replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notif...
authorTobias Brunner <tobias@strongswan.org>
Thu, 27 Mar 2008 09:54:09 +0000 (09:54 -0000)
committerTobias Brunner <tobias@strongswan.org>
Thu, 27 Mar 2008 09:54:09 +0000 (09:54 -0000)
src/charon/encoding/payloads/notify_payload.c
src/charon/encoding/payloads/notify_payload.h
src/charon/sa/connect_manager.c

index 975cc6d..a893ab4 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2008 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -85,6 +85,7 @@ ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
        "ME_CALLBACK",
        "ME_CONNECTID",
        "ME_CONNECTKEY",
+       "ME_CONNECTAUTH",
        "ME_RESPONSE");
 ENUM_END(notify_type_names, ME_RESPONSE);
 
@@ -148,6 +149,7 @@ ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
        "ME_CB",
        "ME_CID",
        "ME_CKEY",
+       "ME_CAUTH",
        "ME_R");
 ENUM_END(notify_type_short_names, ME_RESPONSE);
 
@@ -288,6 +290,7 @@ static status_t verify(private_notify_payload_t *this)
                }
                case NAT_DETECTION_SOURCE_IP:
                case NAT_DETECTION_DESTINATION_IP:
+               case ME_CONNECTAUTH:
                {
                        if (this->notification_data.len != HASH_SIZE_SHA1)
                        {
index 5677bb5..c2287dd 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2008 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -99,7 +99,8 @@ enum notify_type_t {
        ME_CALLBACK = 40964,
        ME_CONNECTID = 40965,
        ME_CONNECTKEY = 40966,
-       ME_RESPONSE = 40967
+       ME_CONNECTAUTH = 40967,
+       ME_RESPONSE = 40968
 };
 
 /**
index c0f4971..be6fed7 100644 (file)
@@ -344,8 +344,8 @@ struct check_t {
        /** raw endpoint payload (to verify the signature) */
        chunk_t endpoint_raw;
        
-    /** cookie */
-    chunk_t cookie;
+    /** connect auth */
+    chunk_t auth;
 };
 
 /**
@@ -355,7 +355,7 @@ static void check_destroy(check_t *this)
 {
        chunk_free(&this->connect_id);
        chunk_free(&this->endpoint_raw);
-       chunk_free(&this->cookie);
+       chunk_free(&this->auth);
        DESTROY_IF(this->endpoint);
        free(this);
 }
@@ -368,7 +368,7 @@ static check_t *check_create()
        check_t *this = malloc_thing(check_t);
        
        this->connect_id = chunk_empty;
-       this->cookie = chunk_empty;
+       this->auth = chunk_empty;
        this->endpoint_raw = chunk_empty;
        this->endpoint = NULL;
        
@@ -863,15 +863,15 @@ static status_t process_payloads(message_t *message, check_t *check)
                                DBG2(DBG_IKE, "received ME_CONNECTID %#B", &check->connect_id);
                                break;
                        }
-                       case COOKIE:
+                       case ME_CONNECTAUTH:
                        {
-                               if (check->cookie.ptr)
+                               if (check->auth.ptr)
                                {
-                                       DBG1(DBG_IKE, "connectivity check contains multiple COOKIE notifies");
+                                       DBG1(DBG_IKE, "connectivity check contains multiple ME_CONNECTAUTH notifies");
                                        break;
                                }
-                               check->cookie = chunk_clone(notify->get_notification_data(notify));
-                               DBG2(DBG_IKE, "received COOKIE %#B", &check->cookie);
+                               check->auth = chunk_clone(notify->get_notification_data(notify));
+                               DBG2(DBG_IKE, "received ME_CONNECTAUTH %#B", &check->auth);
                                break;
                        }
                        default:
@@ -880,7 +880,7 @@ static status_t process_payloads(message_t *message, check_t *check)
        }
        iterator->destroy(iterator);
        
-       if (!check->connect_id.ptr || !check->endpoint || !check->cookie.ptr)
+       if (!check->connect_id.ptr || !check->endpoint || !check->auth.ptr)
        {
                DBG1(DBG_IKE, "at least one payload was missing from the connectivity check");
                return FAILED;
@@ -1014,9 +1014,9 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist,
        message->add_payload(message, (payload_t*)endpoint);
        DBG2(DBG_IKE, "send ME_ENDPOINT notify");
        
-       check->cookie = build_signature(this, checklist, check, TRUE);
-       message->add_notify(message, FALSE, COOKIE, check->cookie);
-       DBG2(DBG_IKE, "send COOKIE %#B", &check->cookie);
+       check->auth = build_signature(this, checklist, check, TRUE);
+       message->add_notify(message, FALSE, ME_CONNECTAUTH, check->auth);
+       DBG2(DBG_IKE, "send ME_CONNECTAUTH %#B", &check->auth);
        
        packet_t *packet;
        if (message->generate(message, NULL, NULL, &packet) == SUCCESS)
@@ -1334,7 +1334,7 @@ static void process_check(private_connect_manager_t *this, message_t *message)
        }
        
        chunk_t sig = build_signature(this, checklist, check, FALSE); 
-       if (!chunk_equals(sig, check->cookie))
+       if (!chunk_equals(sig, check->auth))
        {
                DBG1(DBG_IKE, "connectivity check verification failed");
                check_destroy(check);