ike-init: Notify initiator if childless IKE_SAs are accepted

2019-03-29 15:18:08 +01:00 · 2019-03-29 15:18:08 +01:00 · 93104d0fe9
parent ddb083c164
commit 93104d0fe9
2 changed files with 20 additions and 1 deletions
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@ -161,6 +161,11 @@ enum ike_extension_t {
 	 * Postquantum Preshared Keys, draft-ietf-ipsecme-qr-ikev2
 	 */
 	EXT_PPK = (1<<15),
+
+	/**
+	 * Responder accepts childless IKE_SAs, RFC 6023
+	 */
+	EXT_IKE_CHILDLESS = (1<<16),
 };

 /**
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2018 Tobias Brunner
+ * Copyright (C) 2008-2019 Tobias Brunner
 * Copyright (C) 2005-2008 Martin Willi
 * Copyright (C) 2005 Jan Hutter
 * HSR Hochschule fuer Technik Rapperswil
@ -433,6 +433,13 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
 	{
 		message->add_notify(message, FALSE, USE_PPK, chunk_empty);
 	}
+	/* notify the peer if we accept childless IKE_SAs */
+	if (!this->old_sa && !this->initiator &&
+		 ike_cfg->childless(ike_cfg) != CHILDLESS_NEVER)
+	{
+		message->add_notify(message, FALSE, CHILDLESS_IKEV2_SUPPORTED,
+							chunk_empty);
+	}
 	return TRUE;
 }

@ -578,6 +585,13 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
 														   EXT_IKE_REDIRECTION);
 						}
 						break;
+					case CHILDLESS_IKEV2_SUPPORTED:
+						if (this->initiator && !this->old_sa)
+						{
+							this->ike_sa->enable_extension(this->ike_sa,
+														   EXT_IKE_CHILDLESS);
+						}
+						break;
 					default:
 						/* other notifies are handled elsewhere */
 						break;