Imported Upstream version 5.2.0

author: Yves-Alexis Perez <corsac@debian.org> 2014-07-11 07:23:31 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2014-07-11 07:23:31 +0200
commit: 81c63b0eed39432878f78727f60a1e7499645199 (patch)
tree: 82387d8fecd1c20788fd8bd784a9b0bde091fb6b /src/libcharon/sa/ikev2
parent: c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (diff)
download: vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.tar.gz
vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.zip
19 files changed, 93 insertions, 96 deletions
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index b8359cc88..eed6d1996 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -450,7 +450,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
 	keymat_v2_t *keymat;
 
 	auth_payload = (auth_payload_t*)message->get_payload(message,
-														 AUTHENTICATION);
+														 PLV2_AUTH);
 	if (!auth_payload)
 	{
 		DBG1(DBG_IKE, "AUTH payload missing");
@@ -532,7 +532,7 @@ METHOD(authenticator_t, process_server, status_t,
 	else
 	{
 		eap_payload = (eap_payload_t*)message->get_payload(message,
-													EXTENSIBLE_AUTHENTICATION);
+													PLV2_EAP);
 		if (!eap_payload)
 		{
 			return FAILED;
@@ -590,7 +590,7 @@ METHOD(authenticator_t, process_client, status_t,
 	}
 
 	eap_payload = (eap_payload_t*)message->get_payload(message,
-													EXTENSIBLE_AUTHENTICATION);
+													PLV2_EAP);
 	if (eap_payload)
 	{
 		switch (eap_payload->get_code(eap_payload))
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index 997efe359..c6a4b6ba4 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -103,7 +103,7 @@ METHOD(authenticator_t, process, status_t,
 	int keys_found = 0;
 	keymat_v2_t *keymat;
 
-	auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
+	auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH);
 	if (!auth_payload)
 	{
 		return FAILED;
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 5ceff40ba..6fb14bc06 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -147,7 +147,7 @@ METHOD(authenticator_t, process, status_t,
 	status_t status = NOT_FOUND;
 	keymat_v2_t *keymat;
 
-	auth_payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
+	auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH);
 	if (!auth_payload)
 	{
 		return FAILED;
diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c
index c4e5ea7a0..161c4fdaf 100644
--- a/src/libcharon/sa/ikev2/connect_manager.c
+++ b/src/libcharon/sa/ikev2/connect_manager.c
@@ -748,7 +748,7 @@ static status_t process_payloads(message_t *message, check_t *check)
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) != NOTIFY)
+		if (payload->get_type(payload) != PLV2_NOTIFY)
 		{
 			DBG1(DBG_IKE, "ignoring payload of type '%N' while processing "
 				 "connectivity check", payload_type_names,
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index a5252ab70..ada798bdc 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -792,7 +792,7 @@ static status_t process_request(private_task_manager_t *this,
 				{
 					switch (payload->get_type(payload))
 					{
-						case NOTIFY:
+						case PLV2_NOTIFY:
 						{	/* if we find a rekey notify, its CHILD_SA rekeying */
 							notify = (notify_payload_t*)payload;
 							if (notify->get_notify_type(notify) == REKEY_SA &&
@@ -803,8 +803,8 @@ static status_t process_request(private_task_manager_t *this,
 							}
 							break;
 						}
-						case TRAFFIC_SELECTOR_INITIATOR:
-						case TRAFFIC_SELECTOR_RESPONDER:
+						case PLV2_TS_INITIATOR:
+						case PLV2_TS_RESPONDER:
 						{	/* if we don't find a TS, its IKE rekeying */
 							ts_found = TRUE;
 							break;
@@ -842,7 +842,7 @@ static status_t process_request(private_task_manager_t *this,
 				{
 					switch (payload->get_type(payload))
 					{
-						case NOTIFY:
+						case PLV2_NOTIFY:
 						{
 							notify = (notify_payload_t*)payload;
 							switch (notify->get_notify_type(notify))
@@ -875,7 +875,7 @@ static status_t process_request(private_task_manager_t *this,
 							}
 							break;
 						}
-						case DELETE:
+						case PLV2_DELETE:
 						{
 							delete = (delete_payload_t*)payload;
 							if (delete->get_protocol_id(delete) == PROTO_IKE)
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index df7bc96d6..a1f01c276 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -187,7 +187,7 @@ static status_t get_nonce(message_t *message, chunk_t *nonce)
 {
 	nonce_payload_t *payload;
 
