From: Thomas Egerer <thomas.egerer@secunet.com>
Date: Tue, 8 Feb 2022 16:52:02 +0000 (+0100)
Subject: ha: Streamline handling of conditions and extensions
X-Git-Tag: 5.9.6rc1~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d6879ef984bf30e521a5db07dd9a070e4cc09644;p=thirdparty%2Fstrongswan.git

ha: Streamline handling of conditions and extensions

Automatically takes care of sending/receiving newly added extensions and
conditions.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
---

diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index 3f91183e46..bed4ff290e 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -297,23 +297,35 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message
 }
 
 /**
- * Apply a condition flag to the IKE_SA if it is in set
+ * Apply all set conditions to the IKE_SA
  */
-static void set_condition(ike_sa_t *ike_sa, ike_condition_t set,
-						  ike_condition_t flag)
+static void set_conditions(ike_sa_t *ike_sa, ike_condition_t conditions)
 {
-	ike_sa->set_condition(ike_sa, flag, flag & set);
+	ike_condition_t i;
+
+	for (i = 0; i < sizeof(i) * 8; ++i)
+	{
+		ike_condition_t cond = (1 << i);
+
+		ike_sa->set_condition(ike_sa, cond, (conditions & cond) != 0);
+	}
 }
 
 /**
- * Apply a extension flag to the IKE_SA if it is in set
+ * Apply all enabled extensions to the IKE_SA
  */
-static void set_extension(ike_sa_t *ike_sa, ike_extension_t set,
-						  ike_extension_t flag)
+static void set_extensions(ike_sa_t *ike_sa, ike_extension_t extensions)
 {
-	if (flag & set)
+	ike_extension_t i;
+
+	for (i = 0; i < sizeof(i) * 8; ++i)
 	{
-		ike_sa->enable_extension(ike_sa, flag);
+		ike_extension_t ext = (1 << i);
+
+		if (extensions & ext)
+		{
+			ike_sa->enable_extension(ike_sa, ext);
+		}
 	}
 }
 
@@ -403,27 +415,10 @@ static void process_ike_update(private_ha_dispatcher_t *this,
 				}
 				break;
 			case HA_EXTENSIONS:
-				set_extension(ike_sa, value.u32, EXT_NATT);
-				set_extension(ike_sa, value.u32, EXT_MOBIKE);
-				set_extension(ike_sa, value.u32, EXT_HASH_AND_URL);
-				set_extension(ike_sa, value.u32, EXT_MULTIPLE_AUTH);
-				set_extension(ike_sa, value.u32, EXT_STRONGSWAN);
-				set_extension(ike_sa, value.u32, EXT_EAP_ONLY_AUTHENTICATION);
-				set_extension(ike_sa, value.u32, EXT_MS_WINDOWS);
-				set_extension(ike_sa, value.u32, EXT_XAUTH);
-				set_extension(ike_sa, value.u32, EXT_DPD);
+				set_extensions(ike_sa, value.u32);
 				break;
 			case HA_CONDITIONS:
-				set_condition(ike_sa, value.u32, COND_NAT_ANY);
-				set_condition(ike_sa, value.u32, COND_NAT_HERE);
-				set_condition(ike_sa, value.u32, COND_NAT_THERE);
-				set_condition(ike_sa, value.u32, COND_NAT_FAKE);
-				set_condition(ike_sa, value.u32, COND_EAP_AUTHENTICATED);
-				set_condition(ike_sa, value.u32, COND_CERTREQ_SEEN);
-				set_condition(ike_sa, value.u32, COND_ORIGINAL_INITIATOR);
-				set_condition(ike_sa, value.u32, COND_STALE);
-				set_condition(ike_sa, value.u32, COND_INIT_CONTACT_SEEN);
-				set_condition(ike_sa, value.u32, COND_XAUTH_AUTHENTICATED);
+				set_conditions(ike_sa, value.u32);
 				break;
 			default:
 				break;
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index aae402d505..249f4e8619 100644
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -47,27 +47,37 @@ struct private_ha_ike_t {
 };
 
