From 7ab2184c8b1c6a702974779078a3dee0f8873d2e Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 25 Jun 2018 14:14:59 +0200
Subject: [PATCH] child-create: Support IKE_AUX exchange between IKE_SA_INIT
 and IKE_AUTH

Handling of IKE_AUX when creating new CHILD_SAs or rekeying is not yet
implemented.
---
 src/libcharon/sa/ikev2/tasks/child_create.c | 25 +++++++++------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index ac1f9994ad..ad01535814 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -1087,11 +1087,6 @@ METHOD(task_t, build_i, status_t,
 			}
 			break;
 		case IKE_AUTH:
-			if (message->get_message_id(message) != 1)
-			{
-				/* send only in the first request, not in subsequent rounds */
-				return NEED_MORE;
-			}
 			switch (defer_child_sa(this))
 			{
 				case DESTROY_ME:
@@ -1105,9 +1100,11 @@ METHOD(task_t, build_i, status_t,
 					/* just continue to establish the CHILD_SA */
 					break;
 			}
+			/* send only in the first request, not in subsequent rounds */
+			this->public.task.build = (void*)return_need_more;
 			break;
 		default:
-			break;
+			return NEED_MORE;
 	}
 
 	/* check if we want a virtual IP, but don't have one */
@@ -1240,13 +1237,11 @@ METHOD(task_t, process_r, status_t,
 			get_nonce(message, &this->other_nonce);
 			break;
 		case IKE_AUTH:
-			if (message->get_message_id(message) != 1)
-			{
-				/* only handle first AUTH payload, not additional rounds */
-				return NEED_MORE;
-			}
-		default:
+			/* only handle first AUTH payload, not additional rounds */
+			this->public.task.process = (void*)return_need_more;
 			break;
+		default:
+			return NEED_MORE;
 	}
 
 	process_payloads(this, message);
@@ -1431,8 +1426,9 @@ METHOD(task_t, build_r, status_t,
 					break;
 			}
 			ike_auth = TRUE;
-		default:
 			break;
+		default:
+			return NEED_MORE;
 	}
 
 	if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING)
@@ -1621,8 +1617,9 @@ METHOD(task_t, process_i, status_t,
 				return NEED_MORE;
 			}
 			ike_auth = TRUE;
-		default:
 			break;
+		default:
+			return NEED_MORE;
 	}
 
 	/* check for erroneous notifies */
-- 
2.47.2