-	payload = (nonce_payload_t*)message->get_payload(message, NONCE);
+	payload = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE);
 	if (payload == NULL)
 	{
 		return FAILED;
@@ -731,7 +731,7 @@ static void build_payloads(private_child_create_t *this, message_t *message)
 	/* add nonce payload if not in IKE_AUTH */
 	if (message->get_exchange_type(message) == CREATE_CHILD_SA)
 	{
-		nonce_payload = nonce_payload_create(NONCE);
+		nonce_payload = nonce_payload_create(PLV2_NONCE);
 		nonce_payload->set_nonce(nonce_payload, this->my_nonce);
 		message->add_payload(message, (payload_t*)nonce_payload);
 	}
@@ -739,7 +739,7 @@ static void build_payloads(private_child_create_t *this, message_t *message)
 	/* diffie hellman exchange, if PFS enabled */
 	if (this->dh)
 	{
-		ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE,
+		ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE,
 														   this->dh);
 		message->add_payload(message, (payload_t*)ke_payload);
 	}
@@ -866,11 +866,11 @@ static void process_payloads(private_child_create_t *this, message_t *message)
 	{
 		switch (payload->get_type(payload))
 		{
-			case SECURITY_ASSOCIATION:
+			case PLV2_SECURITY_ASSOCIATION:
 				sa_payload = (sa_payload_t*)payload;
 				this->proposals = sa_payload->get_proposals(sa_payload);
 				break;
-			case KEY_EXCHANGE:
+			case PLV2_KEY_EXCHANGE:
 				ke_payload = (ke_payload_t*)payload;
 				if (!this->initiator)
 				{
@@ -884,15 +884,15 @@ static void process_payloads(private_child_create_t *this, message_t *message)
 								ke_payload->get_key_exchange_data(ke_payload));
 				}
 				break;
-			case TRAFFIC_SELECTOR_INITIATOR:
+			case PLV2_TS_INITIATOR:
 				ts_payload = (ts_payload_t*)payload;
 				this->tsi = ts_payload->get_traffic_selectors(ts_payload);
 				break;
-			case TRAFFIC_SELECTOR_RESPONDER:
+			case PLV2_TS_RESPONDER:
 				ts_payload = (ts_payload_t*)payload;
 				this->tsr = ts_payload->get_traffic_selectors(ts_payload);
 				break;
-			case NOTIFY:
+			case PLV2_NOTIFY:
 				handle_notify(this, (notify_payload_t*)payload);
 				break;
 			default:
@@ -950,7 +950,7 @@ METHOD(task_t, build_i, status_t,
 	/* check if we want a virtual IP, but don't have one */
 	list = linked_list_create();
 	peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-	if (!this->reqid)
+	if (!this->rekey)
 	{
 		enumerator = peer_cfg->create_virtual_ip_enumerator(peer_cfg);
 		while (enumerator->enumerate(enumerator, &vip))
@@ -1192,6 +1192,12 @@ METHOD(task_t, build_r, status_t,
 		message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty);
 		return SUCCESS;
 	}
+	if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
+	{
+		DBG1(DBG_IKE, "unable to create CHILD_SA while deleting IKE_SA");
+		message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty);
+		return SUCCESS;
+	}
 
 	if (this->config == NULL)
 	{
@@ -1211,7 +1217,7 @@ METHOD(task_t, build_r, status_t,
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) == NOTIFY)
+		if (payload->get_type(payload) == PLV2_NOTIFY)
 		{
 			notify_payload_t *notify = (notify_payload_t*)payload;
 
@@ -1313,7 +1319,7 @@ METHOD(task_t, build_i_delete, status_t,
 
 		proto = this->proposal->get_protocol(this->proposal);
 		spi = this->child_sa->get_spi(this->child_sa, TRUE);
-		del = delete_payload_create(DELETE, proto);
+		del = delete_payload_create(PLV2_DELETE, proto);
 		del->add_spi(del, spi);
 		message->add_payload(message, (payload_t*)del);
 
