bool force_encap;
/**
- * use IKEv1 fragmentation
+ * use IKE fragmentation
*/
fragmentation_t fragmentation;
+ /**
+ * childless IKE_SAs
+ */
+ childless_t childless;
+
/**
* DSCP value to use on sent IKE packets
*/
return this->fragmentation;
}
+METHOD(ike_cfg_t, childless, childless_t,
+ private_ike_cfg_t *this)
+{
+ return this->childless;
+}
+
/**
* Common function for resolve_me/other
*/
this->certreq == other->certreq &&
this->force_encap == other->force_encap &&
this->fragmentation == other->fragmentation &&
+ this->childless == other->childless &&
streq(this->me, other->me) &&
streq(this->other, other->other) &&
this->my_port == other->my_port &&
.send_certreq = _send_certreq,
.force_encap = _force_encap_,
.fragmentation = _fragmentation,
+ .childless = _childless,
.resolve_me = _resolve_me,
.resolve_other = _resolve_other,
.match_me = _match_me,
.certreq = !data->no_certreq,
.force_encap = data->force_encap,
.fragmentation = data->fragmentation,
+ .childless = data->childless,
.me = strdup(data->local),
.my_ranges = linked_list_create(),
.my_hosts = linked_list_create(),
typedef enum ike_version_t ike_version_t;
typedef enum fragmentation_t fragmentation_t;
+typedef enum childless_t childless_t;
typedef struct ike_cfg_t ike_cfg_t;
typedef struct ike_cfg_create_t ike_cfg_create_t;
FRAGMENTATION_FORCE,
};
+/**
+ * Childless IKE_SAs (RFC 6023)
+ */
+enum childless_t {
+ /** Allow childless IKE_SAs as responder, but initiate regular IKE_SAs */
+ CHILDLESS_ALLOW,
+ /** Don't accept childless IKE_SAs as responder, don't initiate them */
+ CHILDLESS_NEVER,
+ /** Only accept the creation of childless IKE_SAs (also as responder) */
+ CHILDLESS_FORCE,
+};
+
/**
* enum strings for ike_version_t
*/
bool (*force_encap) (ike_cfg_t *this);
/**
- * Use proprietary IKEv1 fragmentation
+ * Use IKE fragmentation
*
* @return TRUE to use fragmentation
*/
fragmentation_t (*fragmentation) (ike_cfg_t *this);
+ /**
+ * Whether to initiate/accept childless IKE_SAs
+ *
+ * @return initiate/accept childless IKE_SAs
+ */
+ childless_t (*childless)(ike_cfg_t *this);
+
/**
* Get the DH group to use for IKE_SA setup.
*
bool force_encap;
/** Use IKE fragmentation */
fragmentation_t fragmentation;
+ /** Childless IKE_SA configuration */
+ childless_t childless;
/** DSCP value to send IKE packets with */
uint8_t dscp;
};
projects / thirdparty / strongswan.git / commitdiff
