ikev2: Negotiate support for IKE message ID synchronisation during IKE_AUTH

author Tobias Brunner <tobias@strongswan.org>

Fri, 16 Sep 2016 15:37:59 +0000 (17:37 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Wed, 8 Feb 2017 14:03:25 +0000 (15:03 +0100)
author Tobias Brunner <tobias@strongswan.org>
Fri, 16 Sep 2016 15:37:59 +0000 (17:37 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Wed, 8 Feb 2017 14:03:25 +0000 (15:03 +0100)
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h

index e78f4deb9e9db8137027b903c540962e23258cc8..c8ba2fd2a3aff7a0a52b9f4699da8fafb7490e3b 100644 (file)
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -151,6 +151,11 @@ enum ike_extension_t {
          * IKEv2 Redirect Mechanism, RFC 5685
          */
         EXT_IKE_REDIRECTION = (1<<13),
+
+       /**
+        * IKEv2 Message ID sync, RFC 6311
+        */
+       EXT_IKE_MESSAGE_ID_SYNC = (1<<14),
  };
  
  /**
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c

index 1e47144dc744944f6ed8a60bc7dd4deb5bb89753..53daaf2ad5a30d684a3beedb5fa875fa2667b18a 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -417,6 +417,9 @@ METHOD(task_t, build_i, status_t,
                 /* indicate support for EAP-only authentication */
                 message->add_notify(message, FALSE, EAP_ONLY_AUTHENTICATION,
                                                         chunk_empty);
+               /* indicate support for RFC 6311 Message ID synchronization */
+               message->add_notify(message, FALSE, IKEV2_MESSAGE_ID_SYNC_SUPPORTED,
+                                                       chunk_empty);
         }
  
         if (!this->do_another_auth && !this->my_auth)
@@ -992,6 +995,10 @@ METHOD(task_t, process_i, status_t,
                                                 DBG1(DBG_IKE, "received invalid REDIRECT notify");
                                         }
                                         break;
+                               case IKEV2_MESSAGE_ID_SYNC_SUPPORTED:
+                                       this->ike_sa->enable_extension(this->ike_sa,
+                                                                                                  EXT_IKE_MESSAGE_ID_SYNC);
+                                       break;
                                 default:
                                 {
                                         if (type <= 16383)
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 16 Sep 2016 15:37:59 +0000 (17:37 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Wed, 8 Feb 2017 14:03:25 +0000 (15:03 +0100)
src/libcharon/sa/ike_sa.h		patch \| blob \| blame \| history
src/libcharon/sa/ikev2/tasks/ike_auth.c		patch \| blob \| blame \| history