@@ -1362,7 +1368,7 @@ METHOD(task_t, process_i, status_t,
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) == NOTIFY)
+		if (payload->get_type(payload) == PLV2_NOTIFY)
 		{
 			notify_payload_t *notify = (notify_payload_t*)payload;
 			notify_type_t type = notify->get_notify_type(notify);
diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index 88b032c8b..2b1697423 100644
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -93,7 +93,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message)
 			case PROTO_ESP:
 				if (esp == NULL)
 				{
-					esp = delete_payload_create(DELETE, PROTO_ESP);
+					esp = delete_payload_create(PLV2_DELETE, PROTO_ESP);
 					message->add_payload(message, (payload_t*)esp);
 				}
 				esp->add_spi(esp, spi);
@@ -103,7 +103,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message)
 			case PROTO_AH:
 				if (ah == NULL)
 				{
-					ah = delete_payload_create(DELETE, PROTO_AH);
+					ah = delete_payload_create(PLV2_DELETE, PROTO_AH);
 					message->add_payload(message, (payload_t*)ah);
 				}
 				ah->add_spi(ah, spi);
@@ -133,7 +133,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message)
 	payloads = message->create_payload_enumerator(message);
 	while (payloads->enumerate(payloads, &payload))
 	{
-		if (payload->get_type(payload) == DELETE)
+		if (payload->get_type(payload) == PLV2_DELETE)
 		{
 			delete_payload = (delete_payload_t*)payload;
 			protocol = delete_payload->get_protocol_id(delete_payload);
diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index d2003bb45..db872827d 100644
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -171,7 +171,7 @@ METHOD(task_t, build_i, status_t,
 	config = this->child_sa->get_config(this->child_sa);
 
 	/* we just need the rekey notify ... */
-	notify = notify_payload_create_from_protocol_and_type(NOTIFY,
+	notify = notify_payload_create_from_protocol_and_type(PLV2_NOTIFY,
 													this->protocol, REKEY_SA);
 	notify->set_spi(notify, this->spi);
 	message->add_payload(message, (payload_t*)notify);
@@ -228,7 +228,7 @@ METHOD(task_t, build_r, status_t,
 	this->child_create->set_config(this->child_create, config->get_ref(config));
 	this->child_create->task.build(&this->child_create->task, message);
 
-	if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
+	if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL)
 	{
 		/* rekeying failed, reuse old child */
 		this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
@@ -332,7 +332,7 @@ METHOD(task_t, process_i, status_t,
 		this->child_create->task.migrate(&this->child_create->task, this->ike_sa);
 		return NEED_MORE;
 	}
-	if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
+	if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL)
 	{
 		/* establishing new child failed, reuse old. but not when we
 		 * received a delete in the meantime */
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 800dab07e..bf747a49e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -132,7 +132,7 @@ static status_t collect_my_init_data(private_ike_auth_t *this,
 	nonce_payload_t *nonce;
 
 	/* get the nonce that was generated in ike_init */
-	nonce = (nonce_payload_t*)message->get_payload(message, NONCE);
+	nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE);
 	if (nonce == NULL)
 	{
 		return FAILED;
@@ -158,7 +158,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this,
 	nonce_payload_t *nonce;
 
 	/* get the nonce that was generated in ike_init */
-	nonce = (nonce_payload_t*)message->get_payload(message, NONCE);
+	nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE);
 	if (nonce == NULL)
 	{
 		return FAILED;
@@ -433,7 +433,7 @@ METHOD(task_t, build_i, status_t,
 			{
 				this->ike_sa->set_other_id(this->ike_sa, idr->clone(idr));
 				id_payload = id_payload_create_from_identification(
-															ID_RESPONDER, idr);
+															PLV2_ID_RESPONDER, idr);
 				message->add_payload(message, (payload_t*)id_payload);
 			}
 		}
@@ -451,7 +451,7 @@ METHOD(task_t, build_i, status_t,
 			cfg->add(cfg, AUTH_RULE_IDENTITY, idi);
 		}
 		this->ike_sa->set_my_id(this->ike_sa, idi->clone(idi));
-		id_payload = id_payload_create_from_identification(ID_INITIATOR, idi);
+		id_payload = id_payload_create_from_identification(PLV2_ID_INITIATOR, idi);
 		get_reserved_id_bytes(this, id_payload);
 		message->add_payload(message, (payload_t*)id_payload);
 
