diff options
Diffstat (limited to 'src/libcharon/sa/tasks/child_create.c')
| -rw-r--r-- | src/libcharon/sa/tasks/child_create.c | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/src/libcharon/sa/tasks/child_create.c b/src/libcharon/sa/tasks/child_create.c index 57beedba9..16f7b6d81 100644 --- a/src/libcharon/sa/tasks/child_create.c +++ b/src/libcharon/sa/tasks/child_create.c @@ -117,6 +117,14 @@ struct private_child_create_t { ipsec_mode_t mode; /** +<<<<<<< HEAD +======= + * peer accepts TFC padding for this SA + */ + bool tfcv3; + + /** +>>>>>>> upstream/4.5.1 * IPComp transform to use */ ipcomp_transform_t ipcomp; @@ -455,6 +463,7 @@ static status_t select_and_install(private_child_create_t *this, { if (this->initiator) { +<<<<<<< HEAD status_i = this->child_sa->install(this->child_sa, encr_r, integ_r, this->my_spi, this->my_cpi, TRUE, my_ts, other_ts); status_o = this->child_sa->install(this->child_sa, encr_i, integ_i, @@ -466,6 +475,23 @@ static status_t select_and_install(private_child_create_t *this, this->my_spi, this->my_cpi, TRUE, my_ts, other_ts); status_o = this->child_sa->install(this->child_sa, encr_r, integ_r, this->other_spi, this->other_cpi, FALSE, my_ts, other_ts); +======= + status_i = this->child_sa->install(this->child_sa, + encr_r, integ_r, this->my_spi, this->my_cpi, + TRUE, this->tfcv3, my_ts, other_ts); + status_o = this->child_sa->install(this->child_sa, + encr_i, integ_i, this->other_spi, this->other_cpi, + FALSE, this->tfcv3, my_ts, other_ts); + } + else + { + status_i = this->child_sa->install(this->child_sa, + encr_i, integ_i, this->my_spi, this->my_cpi, + TRUE, this->tfcv3, my_ts, other_ts); + status_o = this->child_sa->install(this->child_sa, + encr_r, integ_r, this->other_spi, this->other_cpi, + FALSE, this->tfcv3, my_ts, other_ts); +>>>>>>> upstream/4.5.1 } } chunk_clear(&integ_i); @@ -631,7 +657,17 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify ipcomp_transform_names, ipcomp); break; } +<<<<<<< HEAD } +======= + break; + } + case ESP_TFC_PADDING_NOT_SUPPORTED: + DBG1(DBG_IKE, "received %N, not using ESPv3 TFC padding", + notify_type_names, notify->get_notify_type(notify)); + this->tfcv3 = FALSE; + break; +>>>>>>> upstream/4.5.1 default: break; } @@ -691,10 +727,15 @@ static void process_payloads(private_child_create_t *this, message_t *message) enumerator->destroy(enumerator); } +<<<<<<< HEAD /** * Implementation of task_t.build for initiator */ static status_t build_i(private_child_create_t *this, message_t *message) +======= +METHOD(task_t, build_i, status_t, + private_child_create_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { host_t *me, *other, *vip; peer_cfg_t *peer_cfg; @@ -831,10 +872,15 @@ static status_t build_i(private_child_create_t *this, message_t *message) return NEED_MORE; } +<<<<<<< HEAD /** * Implementation of task_t.process for responder */ static status_t process_r(private_child_create_t *this, message_t *message) +======= +METHOD(task_t, process_r, status_t, + private_child_create_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { switch (message->get_exchange_type(message)) { @@ -877,10 +923,15 @@ static void handle_child_sa_failure(private_child_create_t *this, } } +<<<<<<< HEAD /** * Implementation of task_t.build for responder */ static status_t build_r(private_child_create_t *this, message_t *message) +======= +METHOD(task_t, build_r, status_t, + private_child_create_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { peer_cfg_t *peer_cfg; payload_t *payload; @@ -958,7 +1009,11 @@ static status_t build_r(private_child_create_t *this, message_t *message) case INTERNAL_ADDRESS_FAILURE: case FAILED_CP_REQUIRED: { +<<<<<<< HEAD DBG1(DBG_IKE,"configuration payload negotation " +======= + DBG1(DBG_IKE,"configuration payload negotiation " +>>>>>>> upstream/4.5.1 "failed, no CHILD_SA built"); enumerator->destroy(enumerator); handle_child_sa_failure(this, message); @@ -1029,10 +1084,15 @@ static status_t build_r(private_child_create_t *this, message_t *message) return SUCCESS; } +<<<<<<< HEAD /** * Implementation of task_t.process for initiator */ static status_t process_i(private_child_create_t *this, message_t *message) +======= +METHOD(task_t, process_i, status_t, + private_child_create_t *this, message_t *message) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; payload_t *payload; @@ -1103,7 +1163,25 @@ static status_t process_i(private_child_create_t *this, message_t *message) return NEED_MORE; } default: +<<<<<<< HEAD + break; +======= + { + if (message->get_exchange_type(message) == CREATE_CHILD_SA) + { /* handle notifies if not handled in IKE_AUTH */ + if (type <= 16383) + { + DBG1(DBG_IKE, "received %N notify error", + notify_type_names, type); + enumerator->destroy(enumerator); + return SUCCESS; + } + DBG2(DBG_IKE, "received %N notify", + notify_type_names, type); + } break; + } +>>>>>>> upstream/4.5.1 } } } @@ -1155,6 +1233,7 @@ static status_t process_i(private_child_create_t *this, message_t *message) return SUCCESS; } +<<<<<<< HEAD /** * Implementation of task_t.get_type */ @@ -1167,22 +1246,36 @@ static task_type_t get_type(private_child_create_t *this) * Implementation of child_create_t.use_reqid */ static void use_reqid(private_child_create_t *this, u_int32_t reqid) +======= +METHOD(child_create_t, use_reqid, void, + private_child_create_t *this, u_int32_t reqid) +>>>>>>> upstream/4.5.1 { this->reqid = reqid; } +<<<<<<< HEAD /** * Implementation of child_create_t.get_child */ static child_sa_t* get_child(private_child_create_t *this) +======= +METHOD(child_create_t, get_child, child_sa_t*, + private_child_create_t *this) +>>>>>>> upstream/4.5.1 { return this->child_sa; } +<<<<<<< HEAD /** * Implementation of child_create_t.get_lower_nonce */ static chunk_t get_lower_nonce(private_child_create_t *this) +======= +METHOD(child_create_t, get_lower_nonce, chunk_t, + private_child_create_t *this) +>>>>>>> upstream/4.5.1 { if (memcmp(this->my_nonce.ptr, this->other_nonce.ptr, min(this->my_nonce.len, this->other_nonce.len)) < 0) @@ -1195,10 +1288,21 @@ static chunk_t get_lower_nonce(private_child_create_t *this) } } +<<<<<<< HEAD /** * Implementation of task_t.migrate */ static void migrate(private_child_create_t *this, ike_sa_t *ike_sa) +======= +METHOD(task_t, get_type, task_type_t, + private_child_create_t *this) +{ + return CHILD_CREATE; +} + +METHOD(task_t, migrate, void, + private_child_create_t *this, ike_sa_t *ike_sa) +>>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1234,10 +1338,15 @@ static void migrate(private_child_create_t *this, ike_sa_t *ike_sa) this->established = FALSE; } +<<<<<<< HEAD /** * Implementation of task_t.destroy */ static void destroy(private_child_create_t *this) +======= +METHOD(task_t, destroy, void, + private_child_create_t *this) +>>>>>>> upstream/4.5.1 { chunk_free(&this->my_nonce); chunk_free(&this->other_nonce); @@ -1273,6 +1382,7 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config, bool rekey, traffic_selector_t *tsi, traffic_selector_t *tsr) { +<<<<<<< HEAD private_child_create_t *this = malloc_thing(private_child_create_t); this->public.get_child = (child_sa_t*(*)(child_create_t*))get_child; @@ -1285,11 +1395,44 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, { this->public.task.build = (status_t(*)(task_t*,message_t*))build_i; this->public.task.process = (status_t(*)(task_t*,message_t*))process_i; +======= + private_child_create_t *this; + + INIT(this, + .public = { + .get_child = _get_child, + .get_lower_nonce = _get_lower_nonce, + .use_reqid = _use_reqid, + .task = { + .get_type = _get_type, + .migrate = _migrate, + .destroy = _destroy, + }, + }, + .ike_sa = ike_sa, + .config = config, + .packet_tsi = tsi ? tsi->clone(tsi) : NULL, + .packet_tsr = tsr ? tsr->clone(tsr) : NULL, + .dh_group = MODP_NONE, + .keymat = ike_sa->get_keymat(ike_sa), + .mode = MODE_TUNNEL, + .tfcv3 = TRUE, + .ipcomp = IPCOMP_NONE, + .ipcomp_received = IPCOMP_NONE, + .rekey = rekey, + ); + + if (config) + { + this->public.task.build = _build_i; + this->public.task.process = _process_i; +>>>>>>> upstream/4.5.1 this->initiator = TRUE; config->get_ref(config); } else { +<<<<<<< HEAD this->public.task.build = (status_t(*)(task_t*,message_t*))build_r; this->public.task.process = (status_t(*)(task_t*,message_t*))process_r; this->initiator = FALSE; @@ -1320,5 +1463,12 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, this->established = FALSE; this->rekey = rekey; +======= + this->public.task.build = _build_r; + this->public.task.process = _process_r; + this->initiator = FALSE; + } + +>>>>>>> upstream/4.5.1 return &this->public; } |