ike-sa: Add possibility to store private extensions/conditions

This avoids conflicts with upstream changes if patched versions of
strongSwan require a number of private extensions and conditions.  For
example, the following extensions can be used as usual via the
`enable|supports_extension()` methods:

	#define PRIVATE_EXT_1 (EXT_PRIVATE_MARKER | (1<<0))
	#define PRIVATE_EXT_2 (EXT_PRIVATE_MARKER | (1<<1))

Defining an enum would also be possible but because the type won't match
the values would have to be cast to `ike_extension_t` when using the
methods.

Similarly, `COND_PRIVATE_MARKER` may be used to define private conditions
that can be used with the `set|has_condition()` methods.

Because the MSB is explicitly not set in `private_extensions|conditions`,
these members may directly be checked against private values, e.g.:

	if (this->private_extensions & PRIVATE_EXT_1)
	{
	}

diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index a14e9ab3b45f8b92ad19b4643dee8116baa7716e..87de1cc84d1136413089c98b73399ef3e8451d1e 100644 (file)
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -188,15 +188,25 @@ struct private_ike_sa_t {
        identification_t *other_id;
 
        /**
-        * set of extensions the peer supports
+        * Set of extensions the peer supports
         */
        ike_extension_t extensions;
 
        /**
-        * set of condition flags currently enabled for this IKE_SA
+        * Set of private xtensions the peer supports
+        */
+       ike_extension_t private_extensions;
+
+       /**
+        * Set of condition flags currently enabled for this IKE_SA
         */
        ike_condition_t conditions;
 
+       /**
+        * Set of private condition flags currently enabled for this IKE_SA
+        */
+       ike_condition_t private_conditions;
+
        /**
         * Array containing the child sa's of the current IKE_SA.
         */
@@ -755,29 +765,42 @@ METHOD(ike_sa_t, set_ike_cfg, void,
 METHOD(ike_sa_t, enable_extension, void,
        private_ike_sa_t *this, ike_extension_t extension)
 {
-       this->extensions |= extension;
+       ike_extension_t *ptr;
+       ptr = (extension & EXT_PRIVATE_MARKER) ? &this->private_extensions
+                                                                                  : &this->extensions;
+       *ptr |= (extension & ~EXT_PRIVATE_MARKER);
 }
 
 METHOD(ike_sa_t, supports_extension, bool,
        private_ike_sa_t *this, ike_extension_t extension)
 {
-       return (this->extensions & extension) != FALSE;
+       ike_extension_t *ptr;
+       ptr = (extension & EXT_PRIVATE_MARKER) ? &this->private_extensions
+                                                                                  : &this->extensions;
+       return (*ptr & extension) != 0;
 }
 
 METHOD(ike_sa_t, has_condition, bool,
        private_ike_sa_t *this, ike_condition_t condition)
 {
-       return (this->conditions & condition) != FALSE;
+       ike_condition_t *ptr;
+       ptr = (condition & COND_PRIVATE_MARKER) ? &this->private_conditions
+                                                                                   : &this->conditions;
+       return (*ptr & condition) != 0;
 }
 
 METHOD(ike_sa_t, set_condition, void,
        private_ike_sa_t *this, ike_condition_t condition, bool enable)
 {
+       ike_condition_t *ptr;
+
        if (has_condition(this, condition) != enable)
        {
+               ptr = (condition & COND_PRIVATE_MARKER) ? &this->private_conditions
+                                                                                           : &this->conditions;
                if (enable)
                {
-                       this->conditions |= condition;
+                       *ptr |= (condition & ~COND_PRIVATE_MARKER);
                        switch (condition)
                        {
                                case COND_NAT_HERE:
@@ -799,7 +822,7 @@ METHOD(ike_sa_t, set_condition, void,
                }
                else
                {
-                       this->conditions &= ~condition;
+                       *ptr &= ~(condition & ~COND_PRIVATE_MARKER);
                        switch (condition)
                        {
                                case COND_NAT_HERE:
@@ -2921,7 +2944,9 @@ METHOD(ike_sa_t, inherit_pre, void,
 
        /* apply extensions and conditions with a few exceptions */
        this->extensions = other->extensions;
+       this->private_extensions = other->private_extensions;
        this->conditions = other->conditions;
+       this->private_conditions = other->private_conditions;
        this->conditions &= ~COND_STALE;
        this->conditions &= ~COND_REAUTHENTICATING;
 }

diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index ea81de2103adfc8051905019e8fa4549cc9a4bf6..94f4fe7ccefb6488199c9f13b78948fcec581142 100644 (file)
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -80,6 +80,8 @@ typedef struct ike_sa_t ike_sa_t;
 
 /**
  * Extensions (or optional features) the peer supports
+ *
+ * Private extensions can be defined by using the EXT_PRIVATE_MARKER marker.
  */
 enum ike_extension_t {
 
@@ -174,10 +176,17 @@ enum ike_extension_t {
         * IKEv2 Intermediate Exchange, RFC 9242
         */
        EXT_IKE_INTERMEDIATE = (1<<17),
+
+       /**
+        * MSB marker to separate private extensions
+        */
+       EXT_PRIVATE_MARKER = (1<<31),
 };
 
 /**
  * Conditions of an IKE_SA, change during its lifetime
+ *
+ * Private conditions can be defined by using the COND_PRIVATE_MARKER marker.
  */
 enum ike_condition_t {
 
@@ -260,6 +269,11 @@ enum ike_condition_t {
         * An OCSP status request was received
         */
        COND_OCSP_REQUEST = (1<<15),
+
+       /**
+        * MSB marker to separate private conditions
+        */
+       COND_PRIVATE_MARKER = (1<<31),
 };
 
 /**