[svn-upgrade] Integrating new upstream version, strongswan (4.1.10)

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2008-02-07 13:56:17 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2008-02-07 13:56:17 +0000
commit: bcc8f7ca7fd8e8ff6e8a4d579251458313133598 (patch)
tree: a86b42b486c954937b32ffeaaa725804cb1458ec /src/charon/encoding
parent: 49104abddf3d71d5abf5cf75dc7f95fa6c55fa63 (diff)
download: vyos-strongswan-bcc8f7ca7fd8e8ff6e8a4d579251458313133598.tar.gz
vyos-strongswan-bcc8f7ca7fd8e8ff6e8a4d579251458313133598.zip
8 files changed, 68 insertions, 38 deletions
diff --git a/src/charon/encoding/payloads/configuration_attribute.c b/src/charon/encoding/payloads/configuration_attribute.c
index 0aa82169f..afd08c6be 100644
--- a/src/charon/encoding/payloads/configuration_attribute.c
+++ b/src/charon/encoding/payloads/configuration_attribute.c
@@ -165,7 +165,7 @@ static status_t verify(private_configuration_attribute_t *this)
 		 default:
 			DBG1(DBG_ENC, "unknown attribute type %N", 
 				 configuration_attribute_type_names, this->attribute_type);
-		 	return FAILED;
+		 	break;
 	}
 	
 	if (failed)
diff --git a/src/charon/encoding/payloads/eap_payload.c b/src/charon/encoding/payloads/eap_payload.c
index 79ab32fe5..345114af0 100644
--- a/src/charon/encoding/payloads/eap_payload.c
+++ b/src/charon/encoding/payloads/eap_payload.c
@@ -235,11 +235,23 @@ static u_int8_t get_identifier(private_eap_payload_t *this)
 /**
  * Implementation of eap_payload_t.get_type.
  */
-static eap_type_t get_type(private_eap_payload_t *this)
+static eap_type_t get_type(private_eap_payload_t *this, u_int32_t *vendor)
 {
+	eap_type_t type;
+
+	*vendor = 0;
 	if (this->data.len > 4)
 	{
-		return *(this->data.ptr + 4);
+		type = *(this->data.ptr + 4);
+		if (type != EAP_EXPANDED)
+		{
+			return type;
+		}
+		if (this->data.len >= 12)
+		{
+			*vendor = ntohl(*(u_int32_t*)(this->data.ptr + 4)) & 0x00FFFFFF;
+			return ntohl(*(u_int32_t*)(this->data.ptr + 8));
+		}
 	}
 	return 0;
 }
@@ -275,7 +287,7 @@ eap_payload_t *eap_payload_create()
 	this->public.set_data = (void (*) (eap_payload_t *,chunk_t))set_data;
 	this->public.get_code = (eap_code_t (*) (eap_payload_t*))get_code;
 	this->public.get_identifier = (u_int8_t (*) (eap_payload_t*))get_identifier;
-	this->public.get_type = (eap_type_t (*) (eap_payload_t*))get_type;
+	this->public.get_type = (eap_type_t (*) (eap_payload_t*,u_int32_t*))get_type;
 	
 	/* private variables */
 	this->critical = FALSE;
@@ -329,3 +341,4 @@ eap_payload_t *eap_payload_create_nak()
 	this->set_data(this, data);
 	return this;
 }
+
diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/charon/encoding/payloads/eap_payload.h
index 13c0ade80..3addbb838 100644
--- a/src/charon/encoding/payloads/eap_payload.h
+++ b/src/charon/encoding/payloads/eap_payload.h
@@ -95,9 +95,10 @@ struct eap_payload_t {
 	 * @brief Get the EAP method type.
 	 *
 	 * @param this 		calling eap_payload_t object
-	 * @return			EAP method type
+	 * @param vendor	pointer receiving vendor identifier
+	 * @return			EAP method type, vendor specific if vendor != 0
 	 */
-	eap_type_t (*get_type) (eap_payload_t *this);
+	eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
 	
 	/**
 	 * @brief Destroys an eap_payload_t object.
diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/charon/encoding/payloads/endpoint_notify.c
index 30f3ecd5f..98bfb2ea0 100644
--- a/src/charon/encoding/payloads/endpoint_notify.c
+++ b/src/charon/encoding/payloads/endpoint_notify.c
@@ -76,6 +76,13 @@ struct private_endpoint_notify_t {
       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 */
 
