From 3b04350ab2b27d2d8876edc49a07d8285a69dafe Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Mon, 18 Jun 2007 10:32:01 +0000
Subject: [PATCH] added extensions management to IKE_SA fixed NATD payload
 (port) when using route lookup

---
 src/charon/sa/ike_sa.c         | 24 ++++++++++++++++++++++++
 src/charon/sa/ike_sa.h         | 38 +++++++++++++++++++++++++++++++++++++-
 src/charon/sa/tasks/ike_natd.c |  3 +++
 3 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index e4e0762..a23bb4a 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -143,6 +143,11 @@ struct private_ike_sa_t {
 	 * CA that issued the certificate of other
 	 */
 	ca_info_t *other_ca;
+	
+	/**
+	 * set of extensions the peer supports
+	 */
+	ike_extension_t extensions;
 
 	/**
 	 * Linked List containing the child sa's of the current IKE_SA.
@@ -1238,6 +1243,22 @@ static host_t* get_virtual_ip(private_ike_sa_t *this, bool local)
 }
 
 /**
+ * Implementation of ike_sa_t.enable_extension.
+ */
+static void enable_extension(private_ike_sa_t *this, ike_extension_t extension)
+{
+	this->extensions |= extension;
+}
+
+/**
+ * Implementation of ike_sa_t.has_extension.
+ */
+static bool supports_extension(private_ike_sa_t *this, ike_extension_t extension)
+{
+	return this->extensions & extension;
+}
+
+/**
  * Implementation of ike_sa_t.derive_keys.
  */
 static status_t derive_keys(private_ike_sa_t *this,
@@ -1851,6 +1872,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id;
 	this->public.get_other_ca = (ca_info_t* (*)(ike_sa_t*)) get_other_ca;
 	this->public.set_other_ca = (void (*)(ike_sa_t*,ca_info_t*)) set_other_ca;
+	this->public.enable_extension = (void(*)(ike_sa_t*, ike_extension_t extension))enable_extension;
+	this->public.supports_extension = (bool(*)(ike_sa_t*, ike_extension_t extension))supports_extension;
 	this->public.retransmit = (status_t (*)(ike_sa_t *, u_int32_t)) retransmit;
 	this->public.delete = (status_t (*)(ike_sa_t*))delete_;
 	this->public.destroy = (void (*)(ike_sa_t*))destroy;
@@ -1887,6 +1910,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->my_id = identification_create_from_encoding(ID_ANY, chunk_empty);
 	this->other_id = identification_create_from_encoding(ID_ANY, chunk_empty);
 	this->other_ca = NULL;
+	this->extensions = 0;
 	this->crypter_in = NULL;
 	this->crypter_out = NULL;
 	this->signer_in = NULL;
diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h
index 5419998..3905a89 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/charon/sa/ike_sa.h
@@ -25,6 +25,7 @@
 #ifndef IKE_SA_H_
 #define IKE_SA_H_
 
+typedef enum ike_extension_t ike_extension_t;
 typedef enum ike_sa_state_t ike_sa_state_t;
 typedef struct ike_sa_t ike_sa_t;
 
@@ -70,6 +71,21 @@ typedef struct ike_sa_t ike_sa_t;
  */
 #define RETRY_JITTER 20
 
+/**
+ * @brief Extensions (or optional features) the peer supports
+ */
+enum ike_extension_t {
+	
+	/**
+	 * peer supports NAT traversal as specified in RFC4306
+	 */
+	EXT_NATT,
+
+	/**
+	 * peer supports MOBIKE (RFC4555)
+	 */
+	EXT_MOBIKE,
+};
 
 /**
  * @brief State of an IKE_SA.
@@ -318,7 +334,27 @@ struct ike_sa_t {
 	 * @param config		peer_config to use
 	 */
 	void (*set_peer_cfg) (ike_sa_t *this, peer_cfg_t *config);
-
+	
+	/**
+	 * @brief Check if the peer supports an extension.
+	 *
+	 * @param this			calling object
+	 * @param extension		extension to check for support
+	 * @return				TRUE if peer supports it, FALSE otherwise
+	 */
+	bool (*supports_extension)(ike_sa_t *this, ike_extension_t extension);
+	
+	/**
+	 * @brief Enable an extension the peer supports.
+	 *
+	 * If support for an IKE extension is detected, this method is called
+	 * to enable that extension and behave accordingly.
+	 *
+	 * @param this			calling object
+	 * @param extension		extension to enable
+	 */
+	void (*enable_extension)(ike_sa_t *this, ike_extension_t extension);
+	
 	/**
 	 * @brief Initiate a new connection.
 	 *
diff --git a/src/charon/sa/tasks/ike_natd.c b/src/charon/sa/tasks/ike_natd.c
index 5ae3666..15c516c 100644
--- a/src/charon/sa/tasks/ike_natd.c
+++ b/src/charon/sa/tasks/ike_natd.c
@@ -203,6 +203,8 @@ static void process_payloads(private_ike_natd_t *this, message_t *message)
 	
 	if (this->src_seen && this->dst_seen)
 	{
+		this->ike_sa->enable_extension(this->ike_sa, EXT_NATT);
+	
 		if (!this->dst_matched)
 		{
 			this->ike_sa->enable_natt(this->ike_sa, TRUE);
@@ -266,6 +268,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message)
 									this->ike_sa->get_other_host(this->ike_sa));
 		if (host)
 		{	/* 2. */
+			host->set_port(host, IKEV2_UDP_PORT);
 			notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
 			message->add_payload(message, (payload_t*)notify);
 			host->destroy(host);
-- 
2.7.4