@@ -498,7 +498,7 @@ METHOD(task_t, build_i, status_t,
 	/* check for additional authentication rounds */
 	if (do_another_auth(this))
 	{
-		if (message->get_payload(message, AUTHENTICATION))
+		if (message->get_payload(message, PLV2_AUTH))
 		{
 			message->add_notify(message, FALSE, ANOTHER_AUTH_FOLLOWS, chunk_empty);
 		}
@@ -525,7 +525,7 @@ METHOD(task_t, process_r, status_t,
 	if (this->my_auth == NULL && this->do_another_auth)
 	{
 		/* handle (optional) IDr payload, apply proposed identity */
-		id_payload = (id_payload_t*)message->get_payload(message, ID_RESPONDER);
+		id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_RESPONDER);
 		if (id_payload)
 		{
 			id = id_payload->get_identification(id_payload);
@@ -558,7 +558,7 @@ METHOD(task_t, process_r, status_t,
 	if (this->other_auth == NULL)
 	{
 		/* handle IDi payload */
-		id_payload = (id_payload_t*)message->get_payload(message, ID_INITIATOR);
+		id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_INITIATOR);
 		if (!id_payload)
 		{
 			DBG1(DBG_IKE, "IDi payload missing");
@@ -578,7 +578,7 @@ METHOD(task_t, process_r, status_t,
 				return NEED_MORE;
 			}
 		}
-		if (message->get_payload(message, AUTHENTICATION) == NULL)
+		if (message->get_payload(message, PLV2_AUTH) == NULL)
 		{	/* before authenticating with EAP, we need a EAP config */
 			cand = get_auth_cfg(this, FALSE);
 			while (!cand || (
@@ -631,7 +631,7 @@ METHOD(task_t, process_r, status_t,
 			this->other_auth = NULL;
 			break;
 		case NEED_MORE:
-			if (message->get_payload(message, AUTHENTICATION))
+			if (message->get_payload(message, PLV2_AUTH))
 			{	/* AUTH verification successful, but another build() needed */
 				break;
 			}
@@ -733,7 +733,7 @@ METHOD(task_t, build_r, status_t,
 			}
 		}
 
-		id_payload = id_payload_create_from_identification(ID_RESPONDER, id);
+		id_payload = id_payload_create_from_identification(PLV2_ID_RESPONDER, id);
 		get_reserved_id_bytes(this, id_payload);
 		message->add_payload(message, (payload_t*)id_payload);
 
@@ -780,7 +780,7 @@ METHOD(task_t, build_r, status_t,
 			case NEED_MORE:
 				break;
 			default:
-				if (message->get_payload(message, EXTENSIBLE_AUTHENTICATION))
+				if (message->get_payload(message, PLV2_EAP))
 				{	/* skip AUTHENTICATION_FAILED if we have EAP_FAILURE */
 					goto peer_auth_failed_no_notify;
 				}
@@ -900,7 +900,7 @@ METHOD(task_t, process_i, status_t,
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) == NOTIFY)
+		if (payload->get_type(payload) == PLV2_NOTIFY)
 		{
 			notify_payload_t *notify = (notify_payload_t*)payload;
 			notify_type_t type = notify->get_notify_type(notify);
@@ -956,7 +956,7 @@ METHOD(task_t, process_i, status_t,
 
 			/* handle IDr payload */
 			id_payload = (id_payload_t*)message->get_payload(message,
-															 ID_RESPONDER);
+															 PLV2_ID_RESPONDER);
 			if (!id_payload)
 			{
 				DBG1(DBG_IKE, "IDr payload missing");
@@ -968,7 +968,7 @@ METHOD(task_t, process_i, status_t,
 			cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
 			cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id));
 
