Synchronize ESN support in HA plugin
authorMartin Willi <martin@revosec.ch>
Mon, 18 Apr 2011 13:46:25 +0000 (15:46 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 20 Apr 2011 10:26:58 +0000 (12:26 +0200)
src/libcharon/plugins/ha/ha_child.c
src/libcharon/plugins/ha/ha_dispatcher.c
src/libcharon/plugins/ha/ha_message.c
src/libcharon/plugins/ha/ha_message.h

index 1a94254..707add9 100644 (file)
@@ -91,6 +91,10 @@ METHOD(listener_t, child_keys, bool,
        {
                m->add_attribute(m, HA_ALG_INTEG, alg);
        }
+       if (proposal->get_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, &alg, NULL))
+       {
+               m->add_attribute(m, HA_ESN, alg);
+       }
        m->add_attribute(m, HA_NONCE_I, nonce_i);
        m->add_attribute(m, HA_NONCE_R, nonce_r);
        if (dh && dh->get_shared_secret(dh, &secret) == SUCCESS)
index 85dc0f4..0d0df8d 100644 (file)
@@ -462,6 +462,7 @@ static void process_child_add(private_ha_dispatcher_t *this,
        u_int16_t inbound_cpi = 0, outbound_cpi = 0;
        u_int8_t mode = MODE_TUNNEL, ipcomp = 0;
        u_int16_t encr = ENCR_UNDEFINED, integ = AUTH_UNDEFINED, len = 0;
+       u_int16_t esn = NO_EXT_SEQ_NUMBERS;
        u_int seg_i, seg_o;
        chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty;
        chunk_t encr_i, integ_i, encr_r, integ_r;
@@ -512,6 +513,9 @@ static void process_child_add(private_ha_dispatcher_t *this,
                        case HA_ALG_INTEG:
                                integ = value.u16;
                                break;
+                       case HA_ESN:
+                               esn = value.u16;
+                               break;
                        case HA_NONCE_I:
                                nonce_i = value.chunk;
                                break;
@@ -558,6 +562,7 @@ static void process_child_add(private_ha_dispatcher_t *this,
        {
                proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, len);
        }
+       proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, esn, 0);
        keymat = ike_sa->get_keymat(ike_sa);
 
        if (!keymat->derive_child_keys(keymat, proposal, secret.ptr ? &dh : NULL,
index 7ce9cbe..f98f78d 100644 (file)
@@ -234,6 +234,7 @@ METHOD(ha_message_t, add_attribute, void,
                case HA_INBOUND_CPI:
                case HA_OUTBOUND_CPI:
                case HA_SEGMENT:
+               case HA_ESN:
                {
                        u_int16_t val;
 
@@ -447,6 +448,7 @@ METHOD(enumerator_t, attribute_enumerate, bool,
                case HA_INBOUND_CPI:
                case HA_OUTBOUND_CPI:
                case HA_SEGMENT:
+               case HA_ESN:
                {
                        if (this->buf.len < sizeof(u_int16_t))
                        {
index 50e1183..1f8eabd 100644 (file)
@@ -140,6 +140,8 @@ enum ha_message_attribute_t {
        HA_MID,
        /** u_int16_t, HA segment */
        HA_SEGMENT,
+       /** u_int16_t, Extended Sequence numbers */
+       HA_ESN,
 };
 
 /**