From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 1 Jun 2016 10:03:21 +0000 (+0200)
Subject: child-cfg: Add option to prefer supplied proposals over locally configured ones
X-Git-Tag: 5.5.0dr1~4^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2ea230b91d050a4fddc84a55068107046b1708f;p=thirdparty%2Fstrongswan.git

child-cfg: Add option to prefer supplied proposals over locally configured ones
---

diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index ce3a29d156..76d7f2c58d 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -211,25 +211,40 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*,
 
 METHOD(child_cfg_t, select_proposal, proposal_t*,
 	private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh,
-	bool private)
+	bool private, bool prefer_self)
 {
-	enumerator_t *stored_enum, *supplied_enum;
-	proposal_t *stored, *supplied, *selected = NULL;
+	enumerator_t *prefer_enum, *match_enum;
+	proposal_t *proposal, *match, *selected = NULL;
 
-	stored_enum = this->proposals->create_enumerator(this->proposals);
-	supplied_enum = proposals->create_enumerator(proposals);
+	if (prefer_self)
+	{
+		prefer_enum = this->proposals->create_enumerator(this->proposals);
+		match_enum = proposals->create_enumerator(proposals);
+	}
+	else
+	{
+		prefer_enum = proposals->create_enumerator(proposals);
+		match_enum = this->proposals->create_enumerator(this->proposals);
+	}
 
-	/* compare all stored proposals with all supplied. Stored ones are preferred. */
-	while (stored_enum->enumerate(stored_enum, &stored))
+	while (prefer_enum->enumerate(prefer_enum, &proposal))
 	{
-		stored = stored->clone(stored);
-		while (supplied_enum->enumerate(supplied_enum, &supplied))
+		proposal = proposal->clone(proposal);
+		if (prefer_self)
+		{
+			proposals->reset_enumerator(proposals, match_enum);
+		}
+		else
+		{
+			this->proposals->reset_enumerator(this->proposals, match_enum);
+		}
+		while (match_enum->enumerate(match_enum, &match))
 		{
 			if (strip_dh)
 			{
-				stored->strip_dh(stored, MODP_NONE);
+				proposal->strip_dh(proposal, MODP_NONE);
 			}
-			selected = stored->select(stored, supplied, private);
+			selected = proposal->select(proposal, match, private);
 			if (selected)
 			{
 				DBG2(DBG_CFG, "received proposals: %#P", proposals);
@@ -238,17 +253,15 @@ METHOD(child_cfg_t, select_proposal, proposal_t*,
 				break;
 			}
 		}
-		stored->destroy(stored);
+		proposal->destroy(proposal);
 		if (selected)
 		{
 			break;
 		}
-		supplied_enum->destroy(supplied_enum);
-		supplied_enum = proposals->create_enumerator(proposals);
 	}
-	stored_enum->destroy(stored_enum);
-	supplied_enum->destroy(supplied_enum);
-	if (selected == NULL)
+	prefer_enum->destroy(prefer_enum);
+	match_enum->destroy(match_enum);
+	if (!selected)
 	{
 		DBG1(DBG_CFG, "received proposals: %#P", proposals);
 		DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index 6a1fa529cf..e736b27378 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -100,10 +100,12 @@ struct child_cfg_t {
 	 * @param proposals		list from which proposals are selected
 	 * @param strip_dh		TRUE strip out diffie hellman groups
 	 * @param private		accept algorithms from a private range
+	 * @param prefer_self	whether to prefer configured or supplied proposals
 	 * @return				selected proposal, or NULL if nothing matches
 	 */
 	proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
-								   bool strip_dh, bool private);
+								   bool strip_dh, bool private,
+								   bool prefer_self);
 
 	/**
 	 * Add a traffic selector to the config.
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index a6cc193905..70bc370168 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -1109,8 +1109,8 @@ METHOD(task_t, process_r, status_t,
 			}
 			private = this->ike_sa->supports_extension(this->ike_sa,
 													   EXT_STRONGSWAN);
-			this->proposal = this->config->select_proposal(this->config,
-														   list, FALSE, private);
+			this->proposal = this->config->select_proposal(this->config, list,
+														FALSE, private, TRUE);
 			list->destroy_offset(list, offsetof(proposal_t, destroy));
 
 			get_lifetimes(this);
@@ -1323,8 +1323,8 @@ METHOD(task_t, process_i, status_t,
 			}
 			private = this->ike_sa->supports_extension(this->ike_sa,
 													   EXT_STRONGSWAN);
-			this->proposal = this->config->select_proposal(this->config,
-														   list, FALSE, private);
+			this->proposal = this->config->select_proposal(this->config, list,
+														FALSE, private, TRUE);
 			list->destroy_offset(list, offsetof(proposal_t, destroy));
 			if (!this->proposal)
 			{
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index 33247aa33f..79208dbdfb 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -482,7 +482,7 @@ static status_t select_and_install(private_child_create_t *this,
 
 	private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
 	this->proposal = this->config->select_proposal(this->config,
-											this->proposals, no_dh, private);
+										this->proposals, no_dh, private, TRUE);
 	if (this->proposal == NULL)
 	{
 		DBG1(DBG_IKE, "no acceptable proposal found");