ike-cfg: Add setting for childless IKE_SAs
authorTobias Brunner <tobias@strongswan.org>
Fri, 29 Mar 2019 14:06:20 +0000 (15:06 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 25 Apr 2019 12:31:39 +0000 (14:31 +0200)
src/libcharon/config/ike_cfg.c
src/libcharon/config/ike_cfg.h

index cb75b70..d99abbc 100644 (file)
@@ -101,11 +101,16 @@ struct private_ike_cfg_t {
        bool force_encap;
 
        /**
-        * use IKEv1 fragmentation
+        * use IKE fragmentation
         */
        fragmentation_t fragmentation;
 
        /**
+        * childless IKE_SAs
+        */
+       childless_t childless;
+
+       /**
         * DSCP value to use on sent IKE packets
         */
        uint8_t dscp;
@@ -140,6 +145,12 @@ METHOD(ike_cfg_t, fragmentation, fragmentation_t,
        return this->fragmentation;
 }
 
+METHOD(ike_cfg_t, childless, childless_t,
+       private_ike_cfg_t *this)
+{
+       return this->childless;
+}
+
 /**
  * Common function for resolve_me/other
  */
@@ -424,6 +435,7 @@ METHOD(ike_cfg_t, equals, bool,
                this->certreq == other->certreq &&
                this->force_encap == other->force_encap &&
                this->fragmentation == other->fragmentation &&
+               this->childless == other->childless &&
                streq(this->me, other->me) &&
                streq(this->other, other->other) &&
                this->my_port == other->my_port &&
@@ -622,6 +634,7 @@ ike_cfg_t *ike_cfg_create(ike_cfg_create_t *data)
                        .send_certreq = _send_certreq,
                        .force_encap = _force_encap_,
                        .fragmentation = _fragmentation,
+                       .childless = _childless,
                        .resolve_me = _resolve_me,
                        .resolve_other = _resolve_other,
                        .match_me = _match_me,
@@ -645,6 +658,7 @@ ike_cfg_t *ike_cfg_create(ike_cfg_create_t *data)
                .certreq = !data->no_certreq,
                .force_encap = data->force_encap,
                .fragmentation = data->fragmentation,
+               .childless = data->childless,
                .me = strdup(data->local),
                .my_ranges = linked_list_create(),
                .my_hosts = linked_list_create(),
index 92a9915..9c697da 100644 (file)
@@ -25,6 +25,7 @@
 
 typedef enum ike_version_t ike_version_t;
 typedef enum fragmentation_t fragmentation_t;
+typedef enum childless_t childless_t;
 typedef struct ike_cfg_t ike_cfg_t;
 typedef struct ike_cfg_create_t ike_cfg_create_t;
 
@@ -62,6 +63,18 @@ enum fragmentation_t {
 };
 
 /**
+ * Childless IKE_SAs (RFC 6023)
+ */
+enum childless_t {
+       /** Allow childless IKE_SAs as responder, but initiate regular IKE_SAs */
+       CHILDLESS_ALLOW,
+       /** Don't accept childless IKE_SAs as responder, don't initiate them */
+       CHILDLESS_NEVER,
+       /** Only accept the creation of childless IKE_SAs (also as responder) */
+       CHILDLESS_FORCE,
+};
+
+/**
  * enum strings for ike_version_t
  */
 extern enum_name_t *ike_version_names;
@@ -204,13 +217,20 @@ struct ike_cfg_t {
        bool (*force_encap) (ike_cfg_t *this);
 
        /**
-        * Use proprietary IKEv1 fragmentation
+        * Use IKE fragmentation
         *
         * @return                              TRUE to use fragmentation
         */
        fragmentation_t (*fragmentation) (ike_cfg_t *this);
 
        /**
+        * Whether to initiate/accept childless IKE_SAs
+        *
+        * @return                              initiate/accept childless IKE_SAs
+        */
+       childless_t (*childless)(ike_cfg_t *this);
+
+       /**
         * Get the DH group to use for IKE_SA setup.
         *
         * @return                              dh group to use for initialization
@@ -266,6 +286,8 @@ struct ike_cfg_create_t {
        bool force_encap;
        /** Use IKE fragmentation */
        fragmentation_t fragmentation;
+       /** Childless IKE_SA configuration */
+       childless_t childless;
        /** DSCP value to send IKE packets with */
        uint8_t dscp;
 };