Message rules for IKEv1 NAT-T payloads added.
authorTobias Brunner <tobias@strongswan.org>
Wed, 30 Nov 2011 15:55:24 +0000 (16:55 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:31:10 +0000 (17:31 +0100)
src/libcharon/encoding/message.c

index 835073a..b63264b 100644 (file)
 #define MAX_CERTREQ_PAYLOADS 5
 
 /**
+ * Max number of NAT-D payloads per IKEv1 message
+ */
+#define MAX_NAT_D_PAYLOADS 5
+
+/**
  * A payload rule defines the rules for a payload
  * in a specific message rule. It defines if and how
  * many times a payload must/can occur in a message
@@ -431,6 +436,7 @@ static payload_rule_t id_prot_i_rules[] = {
        {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
        {VENDOR_ID_V1,                          0,      MAX_VID_PAYLOADS,               FALSE,  FALSE},
        {CERTIFICATE_REQUEST_V1,        0,      MAX_CERTREQ_PAYLOADS,   FALSE,  FALSE},
+       {NAT_D_V1,                                      0,      MAX_NAT_D_PAYLOADS,             FALSE,  FALSE},
        {ID_V1,                                         0,      1,                                              TRUE,   FALSE},
        {CERTIFICATE_V1,                        0,      1,                                              TRUE,   FALSE},
        {SIGNATURE_V1,                          0,      1,                                              TRUE,   FALSE},
@@ -452,6 +458,7 @@ static payload_order_t id_prot_i_order[] = {
        {CERTIFICATE_REQUEST_V1,        0},
        {NOTIFY_V1,                                     0},
        {VENDOR_ID_V1,                          0},
+       {NAT_D_V1,                                      0},
 };
 
 /**
@@ -465,6 +472,7 @@ static payload_rule_t id_prot_r_rules[] = {
        {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
        {VENDOR_ID_V1,                          0,      MAX_VID_PAYLOADS,               FALSE,  FALSE},
        {CERTIFICATE_REQUEST_V1,        0,      MAX_CERTREQ_PAYLOADS,   FALSE,  FALSE},
+       {NAT_D_V1,                                      0,      MAX_NAT_D_PAYLOADS,             FALSE,  FALSE},
        {ID_V1,                                         0,      1,                                              TRUE,   FALSE},
        {CERTIFICATE_V1,                        0,      1,                                              TRUE,   FALSE},
        {SIGNATURE_V1,                          0,      1,                                              TRUE,   FALSE},
@@ -486,6 +494,7 @@ static payload_order_t id_prot_r_order[] = {
        {CERTIFICATE_REQUEST_V1,        0},
        {NOTIFY_V1,                                     0},
        {VENDOR_ID_V1,                          0},
+       {NAT_D_V1,                                      0},
 };
 
 /**
@@ -499,6 +508,7 @@ static payload_rule_t aggressive_i_rules[] = {
        {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
        {VENDOR_ID_V1,                          0,      MAX_VID_PAYLOADS,               FALSE,  FALSE},
        {CERTIFICATE_REQUEST_V1,        0,      MAX_CERTREQ_PAYLOADS,   FALSE,  FALSE},
+       {NAT_D_V1,                                      0,      MAX_NAT_D_PAYLOADS,             FALSE,  FALSE},
        {ID_V1,                                         0,      1,                                              FALSE,  FALSE},
        {CERTIFICATE_V1,                        0,      1,                                              FALSE,  FALSE},
        {SIGNATURE_V1,                          0,      1,                                              FALSE,  FALSE},
@@ -515,6 +525,7 @@ static payload_order_t aggressive_i_order[] = {
        {NONCE_V1,                                      0},
        {ID_V1,                                         0},
        {CERTIFICATE_V1,                        0},
+       {NAT_D_V1,                                      0},
        {SIGNATURE_V1,                          0},
        {HASH_V1,                                       0},
        {CERTIFICATE_REQUEST_V1,        0},
@@ -533,6 +544,7 @@ static payload_rule_t aggressive_r_rules[] = {
        {NONCE_V1,                                      0,      1,                                              FALSE,  FALSE},
        {VENDOR_ID_V1,                          0,      MAX_VID_PAYLOADS,               FALSE,  FALSE},
        {CERTIFICATE_REQUEST_V1,        0,      MAX_CERTREQ_PAYLOADS,   FALSE,  FALSE},
+       {NAT_D_V1,                                      0,      MAX_NAT_D_PAYLOADS,             FALSE,  FALSE},
        {ID_V1,                                         0,      1,                                              FALSE,  FALSE},
        {CERTIFICATE_V1,                        0,      1,                                              FALSE,  FALSE},
        {SIGNATURE_V1,                          0,      1,                                              FALSE,  FALSE},
@@ -549,6 +561,7 @@ static payload_order_t aggressive_r_order[] = {
        {NONCE_V1,                                      0},
        {ID_V1,                                         0},
        {CERTIFICATE_V1,                        0},
+       {NAT_D_V1,                                      0},
        {SIGNATURE_V1,                          0},
        {HASH_V1,                                       0},
        {CERTIFICATE_REQUEST_V1,        0},
@@ -588,6 +601,7 @@ static payload_rule_t quick_mode_i_rules[] = {
        {NONCE_V1,                                      0,      1,                                              TRUE,   FALSE},
        {KEY_EXCHANGE_V1,                       0,      1,                                              TRUE,   FALSE},
        {ID_V1,                                         0,      2,                                              TRUE,   FALSE},
+       {NAT_OA_V1,                                     0,      2,                                              TRUE,   FALSE},
 };
 
 /**
@@ -602,6 +616,7 @@ static payload_order_t quick_mode_i_order[] = {
        {NONCE_V1,                                      0},
        {KEY_EXCHANGE_V1,                       0},
        {ID_V1,                                         0},
+       {NAT_OA_V1,                                     0},
 };
 
 /**
@@ -616,6 +631,7 @@ static payload_rule_t quick_mode_r_rules[] = {
        {NONCE_V1,                                      0,      1,                                              TRUE,   FALSE},
        {KEY_EXCHANGE_V1,                       0,      1,                                              TRUE,   FALSE},
        {ID_V1,                                         0,      2,                                              TRUE,   FALSE},
+       {NAT_OA_V1,                                     0,      2,                                              TRUE,   FALSE},
 };
 
 /**
@@ -630,6 +646,7 @@ static payload_order_t quick_mode_r_order[] = {
        {NONCE_V1,                                      0},
        {KEY_EXCHANGE_V1,                       0},
        {ID_V1,                                         0},
+       {NAT_OA_V1,                                     0},
 };
 
 /**