ike: Support optional acquire sequence numbers when creating CHILD_SAs

diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 94f4fe7ccefb6488199c9f13b78948fcec581142..c6fa62ff3e10c1159202f8749314ed4acee66dc8 100644 (file)
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -412,6 +412,8 @@ struct child_init_args_t {
        traffic_selector_t *dst;
        /** Optional security label of triggering packet */
        sec_label_t *label;
+       /** Optional sequence number associated with the acquire triggering the SA */
+       uint32_t seq;
 };
 
 /**

diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index c5a8e9a4579318379a78451ff3777810fc2373d5..672a04927d8a8cd728aff3a7ebf035d83bdf3743 100644 (file)
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -1009,7 +1009,7 @@ static status_t process_request(private_task_manager_t *this,
                                        break;
                                }
                                task = (task_t *)quick_mode_create(this->ike_sa, NULL,
-                                                                                                  NULL, NULL);
+                                                                                                  NULL, NULL, 0);
                                this->passive_tasks->insert_last(this->passive_tasks, task);
                                break;
                        case INFORMATIONAL_V1:
@@ -1697,12 +1697,13 @@ METHOD(task_manager_t, queue_child, void,
 
        if (args)
        {
-               task = quick_mode_create(this->ike_sa, cfg, args->src, args->dst);
+               task = quick_mode_create(this->ike_sa, cfg, args->src, args->dst,
+                                                                args->seq);
                task->use_reqid(task, args->reqid);
        }
        else
        {
-               task = quick_mode_create(this->ike_sa, cfg, NULL, NULL);
+               task = quick_mode_create(this->ike_sa, cfg, NULL, NULL, 0);
        }
        queue_task(this, &task->task);
 }
@@ -1816,7 +1817,7 @@ METHOD(task_manager_t, queue_child_rekey, void,
                        child_sa->set_state(child_sa, CHILD_REKEYING);
                        cfg = child_sa->get_config(child_sa);
                        task = quick_mode_create(this->ike_sa, cfg->get_ref(cfg),
-                               get_first_ts(child_sa, TRUE), get_first_ts(child_sa, FALSE));
+                               get_first_ts(child_sa, TRUE), get_first_ts(child_sa, FALSE), 0);
                        reqid = child_sa->get_reqid_ref(child_sa);
                        if (reqid)
                        {

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 3589241cce520dc922627d7e743b62c702651f5b..ea54b24d21f825376b0f895953052e8b70f05ab2 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1546,7 +1546,8 @@ METHOD(task_t, destroy, void,
  * Described in header.
  */
 quick_mode_t *quick_mode_create(ike_sa_t *ike_sa, child_cfg_t *config,
-                                                       traffic_selector_t *tsi, traffic_selector_t *tsr)
+                                                               traffic_selector_t *tsi, traffic_selector_t *tsr,
+                                                               uint32_t seq)
 {
        private_quick_mode_t *this;
 
@@ -1565,6 +1566,9 @@ quick_mode_t *quick_mode_create(ike_sa_t *ike_sa, child_cfg_t *config,
                        .rekey = _rekey,
                        .abort = _abort_,
                },
+               .child = {
+                       .seq = seq,
+               },
                .ike_sa = ike_sa,
                .initiator = config != NULL,
                .config = config,

diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h
index 85e986dc6122c19f8c303aecfc733ce59efe063b..dbfbbaa801bf2cefc410bd2f4b4c67275c9db327 100644 (file)
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.h
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h
@@ -102,9 +102,11 @@ struct quick_mode_t {
  * @param config               child_cfg if task initiator, NULL if responder
  * @param tsi                  source of triggering packet, or NULL
  * @param tsr                  destination of triggering packet, or NULL
+ * @param seq                  optional sequence number of triggering acquire, or 0
  * @return                             task to handle by the task_manager
  */
 quick_mode_t *quick_mode_create(ike_sa_t *ike_sa, child_cfg_t *config,
-                                                       traffic_selector_t *tsi, traffic_selector_t *tsr);
+                                                               traffic_selector_t *tsi, traffic_selector_t *tsr,
+                                                               uint32_t seq);
 
 #endif /** QUICK_MODE_H_ @}*/

diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index 1e213aaaf579fc42a313eebf9de0ffc5de4d790b..2180bd9099d4c3b7000fdb8b3e66d7c32b6a6a88 100644 (file)
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -1168,7 +1168,7 @@ static status_t process_request(private_task_manager_t *this,
                                task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
                                array_insert(this->passive_tasks, ARRAY_TAIL, task);
                                task = (task_t*)child_create_create(this->ike_sa, NULL, FALSE,
-                                                                                                       NULL, NULL);
+                                                                                                       NULL, NULL, 0);
                                array_insert(this->passive_tasks, ARRAY_TAIL, task);
                                break;
                        }
@@ -1222,7 +1222,7 @@ static status_t process_request(private_task_manager_t *this,
                                        else
                                        {
                                                task = (task_t*)child_create_create(this->ike_sa, NULL,
-                                                                                                                       FALSE, NULL, NULL);
+                                                                                                                       FALSE, NULL, NULL, 0);
                                        }
                                }
                                else
@@ -2196,7 +2196,7 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
                }
                cfg = child_sa->get_config(child_sa);
                child_create = child_create_create(new, cfg->get_ref(cfg),
-                                                                                  FALSE, NULL, NULL);
+                                                                                  FALSE, NULL, NULL, 0);
                reqid = child_sa->get_reqid_ref(child_sa);
                if (reqid)
                {
@@ -2375,13 +2375,14 @@ METHOD(task_manager_t, queue_child, void,
 