-			if (message->get_payload(message, AUTHENTICATION))
+			if (message->get_payload(message, PLV2_AUTH))
 			{
 				/* verify authentication data */
 				this->other_auth = authenticator_create_verifier(this->ike_sa,
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
index 6dbc4dec3..5a9e08de2 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c
@@ -63,14 +63,14 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
 
 	if (!this->ike_sa->supports_extension(this->ike_sa, EXT_HASH_AND_URL))
 	{
-		return cert_payload_create_from_cert(CERTIFICATE, cert);
+		return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
 	}
 
 	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
 	if (!hasher)
 	{
 		DBG1(DBG_IKE, "unable to use hash-and-url: sha1 not supported");
-		return cert_payload_create_from_cert(CERTIFICATE, cert);
+		return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
 	}
 
 	if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
@@ -83,7 +83,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
 	{
 		hasher->destroy(hasher);
 		chunk_free(&encoded);
-		return cert_payload_create_from_cert(CERTIFICATE, cert);
+		return cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
 	}
 	chunk_free(&encoded);
 	hasher->destroy(hasher);
@@ -97,7 +97,7 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
 	}
 	else
 	{
-		payload = cert_payload_create_from_cert(CERTIFICATE, cert);
+		payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
 	}
 	enumerator->destroy(enumerator);
 	chunk_free(&hash);
@@ -145,7 +145,7 @@ static void add_im_certs(private_ike_cert_post_t *this, auth_cfg_t *auth,
 	{
 		if (type == AUTH_RULE_IM_CERT)
 		{
-			payload = cert_payload_create_from_cert(CERTIFICATE, cert);
+			payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
 			if (payload)
 			{
 				DBG1(DBG_IKE, "sending issuer cert \"%Y\"",
@@ -187,7 +187,7 @@ static void add_attribute_certs(private_ike_cert_post_t *this,
 			if (id && id->equals(id, subject->get_issuer(subject)) &&
 				cert->get_validity(cert, NULL, NULL, NULL))
 			{
-				payload = cert_payload_create_from_cert(CERTIFICATE, cert);
+				payload = cert_payload_create_from_cert(PLV2_CERTIFICATE, cert);
 				if (payload)
 				{
 					DBG1(DBG_IKE, "sending attribute certificate "
@@ -210,7 +210,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message)
 	auth_payload_t *payload;
 	auth_cfg_t *auth;
 
-	payload = (auth_payload_t*)message->get_payload(message, AUTHENTICATION);
+	payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH);
 	peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
 	if (!peer_cfg || !payload || payload->get_auth_method(payload) == AUTH_PSK)
 	{	/* no CERT payload for EAP/PSK */
diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
index 558b1e914..0dac975e7 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c
@@ -138,10 +138,10 @@ static void process_certreqs(private_ike_cert_pre_t *this, message_t *message)
 	{
 		switch (payload->get_type(payload))
 		{
-			case CERTIFICATE_REQUEST:
+			case PLV2_CERTREQ:
 				process_certreq(this, (certreq_payload_t*)payload, auth);
 				break;
-			case NOTIFY:
+			case PLV2_NOTIFY:
 				process_notify(this, (notify_payload_t*)payload);
 				break;
 			default:
@@ -298,7 +298,7 @@ static void process_certs(private_ike_cert_pre_t *this, message_t *message)
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) == CERTIFICATE)
+		if (payload->get_type(payload) == PLV2_CERTIFICATE)
 		{
 			cert_payload_t *cert_payload;
 			cert_encoding_t encoding;
@@ -469,7 +469,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message)
 static bool final_auth(message_t *message)
 {
 	/* we check for an AUTH payload without a ANOTHER_AUTH_FOLLOWS notify */
-	if (message->get_payload(message, AUTHENTICATION) == NULL)
+	if (message->get_payload(message, PLV2_AUTH) == NULL)
 	{
 		return FALSE;
 	}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_config.c b/src/libcharon/sa/ikev2/tasks/ike_config.c
index 17132feee..da06e2a36 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_config.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_config.c
@@ -98,7 +98,7 @@ static configuration_attribute_t *build_vip(host_t *vip)
 			chunk = chunk_cata("cc", chunk, prefix);
 		}
 	}
-	return configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE,
+	return configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE,
 												type, chunk);
 }
 
