New upstream version 5.7.2

7 files changed, 33 insertions, 8 deletions

diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c
index 34d6efc48..2553fd014 100644
--- a/src/libcharon/plugins/ha/ha_attribute.c
+++ b/src/libcharon/plugins/ha/ha_attribute.c
@@ -159,13 +159,13 @@ static pool_t* get_pool(private_ha_attribute_t *this, char *name)
 }
 
 /**
- * Check if we are responsible for a bit in our bitmask
+ * Check if we are responsible for an offset
  */
-static bool responsible_for(private_ha_attribute_t *this, int bit)
+static bool responsible_for(private_ha_attribute_t *this, int offset)
 {
 	u_int segment;
 
-	segment = this->kernel->get_segment_int(this->kernel, bit);
+	segment = offset % this->segments->count(this->segments) + 1;
 	return this->segments->is_active(this->segments, segment);
 }
 
@@ -175,7 +175,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
 {
 	enumerator_t *enumerator;
 	pool_t *pool = NULL;
-	int offset = -1, byte, bit;
+	int offset = -1, tmp_offset, byte, bit;
 	host_t *address;
 	char *name;
 
@@ -199,10 +199,11 @@ METHOD(attribute_provider_t, acquire_address, host_t*,
 			{
 				for (bit = 0; bit < 8; bit++)
 				{
+					tmp_offset = byte * 8 + bit;
 					if (!(pool->mask[byte] & 1 << bit) &&
-						responsible_for(this, bit))
+						responsible_for(this, tmp_offset))
 					{
-						offset = byte * 8 + bit;
+						offset = tmp_offset;
 						pool->mask[byte] |= 1 << bit;
 						break;
 					}
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index 4e3803892..ab845317f 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -138,6 +138,7 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
 	chunk_t dh_local = chunk_empty, dh_remote = chunk_empty, psk = chunk_empty;
 	host_t *other = NULL;
 	bool ok = FALSE;
+	auth_method_t method = AUTH_RSA;
 
 	enumerator = message->create_attribute_enumerator(message);
 	while (enumerator->enumerate(enumerator, &attribute, &value))
@@ -197,6 +198,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
 			case HA_ALG_DH:
 				dh_grp = value.u16;
 				break;
+			case HA_AUTH_METHOD:
+				method = value.u16;
 			default:
 				break;
 		}
@@ -238,7 +241,6 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
 		{
 			keymat_v1_t *keymat_v1 = (keymat_v1_t*)ike_sa->get_keymat(ike_sa);
 			shared_key_t *shared = NULL;
-			auth_method_t method = AUTH_RSA;
 
 			if (psk.len)
 			{
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index 2854ab76d..aae402d50 100644
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -73,7 +73,7 @@ static ike_extension_t copy_extension(ike_sa_t *ike_sa, ike_extension_t ext)
 METHOD(listener_t, ike_keys, bool,
 	private_ha_ike_t *this, ike_sa_t *ike_sa, diffie_hellman_t *dh,
 	chunk_t dh_other, chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey,
-	shared_key_t *shared)
+	shared_key_t *shared, auth_method_t method)
 {
 	ha_message_t *m;
 	chunk_t secret;
@@ -141,6 +141,10 @@ METHOD(listener_t, ike_keys, bool,
 		{
 			m->add_attribute(m, HA_PSK, shared->get_key(shared));
 		}
+		else
+		{
+			m->add_attribute(m, HA_AUTH_METHOD, method);
+		}
 	}
 	m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
 
diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c
index 7891b1654..28b7b0d5b 100644
--- a/src/libcharon/plugins/ha/ha_message.c
+++ b/src/libcharon/plugins/ha/ha_message.c
@@ -240,6 +240,7 @@ METHOD(ha_message_t, add_attribute, void,
 		case HA_OUTBOUND_CPI:
 		case HA_SEGMENT:
 		case HA_ESN:
+		case HA_AUTH_METHOD:
 		{
 			uint16_t val;
 
@@ -463,6 +464,7 @@ METHOD(enumerator_t, attribute_enumerate, bool,
 		case HA_OUTBOUND_CPI:
 		case HA_SEGMENT:
 		case HA_ESN:
+		case HA_AUTH_METHOD:
 		{
 			if (this->buf.len < sizeof(uint16_t))
 			{
diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h
index 3e43dc8dc..3c0058d99 100644
--- a/src/libcharon/plugins/ha/ha_message.h
+++ b/src/libcharon/plugins/ha/ha_message.h
@@ -156,6 +156,8 @@ enum ha_message_attribute_t {
 	HA_PSK,
 	/** chunk_t, IV for next IKEv1 message */
 	HA_IV,
+	/** uint16_t, auth_method_t for IKEv1 key derivation */
+	HA_AUTH_METHOD,
 };
 
 /**
diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c
index 0a407f9ef..153534915 100644
--- a/src/libcharon/plugins/ha/ha_segments.c
+++ b/src/libcharon/plugins/ha/ha_segments.c
@@ -433,6 +433,12 @@ METHOD(ha_segments_t, is_active, bool,
 	return (this->active & SEGMENTS_BIT(segment)) != 0;
 }
 
+METHOD(ha_segments_t, count, u_int,
+	private_ha_segments_t *this)
+{
+	return this->count;
+}
+
 METHOD(ha_segments_t, destroy, void,
 	private_ha_segments_t *this)
 {
@@ -459,6 +465,7 @@ ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel,
 			.deactivate = _deactivate,
 			.handle_status = _handle_status,
 			.is_active = _is_active,
+			.count = _count,
 			.destroy = _destroy,
 		},
 		.socket = socket,
diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h
index 10d5812c6..bc96a8d3e 100644
--- a/src/libcharon/plugins/ha/ha_segments.h
+++ b/src/libcharon/plugins/ha/ha_segments.h
@@ -83,6 +83,13 @@ struct ha_segments_t {
 	bool (*is_active)(ha_segments_t *this, u_int segment);
 
 	/**
+	 * Return the number of segments
+	 *
+	 * @return			number of segments
+	 */
+	u_int (*count)(ha_segments_t *this);
+
+	/**
 	 * Destroy a ha_segments_t.
 	 */
 	void (*destroy)(ha_segments_t *this);