        if (args)
        {
-               task = child_create_create(this->ike_sa, cfg, FALSE, args->src, args->dst);
+               task = child_create_create(this->ike_sa, cfg, FALSE, args->src,
+                                                                  args->dst, args->seq);
                task->use_reqid(task, args->reqid);
                task->use_label(task, args->label);
        }
        else
        {
-               task = child_create_create(this->ike_sa, cfg, FALSE, NULL, NULL);
+               task = child_create_create(this->ike_sa, cfg, FALSE, NULL, NULL, 0);
        }
        queue_task(this, &task->task);
 }

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index ee76433f73456d237674fc8d8d1fff2ec684f56e..9efaed28f4c160311bf7211818e16991e287f856 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -249,7 +249,8 @@ static void schedule_delayed_retry(private_child_create_t *this)
 
        task = child_create_create(this->ike_sa,
                                                           this->config->get_ref(this->config), FALSE,
-                                                          this->packet_tsi, this->packet_tsr);
+                                                          this->packet_tsi, this->packet_tsr,
+                                                          this->child.seq);
        task->use_reqid(task, this->child.reqid);
        task->use_marks(task, this->child.mark_in, this->child.mark_out);
        task->use_if_ids(task, this->child.if_id_in, this->child.if_id_out);
@@ -2669,8 +2670,9 @@ METHOD(task_t, destroy, void,
  * Described in header.
  */
 child_create_t *child_create_create(ike_sa_t *ike_sa,
-                                                       child_cfg_t *config, bool rekey,
-                                                       traffic_selector_t *tsi, traffic_selector_t *tsr)
+                                                                       child_cfg_t *config, bool rekey,
+                                                                       traffic_selector_t *tsi,
+                                                                       traffic_selector_t *tsr, uint32_t seq)
 {
        private_child_create_t *this;
 
@@ -2693,6 +2695,9 @@ child_create_t *child_create_create(ike_sa_t *ike_sa,
                                .destroy = _destroy,
                        },
                },
+               .child = {
+                       .seq = seq,
+               },
                .ike_sa = ike_sa,
                .config = config,
                .packet_tsi = tsi ? tsi->clone(tsi) : NULL,

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.h b/src/libcharon/sa/ikev2/tasks/child_create.h
index 0a65ba17a0ed05c96113d024956b3a8bbd2d60bb..f3ff0cc7d6f4e666806de70062503e20e53f931a 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.h
+++ b/src/libcharon/sa/ikev2/tasks/child_create.h
@@ -140,10 +140,12 @@ struct child_create_t {
  * @param rekey                        whether we do a rekey or not
  * @param tsi                  source of triggering packet, or NULL
  * @param tsr                  destination of triggering packet, or NULL
+ * @param seq                  optional sequence number of triggering acquire, or 0
  * @return                             child_create task to handle by the task_manager
  */
 child_create_t *child_create_create(ike_sa_t *ike_sa,
-                                                       child_cfg_t *config, bool rekey,
-                                                       traffic_selector_t *tsi, traffic_selector_t *tsr);
+                                                                       child_cfg_t *config, bool rekey,
+                                                                       traffic_selector_t *tsi,
+                                                                       traffic_selector_t *tsr, uint32_t seq);
 
 #endif /** CHILD_CREATE_H_ @}*/

diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c
index e2e198b285c1d1c349959a2f5a300f76329e4ceb..3282a21f7a1b3c8ffd5c9fddc96f316cb9bb2f76 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_delete.c
+++ b/src/libcharon/sa/ikev2/tasks/child_delete.c
@@ -556,7 +556,7 @@ METHOD(task_t, build_i, status_t,
                child_cfg = child_sa->get_config(child_sa);
                this->ike_sa->queue_task(this->ike_sa, (task_t*)
                                child_create_create(this->ike_sa, child_cfg->get_ref(child_cfg),
-                                                                       FALSE, NULL, NULL));
+                                                                       FALSE, NULL, NULL, 0));
        }
        return NEED_MORE;
 }

diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c
index 6c73d0671aa2d23d5cb6bab8a5fc80db01235444..86161423b72243683197399fbfe5d50ffac27596 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c
@@ -275,7 +275,7 @@ METHOD(task_t, build_i, status_t,
 
                config = this->child_sa->get_config(this->child_sa);
                this->child_create = child_create_create(this->ike_sa,
-                                                                       config->get_ref(config), TRUE, NULL, NULL);
+                                                               config->get_ref(config), TRUE, NULL, NULL, 0);
 
                proposal = this->child_sa->get_proposal(this->child_sa);
                if (proposal->get_algorithm(proposal, KEY_EXCHANGE_METHOD,
@@ -1240,7 +1240,8 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
                this->public.task.build = _build_r;
                this->public.task.process = _process_r;
                this->initiator = FALSE;
-               this->child_create = child_create_create(ike_sa, NULL, TRUE, NULL, NULL);
+               this->child_create = child_create_create(ike_sa, NULL, TRUE,
+                                                                                                NULL, NULL, 0);
        }
 
        return &this->public;