 /**
- * Return condition if it is set on ike_sa
+ * Copy conditions of IKE_SA to message as HA_CONDITIONS attribute
  */
-static ike_condition_t copy_condition(ike_sa_t *ike_sa, ike_condition_t cond)
+static void copy_conditions(ha_message_t *m, ike_sa_t *ike_sa)
 {
-	if (ike_sa->has_condition(ike_sa, cond))
+	ike_condition_t i, conditions = 0;
+
+	for (i = 0; i < sizeof(i) * 8; ++i)
 	{
-		return cond;
+		ike_condition_t cond = (1 << i);
+
+		conditions |= (ike_sa->has_condition(ike_sa, cond) ? cond : 0);
 	}
-	return 0;
+
+	m->add_attribute(m, HA_CONDITIONS, (uint32_t)conditions);
 }
 
 /**
- * Return extension if it is supported by peers IKE_SA
+ * Copy extensions of IKE_SA to message as HA_EXTENSIONS attribute
  */
-static ike_extension_t copy_extension(ike_sa_t *ike_sa, ike_extension_t ext)
+static void copy_extensions(ha_message_t *m, ike_sa_t *ike_sa)
 {
-	if (ike_sa->supports_extension(ike_sa, ext))
+	ike_extension_t i, extensions = 0;
+
+	for (i = 0; i < sizeof(i) * 8; ++i)
 	{
-		return ext;
+		ike_extension_t ext = (1 << i);
+
+		extensions |= (ike_sa->supports_extension(ike_sa, ext) ? ext : 0);
 	}
-	return 0;
+
+	m->add_attribute(m, HA_EXTENSIONS, (uint32_t)extensions);
 }
 
 METHOD(listener_t, ike_keys, bool,
@@ -172,34 +182,12 @@ METHOD(listener_t, ike_updown, bool,
 	{
 		enumerator_t *enumerator;
 		peer_cfg_t *peer_cfg;
-		uint32_t extension, condition;
 		host_t *addr;
 		ike_sa_id_t *id;
 		identification_t *eap_id;
 
 		peer_cfg = ike_sa->get_peer_cfg(ike_sa);
 
-		condition = copy_condition(ike_sa, COND_NAT_ANY)
-				  | copy_condition(ike_sa, COND_NAT_HERE)
-				  | copy_condition(ike_sa, COND_NAT_THERE)
-				  | copy_condition(ike_sa, COND_NAT_FAKE)
-				  | copy_condition(ike_sa, COND_EAP_AUTHENTICATED)
-				  | copy_condition(ike_sa, COND_CERTREQ_SEEN)
-				  | copy_condition(ike_sa, COND_ORIGINAL_INITIATOR)
-				  | copy_condition(ike_sa, COND_STALE)
-				  | copy_condition(ike_sa, COND_INIT_CONTACT_SEEN)
-				  | copy_condition(ike_sa, COND_XAUTH_AUTHENTICATED);
-
-		extension = copy_extension(ike_sa, EXT_NATT)
-				  | copy_extension(ike_sa, EXT_MOBIKE)
-				  | copy_extension(ike_sa, EXT_HASH_AND_URL)
-				  | copy_extension(ike_sa, EXT_MULTIPLE_AUTH)
-				  | copy_extension(ike_sa, EXT_STRONGSWAN)
-				  | copy_extension(ike_sa, EXT_EAP_ONLY_AUTHENTICATION)
-				  | copy_extension(ike_sa, EXT_MS_WINDOWS)
-				  | copy_extension(ike_sa, EXT_XAUTH)
-				  | copy_extension(ike_sa, EXT_DPD);
-
 		id = ike_sa->get_id(ike_sa);
 
 		m = ha_message_create(HA_IKE_UPDATE);
@@ -213,8 +201,8 @@ METHOD(listener_t, ike_updown, bool,
 		}
 		m->add_attribute(m, HA_LOCAL_ADDR, ike_sa->get_my_host(ike_sa));
 		m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa));
-		m->add_attribute(m, HA_CONDITIONS, condition);
-		m->add_attribute(m, HA_EXTENSIONS, extension);
+		copy_conditions(m, ike_sa);
+		copy_extensions(m, ike_sa);
 		m->add_attribute(m, HA_CONFIG_NAME, peer_cfg->get_name(peer_cfg));
 		enumerator = ike_sa->create_peer_address_enumerator(ike_sa);
 		while (enumerator->enumerate(enumerator, (void**)&addr))