From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 16 Sep 2016 15:37:59 +0000 (+0200)
Subject: ikev2: Negotiate support for IKE message ID synchronisation during IKE_AUTH
X-Git-Tag: 5.5.2dr5~22^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d6ffa85feaf443afca66e77249159ef928e3d35e;p=thirdparty%2Fstrongswan.git

ikev2: Negotiate support for IKE message ID synchronisation during IKE_AUTH
---

diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index e78f4deb9e..c8ba2fd2a3 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -151,6 +151,11 @@ enum ike_extension_t {
 	 * IKEv2 Redirect Mechanism, RFC 5685
 	 */
 	EXT_IKE_REDIRECTION = (1<<13),
+
+	/**
+	 * IKEv2 Message ID sync, RFC 6311
+	 */
+	EXT_IKE_MESSAGE_ID_SYNC = (1<<14),
 };
 
 /**
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 1e47144dc7..53daaf2ad5 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -417,6 +417,9 @@ METHOD(task_t, build_i, status_t,
 		/* indicate support for EAP-only authentication */
 		message->add_notify(message, FALSE, EAP_ONLY_AUTHENTICATION,
 							chunk_empty);
+		/* indicate support for RFC 6311 Message ID synchronization */
+		message->add_notify(message, FALSE, IKEV2_MESSAGE_ID_SYNC_SUPPORTED,
+							chunk_empty);
 	}
 
 	if (!this->do_another_auth && !this->my_auth)
@@ -992,6 +995,10 @@ METHOD(task_t, process_i, status_t,
 						DBG1(DBG_IKE, "received invalid REDIRECT notify");
 					}
 					break;
+				case IKEV2_MESSAGE_ID_SYNC_SUPPORTED:
+					this->ike_sa->enable_extension(this->ike_sa,
+												   EXT_IKE_MESSAGE_ID_SYNC);
+					break;
 				default:
 				{
 					if (type <= 16383)