From: Tobias Brunner Date: Fri, 29 Mar 2019 14:18:08 +0000 (+0100) Subject: ike-init: Notify initiator if childless IKE_SAs are accepted X-Git-Tag: 5.8.0rc1~24^2~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=93104d0fe99214a6981f2efdd9bdbb6125822435;p=thirdparty%2Fstrongswan.git ike-init: Notify initiator if childless IKE_SAs are accepted --- diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index c7ef1fe3c3..d511081409 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -161,6 +161,11 @@ enum ike_extension_t { * Postquantum Preshared Keys, draft-ietf-ipsecme-qr-ikev2 */ EXT_PPK = (1<<15), + + /** + * Responder accepts childless IKE_SAs, RFC 6023 + */ + EXT_IKE_CHILDLESS = (1<<16), }; /** diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index b570904e21..04ce5045e7 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2018 Tobias Brunner + * Copyright (C) 2008-2019 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -433,6 +433,13 @@ static bool build_payloads(private_ike_init_t *this, message_t *message) { message->add_notify(message, FALSE, USE_PPK, chunk_empty); } + /* notify the peer if we accept childless IKE_SAs */ + if (!this->old_sa && !this->initiator && + ike_cfg->childless(ike_cfg) != CHILDLESS_NEVER) + { + message->add_notify(message, FALSE, CHILDLESS_IKEV2_SUPPORTED, + chunk_empty); + } return TRUE; } @@ -578,6 +585,13 @@ static void process_payloads(private_ike_init_t *this, message_t *message) EXT_IKE_REDIRECTION); } break; + case CHILDLESS_IKEV2_SUPPORTED: + if (this->initiator && !this->old_sa) + { + this->ike_sa->enable_extension(this->ike_sa, + EXT_IKE_CHILDLESS); + } + break; default: /* other notifies are handled elsewhere */ break;