From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 22 Apr 2015 15:02:23 +0000 (+0200)
Subject: ike-init: Send REDIRECT notify during IKE_SA_INIT if requested by providers
X-Git-Tag: 5.4.0dr8~12^2~27
X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=dd2b335b795b96c73561a44f0dfb106ca9189971

ike-init: Send REDIRECT notify during IKE_SA_INIT if requested by providers
---

diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 0f9c45a..87761ad 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -559,6 +559,8 @@ static bool derive_keys(private_ike_init_t *this,
 METHOD(task_t, build_r, status_t,
 	private_ike_init_t *this, message_t *message)
 {
+	identification_t *gateway;
+
 	/* check if we have everything we need */
 	if (this->proposal == NULL ||
 		this->other_nonce.len == 0 || this->my_nonce.len == 0)
@@ -569,6 +571,21 @@ METHOD(task_t, build_r, status_t,
 	}
 	this->ike_sa->set_proposal(this->ike_sa, this->proposal);
 
+	/* check if we'd have to redirect the client */
+	if (this->ike_sa->supports_extension(this->ike_sa, EXT_IKE_REDIRECTION) &&
+		charon->redirect->redirect_on_init(charon->redirect, this->ike_sa,
+										   &gateway))
+	{
+		chunk_t data;
+
+		DBG1(DBG_IKE, "redirecting peer to %Y", gateway);
+		data = redirect_data_create(gateway, this->other_nonce);
+		message->add_notify(message, TRUE, REDIRECT, data);
+		gateway->destroy(gateway);
+		chunk_free(&data);
+		return FAILED;
+	}
+
 	if (this->dh == NULL ||
 		!this->proposal->has_dh_group(this->proposal, this->dh_group))
 	{