ha: Support sync of private IKE_SA extensions and conditions

This requires a new protocol version as private extensions would enable
unrelated regular extensions, even when sending the private extension
as second attribute (which would work for conditions as they are
explicitly enabled/disabled).

diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index 83be91ab1590c5d7df03d6a4dafe9fdb7680038a..5ef52546c7f6c14daece9df2dcc74e5708ad8ecb 100644 (file)
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -371,13 +371,13 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
  */
 static void set_conditions(ike_sa_t *ike_sa, ike_condition_t conditions)
 {
-       ike_condition_t i;
+       ike_condition_t i, private = (conditions & COND_PRIVATE_MARKER);
 
-       for (i = 0; i < sizeof(i) * 8; ++i)
+       for (i = 0; i < (sizeof(i) * 8) - 1; ++i)
        {
-               ike_condition_t cond = (1 << i);
+               ike_condition_t cond = (1 << i) | private;
 
-               ike_sa->set_condition(ike_sa, cond, (conditions & cond) != 0);
+               ike_sa->set_condition(ike_sa, cond, (conditions & cond) == cond);
        }
 }
 
@@ -386,13 +386,13 @@ static void set_conditions(ike_sa_t *ike_sa, ike_condition_t conditions)
  */
 static void set_extensions(ike_sa_t *ike_sa, ike_extension_t extensions)
 {
-       ike_extension_t i;
+       ike_extension_t i, private = (extensions & EXT_PRIVATE_MARKER);
 
-       for (i = 0; i < sizeof(i) * 8; ++i)
+       for (i = 0; i < (sizeof(i) * 8) - 1; ++i)
        {
-               ike_extension_t ext = (1 << i);
+               ike_extension_t ext = (1 << i) | private;
 
-               if (extensions & ext)
+               if ((extensions & ext) == ext)
                {
                        ike_sa->enable_extension(ike_sa, ext);
                }

diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index f6983ff46663dc1d7d1cf94dd91cf306456cff5b..56c79a7b06f50c6653e2e31e09e65d975d5777ac 100644 (file)
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -49,15 +49,15 @@ struct private_ha_ike_t {
 };
 
 /**
- * Copy conditions of IKE_SA to message as HA_CONDITIONS attribute
+ * Copy (private) conditions of IKE_SA to message as HA_CONDITIONS attribute
  */
-static void copy_conditions(ha_message_t *m, ike_sa_t *ike_sa)
+static void copy_conditions(ha_message_t *m, ike_sa_t *ike_sa, bool private)
 {
-       ike_condition_t i, conditions = 0;
+       ike_condition_t i, conditions = private ? COND_PRIVATE_MARKER : 0;
 
-       for (i = 0; i < sizeof(i) * 8; ++i)
+       for (i = 0; i < (sizeof(i) * 8) - 1; ++i)
        {
-               ike_condition_t cond = (1 << i);
+               ike_condition_t cond = (1 << i) | (private ? COND_PRIVATE_MARKER : 0);
 
                conditions |= (ike_sa->has_condition(ike_sa, cond) ? cond : 0);
        }
@@ -66,15 +66,15 @@ static void copy_conditions(ha_message_t *m, ike_sa_t *ike_sa)
 }
 
 /**
- * Copy extensions of IKE_SA to message as HA_EXTENSIONS attribute
+ * Copy (private) extensions of IKE_SA to message as HA_EXTENSIONS attribute
  */
-static void copy_extensions(ha_message_t *m, ike_sa_t *ike_sa)
+static void copy_extensions(ha_message_t *m, ike_sa_t *ike_sa, bool private)
 {
-       ike_extension_t i, extensions = 0;
+       ike_extension_t i, extensions = private ? EXT_PRIVATE_MARKER : 0;
 
-       for (i = 0; i < sizeof(i) * 8; ++i)
+       for (i = 0; i < (sizeof(i) * 8) - 1; ++i)
        {
-               ike_extension_t ext = (1 << i);
+               ike_extension_t ext = (1 << i) | (private ? EXT_PRIVATE_MARKER : 0);
 
                extensions |= (ike_sa->supports_extension(ike_sa, ext) ? ext : 0);
        }
@@ -212,8 +212,10 @@ METHOD(listener_t, ike_updown, bool,
                }
                m->add_attribute(m, HA_LOCAL_ADDR, ike_sa->get_my_host(ike_sa));
                m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
-               copy_conditions(m, ike_sa);
-               copy_extensions(m, ike_sa);
+               copy_conditions(m, ike_sa, FALSE);
+               copy_conditions(m, ike_sa, TRUE);
+               copy_extensions(m, ike_sa, FALSE);
+               copy_extensions(m, ike_sa, TRUE);
                m->add_attribute(m, HA_CONFIG_NAME, peer_cfg->get_name(peer_cfg));
                enumerator = ike_sa->create_peer_address_enumerator(ike_sa);
                while (enumerator->enumerate(enumerator, (void**)&addr))

diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h
index 04a77618c3b96fd224d119ad6c2e735422ebc23d..58b87a7d67eab09de212edfdc49640b0a9c65e3e 100644 (file)
--- a/src/libcharon/plugins/ha/ha_message.h
+++ b/src/libcharon/plugins/ha/ha_message.h
@@ -33,7 +33,7 @@
 /**
  * Protocol version of this implementation
  */
-#define HA_MESSAGE_VERSION 4
+#define HA_MESSAGE_VERSION 5
 
 typedef struct ha_message_t ha_message_t;
 typedef enum ha_message_type_t ha_message_type_t;