) != CHILDLESS_NEVER)
+       {
+               message->add_notify(message, FALSE, CHILDLESS_IKEV2_SUPPORTED,
+                                                       chunk_empty);
+       }
        return TRUE;
 }
 
@@ -578,6 +585,13 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
                                                                                                                   EXT_IKE_REDIRECTION);
                                                }
                                                break;
+                                       case CHILDLESS_IKEV2_SUPPORTED:
+                                               if (this->initiator && !this->old_sa)
+                                               {
+                                                       this->ike_sa->enable_extension(this->ike_sa,
+                                                                                                                  EXT_IKE_CHILDLESS);
+                                               }
+                                               break;
                                        default:
                                                /* other notifies are handled elsewhere */
                                                break;