@@ -130,11 +130,8 @@ static void handle_attribute(private_ike_config_t *this,
 	handler = hydra->attributes->handle(hydra->attributes,
 							this->ike_sa->get_other_id(this->ike_sa), handler,
 							ca->get_type(ca), ca->get_chunk(ca));
-	if (handler)
-	{
-		this->ike_sa->add_configuration_attribute(this->ike_sa,
-				handler, ca->get_type(ca), ca->get_chunk(ca));
-	}
+	this->ike_sa->add_configuration_attribute(this->ike_sa,
+							handler, ca->get_type(ca), ca->get_chunk(ca));
 }
 
 /**
@@ -200,7 +197,7 @@ static void process_payloads(private_ike_config_t *this, message_t *message)
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) == CONFIGURATION)
+		if (payload->get_type(payload) == PLV2_CONFIGURATION)
 		{
 			cp_payload_t *cp = (cp_payload_t*)payload;
 			configuration_attribute_t *ca;
@@ -268,7 +265,7 @@ METHOD(task_t, build_i, status_t,
 
 		if (vips->get_count(vips))
 		{
-			cp = cp_payload_create_type(CONFIGURATION, CFG_REQUEST);
+			cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REQUEST);
 			enumerator = vips->create_enumerator(vips);
 			while (enumerator->enumerate(enumerator, &host))
 			{
@@ -288,11 +285,11 @@ METHOD(task_t, build_i, status_t,
 			/* create configuration attribute */
 			DBG2(DBG_IKE, "building %N attribute",
 				 configuration_attribute_type_names, type);
-			ca = configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE,
+			ca = configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE,
 													  type, data);
 			if (!cp)
 			{
-				cp = cp_payload_create_type(CONFIGURATION, CFG_REQUEST);
+				cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REQUEST);
 			}
 			cp->add_attribute(cp, ca);
 
@@ -363,7 +360,7 @@ METHOD(task_t, build_r, status_t,
 				this->ike_sa->add_virtual_ip(this->ike_sa, FALSE, found);
 				if (!cp)
 				{
-					cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY);
+					cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REPLY);
 				}
 				cp->add_attribute(cp, build_vip(found));
 				vips->insert_last(vips, found);
@@ -407,12 +404,12 @@ METHOD(task_t, build_r, status_t,
 		{
 			if (!cp)
 			{
-				cp = cp_payload_create_type(CONFIGURATION, CFG_REPLY);
+				cp = cp_payload_create_type(PLV2_CONFIGURATION, CFG_REPLY);
 			}
 			DBG2(DBG_IKE, "building %N attribute",
 				 configuration_attribute_type_names, type);
 			cp->add_attribute(cp,
-				configuration_attribute_create_chunk(CONFIGURATION_ATTRIBUTE,
+				configuration_attribute_create_chunk(PLV2_CONFIGURATION_ATTRIBUTE,
 													 type, value));
 		}
 		enumerator->destroy(enumerator);
@@ -449,6 +446,8 @@ METHOD(task_t, process_i, status_t,
 			}
 		}
 		enumerator->destroy(enumerator);
+
+		charon->bus->handle_vips(charon->bus, this->ike_sa, TRUE);
 		return SUCCESS;
 	}
 	return NEED_MORE;
diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.c b/src/libcharon/sa/ikev2/tasks/ike_delete.c
index 9bc62bf2a..e972dba07 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_delete.c
@@ -65,7 +65,7 @@ METHOD(task_t, build_i, status_t,
 		 this->ike_sa->get_other_host(this->ike_sa),
 		 this->ike_sa->get_other_id(this->ike_sa));
 
-	delete_payload = delete_payload_create(DELETE, PROTO_IKE);
+	delete_payload = delete_payload_create(PLV2_DELETE, PROTO_IKE);
 	message->add_payload(message, (payload_t*)delete_payload);
 
 	if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING)
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 278bdc3f2..e3c18ea0f 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -147,9 +147,9 @@ static void build_payloads(private_ike_init_t *this, message_t *message)
 	}
 	message->add_payload(message, (payload_t*)sa_payload);
 