+ENUM(p2p_endpoint_type_names, HOST, RELAYED,
+	"HOST",
+	"SERVER_REFLEXIVE",
+	"PEER_REFLEXIVE",
+	"RELAYED"
+);
+
 /**
  * Helper functions to parse integer values
  */
@@ -152,14 +159,10 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
 	
 	switch(this->family)
 	{
-		case NO_FAMILY:
-			this->endpoint = NULL;
-			break;
-	
 		case IPv6:
 			addr_family = AF_INET6;
 			addr.len = 16;
-			// fall-through
+			/* fall-through */
 		case IPv4:
 			if (parse_uint16(&cur, top, &port) != SUCCESS)
 			{
@@ -177,8 +180,11 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
 			
 			this->endpoint = host_create_from_chunk(addr_family, addr, port);
 			break;
+		case NO_FAMILY:
+		default:
+			this->endpoint = NULL;
+			break;
 	}	
-	
 	return SUCCESS;
 }
 
@@ -213,7 +219,7 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
 	}
 	port_chunk = chunk_from_thing(port);
 	
-	// data = prio | family | type | port | addr
+	/* data = prio | family | type | port | addr */
 	data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk,
 			port_chunk, addr_chunk);
 	DBG3(DBG_IKE, "p2p_endpoint_data %B", &data);
@@ -251,7 +257,7 @@ static u_int32_t get_priority(private_endpoint_notify_t *this)
  */
 static void set_priority(private_endpoint_notify_t *this, u_int32_t priority)
 {
-	return this->priority = priority;
+	this->priority = priority;
 }
 
 /**
@@ -368,13 +374,15 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho
 			this->priority = pow(2, 16) * P2P_PRIO_PEER; 
 			break;
 		case RELAYED:
+		default:
 			this->priority = pow(2, 16) * P2P_PRIO_RELAY; 
 			break;
 	}
 	
 	this->priority += 65535;
 	
-	if (!host) {
+	if (!host)
+	{
 		return &this->public;
 	}
 	
@@ -387,7 +395,8 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho
 			this->family = IPv6;
 			break;
 		default:
-			// unsupported family type, we do not set the hsot (family is set to NO_FAMILY) 
+			/* unsupported family type, we do not set the hsot
+			 * (family is set to NO_FAMILY) */
 			return &this->public;
 	}
 	
diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/charon/encoding/payloads/endpoint_notify.h
index 272301d5b..4a3a68f95 100644
--- a/src/charon/encoding/payloads/endpoint_notify.h
+++ b/src/charon/encoding/payloads/endpoint_notify.h
@@ -35,6 +35,11 @@ typedef struct endpoint_notify_t endpoint_notify_t;
 
 #include <encoding/payloads/notify_payload.h>
 
+/**
+ * @brief P2P endpoint families.
+ *
+ * @ingroup payloads
+ */
 enum p2p_endpoint_family_t {
 	
 	NO_FAMILY = 0,
@@ -47,6 +52,11 @@ enum p2p_endpoint_family_t {
 	
 };
 
+/**
+ * @brief P2P endpoint types.
+ *
+  * @ingroup payloads
+ */
 enum p2p_endpoint_type_t {
 	
 	NO_TYPE = 0,
@@ -64,6 +74,13 @@ enum p2p_endpoint_type_t {
 };
 
 /**
+ * enum name for p2p_endpoint_type_t.
+ *
+ * @ingroup payloads
+ */
+extern enum_name_t *p2p_endpoint_type_names;
+
+/**
  * @brief Class representing a P2P_ENDPOINT notify. In fact it's not
  * the notify per se, but the notification data of that notify that is
  * handled with this class.
diff --git a/src/charon/encoding/payloads/ike_header.c b/src/charon/encoding/payloads/ike_header.c
index 7253e4f51..3a171b095 100644
--- a/src/charon/encoding/payloads/ike_header.c
+++ b/src/charon/encoding/payloads/ike_header.c
@@ -192,7 +192,8 @@ static status_t verify(private_ike_header_t *this)
 
 	if (this->initiator_spi == 0
 #ifdef P2P
-		// we allow zero spi for INFORMATIONAL exchanges, to allow P2P connectivity checks
+		/* we allow zero spi for INFORMATIONAL exchanges,
+		 * to allow P2P connectivity checks */
 		&& this->exchange_type != INFORMATIONAL
 #endif /* P2P */
 		)
diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c
index 74a6c3197..d32257af6 100644
--- a/src/charon/encoding/payloads/notify_payload.c
+++ b/src/charon/encoding/payloads/notify_payload.c
@@ -57,13 +57,9 @@ ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED, AUTH
 	"INVALID_SELECTORS",
 	"UNACCEPTABLE_ADDRESSES",
 	"UNEXPECTED_NAT_DETECTED");
-#ifdef P2P
 ENUM_NEXT(notify_type_names, P2P_CONNECT_FAILED, P2P_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED,
 	"P2P_CONNECT_FAILED");
 ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, P2P_CONNECT_FAILED,
-#else
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, UNEXPECTED_NAT_DETECTED,
-#endif /* P2P */
 	"INITIAL_CONTACT",
 	"SET_WINDOW_SIZE",
 	"ADDITIONAL_TS_POSSIBLE",
@@ -86,7 +82,6 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, UNEXPECTED_NAT_DETE
 	"AUTH_LIFETIME");
 ENUM_NEXT(notify_type_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, AUTH_LIFETIME,
 	"EAP_ONLY_AUTHENTICATION");
-#ifdef P2P
 ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION,
 	"USE_BEET_MODE");
 ENUM_NEXT(notify_type_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE,
@@ -97,9 +92,6 @@ ENUM_NEXT(notify_type_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE,
 	"P2P_SESSIONKEY",
 	"P2P_RESPONSE");
 ENUM_END(notify_type_names, P2P_RESPONSE);
-#else
-ENUM_END(notify_type_names, EAP_ONLY_AUTHENTICATION);
-#endif /* P2P */
 
