child-cfg: Add option to prefer supplied proposals over locally configured ones
authorTobias Brunner <tobias@strongswan.org>
Wed, 1 Jun 2016 10:03:21 +0000 (12:03 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 17 Jun 2016 16:48:07 +0000 (18:48 +0200)
src/libcharon/config/child_cfg.c
src/libcharon/config/child_cfg.h
src/libcharon/sa/ikev1/tasks/quick_mode.c
src/libcharon/sa/ikev2/tasks/child_create.c

index ce3a29d..76d7f2c 100644 (file)
@@ -211,25 +211,40 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*,
 
 METHOD(child_cfg_t, select_proposal, proposal_t*,
        private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh,
-       bool private)
+       bool private, bool prefer_self)
 {
-       enumerator_t *stored_enum, *supplied_enum;
-       proposal_t *stored, *supplied, *selected = NULL;
+       enumerator_t *prefer_enum, *match_enum;
+       proposal_t *proposal, *match, *selected = NULL;
 
-       stored_enum = this->proposals->create_enumerator(this->proposals);
-       supplied_enum = proposals->create_enumerator(proposals);
+       if (prefer_self)
+       {
+               prefer_enum = this->proposals->create_enumerator(this->proposals);
+               match_enum = proposals->create_enumerator(proposals);
+       }
+       else
+       {
+               prefer_enum = proposals->create_enumerator(proposals);
+               match_enum = this->proposals->create_enumerator(this->proposals);
+       }
 
-       /* compare all stored proposals with all supplied. Stored ones are preferred. */
-       while (stored_enum->enumerate(stored_enum, &stored))
+       while (prefer_enum->enumerate(prefer_enum, &proposal))
        {
-               stored = stored->clone(stored);
-               while (supplied_enum->enumerate(supplied_enum, &supplied))
+               proposal = proposal->clone(proposal);
+               if (prefer_self)
+               {
+                       proposals->reset_enumerator(proposals, match_enum);
+               }
+               else
+               {
+                       this->proposals->reset_enumerator(this->proposals, match_enum);
+               }
+               while (match_enum->enumerate(match_enum, &match))
                {
                        if (strip_dh)
                        {
-                               stored->strip_dh(stored, MODP_NONE);
+                               proposal->strip_dh(proposal, MODP_NONE);
                        }
-                       selected = stored->select(stored, supplied, private);
+                       selected = proposal->select(proposal, match, private);
                        if (selected)
                        {
                                DBG2(DBG_CFG, "received proposals: %#P", proposals);
@@ -238,17 +253,15 @@ METHOD(child_cfg_t, select_proposal, proposal_t*,
                                break;
                        }
                }
-               stored->destroy(stored);
+               proposal->destroy(proposal);
                if (selected)
                {
                        break;
                }
-               supplied_enum->destroy(supplied_enum);
-               supplied_enum = proposals->create_enumerator(proposals);
        }
-       stored_enum->destroy(stored_enum);
-       supplied_enum->destroy(supplied_enum);
-       if (selected == NULL)
+       prefer_enum->destroy(prefer_enum);
+       match_enum->destroy(match_enum);
+       if (!selected)
        {
                DBG1(DBG_CFG, "received proposals: %#P", proposals);
                DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
index 6a1fa52..e736b27 100644 (file)
@@ -100,10 +100,12 @@ struct child_cfg_t {
         * @param proposals             list from which proposals are selected
         * @param strip_dh              TRUE strip out diffie hellman groups
         * @param private               accept algorithms from a private range
+        * @param prefer_self   whether to prefer configured or supplied proposals
         * @return                              selected proposal, or NULL if nothing matches
         */
        proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
-                                                                  bool strip_dh, bool private);
+                                                                  bool strip_dh, bool private,
+                                                                  bool prefer_self);
 
        /**
         * Add a traffic selector to the config.
index a6cc193..70bc370 100644 (file)
@@ -1109,8 +1109,8 @@ METHOD(task_t, process_r, status_t,
                        }
                        private = this->ike_sa->supports_extension(this->ike_sa,
                                                                                                           EXT_STRONGSWAN);
-                       this->proposal = this->config->select_proposal(this->config,
-                                                                                                                  list, FALSE, private);
+                       this->proposal = this->config->select_proposal(this->config, list,
+                                                                                                               FALSE, private, TRUE);
                        list->destroy_offset(list, offsetof(proposal_t, destroy));
 
                        get_lifetimes(this);
@@ -1323,8 +1323,8 @@ METHOD(task_t, process_i, status_t,
                        }
                        private = this->ike_sa->supports_extension(this->ike_sa,
                                                                                                           EXT_STRONGSWAN);
-                       this->proposal = this->config->select_proposal(this->config,
-                                                                                                                  list, FALSE, private);
+                       this->proposal = this->config->select_proposal(this->config, list,
+                                                                                                               FALSE, private, TRUE);
                        list->destroy_offset(list, offsetof(proposal_t, destroy));
                        if (!this->proposal)
                        {
index 33247aa..79208db 100644 (file)
@@ -482,7 +482,7 @@ static status_t select_and_install(private_child_create_t *this,
 
        private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
        this->proposal = this->config->select_proposal(this->config,
-                                                                                       this->proposals, no_dh, private);
+                                                                               this->proposals, no_dh, private, TRUE);
        if (this->proposal == NULL)
        {
                DBG1(DBG_IKE, "no acceptable proposal found");