-	nonce_payload = nonce_payload_create(NONCE);
+	nonce_payload = nonce_payload_create(PLV2_NONCE);
 	nonce_payload->set_nonce(nonce_payload, this->my_nonce);
-	ke_payload = ke_payload_create_from_diffie_hellman(KEY_EXCHANGE, this->dh);
+	ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE, this->dh);
 
 	if (this->old_sa)
 	{	/* payload order differs if we are rekeying */
@@ -176,7 +176,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
 	{
 		switch (payload->get_type(payload))
 		{
-			case SECURITY_ASSOCIATION:
+			case PLV2_SECURITY_ASSOCIATION:
 			{
 				sa_payload_t *sa_payload = (sa_payload_t*)payload;
 				linked_list_t *proposal_list;
@@ -196,7 +196,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
 											  offsetof(proposal_t, destroy));
 				break;
 			}
-			case KEY_EXCHANGE:
+			case PLV2_KEY_EXCHANGE:
 			{
 				ke_payload_t *ke_payload = (ke_payload_t*)payload;
 
@@ -213,7 +213,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
 				}
 				break;
 			}
-			case NONCE:
+			case PLV2_NONCE:
 			{
 				nonce_payload_t *nonce_payload = (nonce_payload_t*)payload;
 
@@ -449,7 +449,7 @@ METHOD(task_t, process_i, status_t,
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) == NOTIFY)
+		if (payload->get_type(payload) == PLV2_NOTIFY)
 		{
 			notify_payload_t *notify = (notify_payload_t*)payload;
 			notify_type_t type = notify->get_notify_type(notify);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c
index 135c06d19..a7e7505a1 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_me.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_me.c
@@ -171,7 +171,7 @@ static void process_payloads(private_ike_me_t *this, message_t *message)
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) != NOTIFY)
+		if (payload->get_type(payload) != PLV2_NOTIFY)
 		{
 			continue;
 		}
@@ -277,7 +277,7 @@ METHOD(task_t, build_i, status_t,
 		{
 			rng_t *rng;
 			id_payload_t *id_payload;
-			id_payload = id_payload_create_from_identification(ID_PEER,
+			id_payload = id_payload_create_from_identification(PLV2_ID_PEER,
 															   this->peer_id);
 			message->add_payload(message, (payload_t*)id_payload);
 
@@ -339,7 +339,7 @@ METHOD(task_t, process_r, status_t,
 		case ME_CONNECT:
 		{
 			id_payload_t *id_payload;
-			id_payload = (id_payload_t*)message->get_payload(message, ID_PEER);
+			id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_PEER);
 			if (!id_payload)
 			{
 				DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload"
@@ -534,7 +534,7 @@ METHOD(task_t, build_i_ms, status_t,
 		case ME_CONNECT:
 		{
 			id_payload_t *id_payload;
-			id_payload = id_payload_create_from_identification(ID_PEER,
+			id_payload = id_payload_create_from_identification(PLV2_ID_PEER,
 															   this->peer_id);
 			message->add_payload(message, (payload_t*)id_payload);
 
@@ -594,7 +594,7 @@ METHOD(task_t, process_r_ms, status_t,
 		case ME_CONNECT:
 		{
 			id_payload_t *id_payload;
-			id_payload = (id_payload_t*)message->get_payload(message, ID_PEER);
+			id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_PEER);
 			if (!id_payload)
 			{
 				DBG1(DBG_IKE, "received ME_CONNECT without ID_PEER payload"
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index ae3526f42..00ca615d8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -96,7 +96,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
 		chunk_t data;
 		host_t *host;
 
-		if (payload->get_type(payload) != NOTIFY)
+		if (payload->get_type(payload) != PLV2_NOTIFY)
 		{
 			continue;
 		}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c
index 4fc968f25..9e0eb68ce 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_natd.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c
@@ -172,7 +172,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this,
 	{
 		return NULL;
 	}
-	notify = notify_payload_create(NOTIFY);
+	notify = notify_payload_create(PLV2_NOTIFY);
 	notify->set_notify_type(notify, type);
 	notify->set_notification_data(notify, hash);
 	chunk_free(&hash);
@@ -206,7 +206,7 @@ static void process_payloads(private_ike_natd_t *this, message_t *message)
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) != NOTIFY)
+		if (payload->get_type(payload) != PLV2_NOTIFY)
 		{
 			continue;
 		}
@@ -381,7 +381,7 @@ METHOD(task_t, build_r, status_t,
 