 
 ENUM_BEGIN(notify_type_short_names, UNSUPPORTED_CRITICAL_PAYLOAD, UNSUPPORTED_CRITICAL_PAYLOAD,
@@ -128,13 +120,9 @@ ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED
 	"INVAL_SEL",
 	"UNACCEPT_ADDR",
 	"UNEXPECT_NAT");
-#ifdef P2P
 ENUM_NEXT(notify_type_short_names, P2P_CONNECT_FAILED, P2P_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED,
 	"P2P_CONN_FAIL");
 ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, P2P_CONNECT_FAILED,
-#else
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, UNEXPECTED_NAT_DETECTED,
-#endif /* P2P */
 	"INIT_CONTACT",
 	"SET_WINSIZE",
 	"ADD_TS_POSS",
@@ -157,7 +145,6 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, UNEXPECTED_NA
 	"AUTH_LFT");
 ENUM_NEXT(notify_type_short_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, AUTH_LIFETIME,
 	"EAP_ONLY");
-#ifdef P2P
 ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION,
 	"BEET_MODE");
 ENUM_NEXT(notify_type_short_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE,
@@ -168,9 +155,6 @@ ENUM_NEXT(notify_type_short_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE,
 	"P2P_SKEY",
 	"P2P_R");
 ENUM_END(notify_type_short_names, P2P_RESPONSE);
-#else
-ENUM_END(notify_type_short_names, EAP_ONLY_AUTHENTICATION);
-#endif /* P2P */
 
 
 typedef struct private_notify_payload_t private_notify_payload_t;
@@ -342,7 +326,15 @@ static status_t verify(private_notify_payload_t *this)
 			}
 			break;
 		}
-		// FIXME: check size of P2P-NAT-T payloads
+		case AUTH_LIFETIME:
+		{
+			if (this->notification_data.len != 4)
+			{
+				bad_length = TRUE;
+			}
+			break;
+		}
+		/* FIXME: check size of P2P-NAT-T payloads */
 		default:
 			/* TODO: verify */
 			break;
diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h
index 4a9ad992b..03f61d473 100644
--- a/src/charon/encoding/payloads/notify_payload.h
+++ b/src/charon/encoding/payloads/notify_payload.h
@@ -68,10 +68,9 @@ enum notify_type_t {
 	INVALID_SELECTORS = 39,
 	UNACCEPTABLE_ADDRESSES = 40,
 	UNEXPECTED_NAT_DETECTED = 41,
-#ifdef P2P
 	/* P2P-NAT-T, private use */
 	P2P_CONNECT_FAILED = 8192,
-#endif /* P2P */
+	
 	/* notify status messages */
 	INITIAL_CONTACT = 16384,
 	SET_WINDOW_SIZE = 16385,
@@ -99,7 +98,6 @@ enum notify_type_t {
 	EAP_ONLY_AUTHENTICATION = 40960,
 	/* BEET mode, not even a draft yet. private use */
 	USE_BEET_MODE = 40961,
-#ifdef P2P
 	/* P2P-NAT-T, private use */
 	P2P_MEDIATION = 40962,
 	P2P_ENDPOINT = 40963,
@@ -107,7 +105,6 @@ enum notify_type_t {
 	P2P_SESSIONID = 40965,
 	P2P_SESSIONKEY = 40966,
 	P2P_RESPONSE = 40967
-#endif /* P2P */
 };
 
 /**
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2008-02-07 13:56:17 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2008-02-07 13:56:17 +0000
commit	bcc8f7ca7fd8e8ff6e8a4d579251458313133598 (patch)
tree	a86b42b486c954937b32ffeaaa725804cb1458ec /src/charon/encoding
parent	49104abddf3d71d5abf5cf75dc7f95fa6c55fa63 (diff)
download	vyos-strongswan-bcc8f7ca7fd8e8ff6e8a4d579251458313133598.tar.gz vyos-strongswan-bcc8f7ca7fd8e8ff6e8a4d579251458313133598.zip