ts-payload: Add support for TS of type TS_SECLABEL

The security labels can be retrieved in a separate list from the
regular traffic selectors.  We currently only plan to support a single
security label ourselves, so when generating we don't expect a list.

diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c
index 5a86c53926722ad32ccb2292200df071f85bd66a..94b0ae4c16777600019c3f11e1ad0a552da32f90 100644 (file)
--- a/src/conftest/hooks/pretend_auth.c
+++ b/src/conftest/hooks/pretend_auth.c
@@ -305,12 +305,12 @@ static void process_auth_response(private_pretend_auth_t *this,
        if (this->tsi)
        {
                message->add_payload(message, (payload_t*)
-                                       ts_payload_create_from_traffic_selectors(TRUE, this->tsi));
+                                       ts_payload_create_from_traffic_selectors(TRUE, this->tsi, NULL));
        }
        if (this->tsr)
        {
                message->add_payload(message, (payload_t*)
-                                       ts_payload_create_from_traffic_selectors(FALSE, this->tsr));
+                                       ts_payload_create_from_traffic_selectors(FALSE, this->tsr, NULL));
        }
 }
 

diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c
index 2862b6acf28e10930f50a4b3aa52bc0949559076..3ea1aaab7ee85850451c2cdba61cb93b89c69f8f 100644 (file)
--- a/src/libcharon/encoding/payloads/ts_payload.c
+++ b/src/libcharon/encoding/payloads/ts_payload.c
@@ -218,10 +218,11 @@ METHOD(ts_payload_t, set_initiator, void,
        this->is_initiator = is_initiator;
 }
 
-METHOD(ts_payload_t, get_traffic_selectors, linked_list_t*,
-       private_ts_payload_t *this)
+/**
+ * Get a list of either traffic selectors or labels
+ */
+static linked_list_t *get_list(private_ts_payload_t *this, bool labels)
 {
-       traffic_selector_t *ts;
        enumerator_t *enumerator;
        traffic_selector_substructure_t *subst;
        linked_list_t *list;
@@ -230,14 +231,42 @@ METHOD(ts_payload_t, get_traffic_selectors, linked_list_t*,
        enumerator = this->substrs->create_enumerator(this->substrs);
        while (enumerator->enumerate(enumerator, &subst))
        {
-               ts = subst->get_traffic_selector(subst);
-               list->insert_last(list, ts);
+               if (labels)
+               {
+                       sec_label_t *label = subst->get_sec_label(subst);
+
+                       if (label)
+                       {
+                               list->insert_last(list, label);
+                       }
+               }
+               else
+               {
+                       traffic_selector_t *ts = subst->get_traffic_selector(subst);
+
+                       if (ts)
+                       {
+                               list->insert_last(list, ts);
+                       }
+               }
        }
        enumerator->destroy(enumerator);
 
        return list;
 }
 
+METHOD(ts_payload_t, get_traffic_selectors, linked_list_t*,
+       private_ts_payload_t *this)
+{
+       return get_list(this, FALSE);
+}
+
+METHOD(ts_payload_t, get_sec_labels, linked_list_t*,
+       private_ts_payload_t *this)
+{
+       return get_list(this, TRUE);
+}
+
 METHOD2(payload_t, ts_payload_t, destroy, void,
        private_ts_payload_t *this)
 {
@@ -267,6 +296,7 @@ ts_payload_t *ts_payload_create(bool is_initiator)
                        .get_initiator = _get_initiator,
                        .set_initiator = _set_initiator,
                        .get_traffic_selectors = _get_traffic_selectors,
+                       .get_sec_labels = _get_sec_labels,
                        .destroy = _destroy,
                },
                .next_payload = PL_NONE,
@@ -281,7 +311,8 @@ ts_payload_t *ts_payload_create(bool is_initiator)
  * Described in header
  */
 ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator,
-                                                                                       linked_list_t *traffic_selectors)
+                                                                                       linked_list_t *traffic_selectors,
+                                                                                       sec_label_t *label)
 {
        enumerator_t *enumerator;
        traffic_selector_t *ts;
@@ -297,6 +328,12 @@ ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator,
                this->substrs->insert_last(this->substrs, subst);
        }
        enumerator->destroy(enumerator);
+
+       if (label)
+       {
+               subst = traffic_selector_substructure_create_from_sec_label(label);
+               this->substrs->insert_last(this->substrs, subst);
+       }
        compute_length(this);
 
        return &this->public;

diff --git a/src/libcharon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h
index 8b7824849467418ff1c169a406136b51b0c32f63..7038bb26b9dc7a46099ffe45af8a58a7ea1a7d6f 100644 (file)
--- a/src/libcharon/encoding/payloads/ts_payload.h
+++ b/src/libcharon/encoding/payloads/ts_payload.h
@@ -63,11 +63,20 @@ struct ts_payload_t {
        /**
         * Get a list of nested traffic selectors as traffic_selector_t.
         *
-        * Resulting list and its traffic selectors must be destroyed after usage
+        * Resulting list and its traffic selectors must be destroyed after use.
         *
         * @return                              list of traffic selectors
         */
-       linked_list_t *(*get_traffic_selectors) (ts_payload_t *this);
+       linked_list_t *(*get_traffic_selectors)(ts_payload_t *this);
+
+       /**
+        * Get a list of security labels as sec_label_t.
+        *
+        * Resulting list and its security labels must be destroyed after use.
+        *
+        * @return                              list of security labels
+        */
+       linked_list_t *(*get_sec_labels)(ts_payload_t *this);
 
        /**
         * Destroys an ts_payload_t object.
@@ -84,13 +93,16 @@ struct ts_payload_t {
 ts_payload_t *ts_payload_create(bool is_initiator);
 
 /**
- * Creates ts_payload with a list of traffic_selector_t
+ * Creates ts_payload with a list of traffic_selector_t and an optional security
+ * label.
  *
  * @param is_initiator         TRUE for TSi, FALSE for TSr payload type
  * @param traffic_selectors    list of traffic selectors to include
+ * @param label                                optional security label to include
  * @return                                     ts_payload_t object
  */
 ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator,
-                                                                                       linked_list_t *traffic_selectors);
+                                                                                       linked_list_t *traffic_selectors,
+                                                                                       sec_label_t *label);
 
 #endif /** TS_PAYLOAD_H_ @}*/

diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index dd693c7004215213fc2a59c9e3da979ae163b0a5..83f3c7328ad005ac502f6e7e713e4f624bbe8675 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -891,9 +891,9 @@ static bool build_payloads(private_child_create_t *this, message_t *message)
        }
 
        /* add TSi/TSr payloads */
-       ts_payload = ts_payload_create_from_traffic_selectors(TRUE, this->tsi);
+       ts_payload = ts_payload_create_from_traffic_selectors(TRUE, this->tsi, NULL);
        message->add_payload(message, (payload_t*)ts_payload);
-       ts_payload = ts_payload_create_from_traffic_selectors(FALSE, this->tsr);
+       ts_payload = ts_payload_create_from_traffic_selectors(FALSE, this->tsr, NULL);
        message->add_payload(message, (payload_t*)ts_payload);
 
        /* add a notify if we are not in tunnel mode */