 	/* only add notifies on successful responses. */
 	if (message->get_exchange_type(message) == IKE_SA_INIT &&
-		message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
+		message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL)
 	{
 		return SUCCESS;
 	}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
index c3c6cf00e..444ac6ade 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
@@ -83,7 +83,7 @@ static void establish_new(private_ike_rekey_t *this)
 			 this->ike_sa->get_other_host(this->ike_sa),
 			 this->ike_sa->get_other_id(this->ike_sa));
 
-		this->new_sa->inherit(this->new_sa, this->ike_sa);
+		this->new_sa->inherit_post(this->new_sa, this->ike_sa);
 		charon->bus->ike_rekey(charon->bus, this->ike_sa, this->new_sa);
 		charon->ike_sa_manager->checkin(charon->ike_sa_manager, this->new_sa);
 		this->new_sa = NULL;
@@ -124,8 +124,6 @@ METHOD(task_t, build_i, status_t,
 	private_ike_rekey_t *this, message_t *message)
 {
 	ike_version_t version;
-	peer_cfg_t *peer_cfg;
-	host_t *other_host;
 
 	/* create new SA only on first try */
 	if (this->new_sa == NULL)
@@ -137,10 +135,7 @@ METHOD(task_t, build_i, status_t,
 		{	/* shouldn't happen */
 			return FAILED;
 		}
-		peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-		other_host = this->ike_sa->get_other_host(this->ike_sa);
-		this->new_sa->set_peer_cfg(this->new_sa, peer_cfg);
-		this->new_sa->set_other_host(this->new_sa, other_host->clone(other_host));
+		this->new_sa->inherit_pre(this->new_sa, this->ike_sa);
 		this->ike_init = ike_init_create(this->new_sa, TRUE, this->ike_sa);
 		this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
 	}
@@ -153,7 +148,6 @@ METHOD(task_t, process_r, status_t,
 	private_ike_rekey_t *this, message_t *message)
 {
 	enumerator_t *enumerator;
-	peer_cfg_t *peer_cfg;
 	child_sa_t *child_sa;
 
 	if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING)
@@ -186,9 +180,7 @@ METHOD(task_t, process_r, status_t,
 	{	/* shouldn't happen */
 		return FAILED;
 	}
-
-	peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-	this->new_sa->set_peer_cfg(this->new_sa, peer_cfg);
+	this->new_sa->inherit_pre(this->new_sa, this->ike_sa);
 	this->ike_init = ike_init_create(this->new_sa, FALSE, this->ike_sa);
 	this->ike_init->task.process(&this->ike_init->task, message);
 
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index 16ac16673..d536af218 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -92,7 +92,7 @@ METHOD(task_t, build, status_t,
 		if (vids[i].extension == EXT_STRONGSWAN && strongswan)
 		{
 			DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc);
-			vid = vendor_id_payload_create_data(VENDOR_ID,
+			vid = vendor_id_payload_create_data(PLV2_VENDOR_ID,
 										chunk_clone(get_vid_data(&vids[i])));
 			message->add_payload(message, &vid->payload_interface);
 		}
@@ -111,7 +111,7 @@ METHOD(task_t, process, status_t,
 	enumerator = message->create_payload_enumerator(message);
 	while (enumerator->enumerate(enumerator, &payload))
 	{
-		if (payload->get_type(payload) == VENDOR_ID)
+		if (payload->get_type(payload) == PLV2_VENDOR_ID)
 		{
 			vendor_id_payload_t *vid;
 			chunk_t data;
author	Yves-Alexis Perez <corsac@debian.org>	2014-07-11 07:23:31 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2014-07-11 07:23:31 +0200
commit	81c63b0eed39432878f78727f60a1e7499645199 (patch)
tree	82387d8fecd1c20788fd8bd784a9b0bde091fb6b /src/libcharon/sa/ikev2
parent	c5ebfc7b9c16551fe825dc1d79c3f7e2f096f6c9 (diff)
download	vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.tar.gz vyos-strongswan-81c63b0eed39432878f78727f60a1e7499645199.zip