child-cfg: Add option to prefer supplied proposals over locally configured ones

This commit is contained in:
Tobias Brunner 2016-06-01 12:03:21 +02:00
parent 3a40d572c6
commit f2ea230b91
4 changed files with 39 additions and 24 deletions

View File

@ -211,25 +211,40 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*,
METHOD(child_cfg_t, select_proposal, proposal_t*, METHOD(child_cfg_t, select_proposal, proposal_t*,
private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh, private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh,
bool private) bool private, bool prefer_self)
{ {
enumerator_t *stored_enum, *supplied_enum; enumerator_t *prefer_enum, *match_enum;
proposal_t *stored, *supplied, *selected = NULL; proposal_t *proposal, *match, *selected = NULL;
stored_enum = this->proposals->create_enumerator(this->proposals); if (prefer_self)
supplied_enum = proposals->create_enumerator(proposals);
/* compare all stored proposals with all supplied. Stored ones are preferred. */
while (stored_enum->enumerate(stored_enum, &stored))
{ {
stored = stored->clone(stored); prefer_enum = this->proposals->create_enumerator(this->proposals);
while (supplied_enum->enumerate(supplied_enum, &supplied)) match_enum = proposals->create_enumerator(proposals);
}
else
{
prefer_enum = proposals->create_enumerator(proposals);
match_enum = this->proposals->create_enumerator(this->proposals);
}
while (prefer_enum->enumerate(prefer_enum, &proposal))
{
proposal = proposal->clone(proposal);
if (prefer_self)
{
proposals->reset_enumerator(proposals, match_enum);
}
else
{
this->proposals->reset_enumerator(this->proposals, match_enum);
}
while (match_enum->enumerate(match_enum, &match))
{ {
if (strip_dh) if (strip_dh)
{ {
stored->strip_dh(stored, MODP_NONE); proposal->strip_dh(proposal, MODP_NONE);
} }
selected = stored->select(stored, supplied, private); selected = proposal->select(proposal, match, private);
if (selected) if (selected)
{ {
DBG2(DBG_CFG, "received proposals: %#P", proposals); DBG2(DBG_CFG, "received proposals: %#P", proposals);
@ -238,17 +253,15 @@ METHOD(child_cfg_t, select_proposal, proposal_t*,
break; break;
} }
} }
stored->destroy(stored); proposal->destroy(proposal);
if (selected) if (selected)
{ {
break; break;
} }
supplied_enum->destroy(supplied_enum);
supplied_enum = proposals->create_enumerator(proposals);
} }
stored_enum->destroy(stored_enum); prefer_enum->destroy(prefer_enum);
supplied_enum->destroy(supplied_enum); match_enum->destroy(match_enum);
if (selected == NULL) if (!selected)
{ {
DBG1(DBG_CFG, "received proposals: %#P", proposals); DBG1(DBG_CFG, "received proposals: %#P", proposals);
DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);

View File

@ -100,10 +100,12 @@ struct child_cfg_t {
* @param proposals list from which proposals are selected * @param proposals list from which proposals are selected
* @param strip_dh TRUE strip out diffie hellman groups * @param strip_dh TRUE strip out diffie hellman groups
* @param private accept algorithms from a private range * @param private accept algorithms from a private range
* @param prefer_self whether to prefer configured or supplied proposals
* @return selected proposal, or NULL if nothing matches * @return selected proposal, or NULL if nothing matches
*/ */
proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals, proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals,
bool strip_dh, bool private); bool strip_dh, bool private,
bool prefer_self);
/** /**
* Add a traffic selector to the config. * Add a traffic selector to the config.

View File

@ -1109,8 +1109,8 @@ METHOD(task_t, process_r, status_t,
} }
private = this->ike_sa->supports_extension(this->ike_sa, private = this->ike_sa->supports_extension(this->ike_sa,
EXT_STRONGSWAN); EXT_STRONGSWAN);
this->proposal = this->config->select_proposal(this->config, this->proposal = this->config->select_proposal(this->config, list,
list, FALSE, private); FALSE, private, TRUE);
list->destroy_offset(list, offsetof(proposal_t, destroy)); list->destroy_offset(list, offsetof(proposal_t, destroy));
get_lifetimes(this); get_lifetimes(this);
@ -1323,8 +1323,8 @@ METHOD(task_t, process_i, status_t,
} }
private = this->ike_sa->supports_extension(this->ike_sa, private = this->ike_sa->supports_extension(this->ike_sa,
EXT_STRONGSWAN); EXT_STRONGSWAN);
this->proposal = this->config->select_proposal(this->config, this->proposal = this->config->select_proposal(this->config, list,
list, FALSE, private); FALSE, private, TRUE);
list->destroy_offset(list, offsetof(proposal_t, destroy)); list->destroy_offset(list, offsetof(proposal_t, destroy));
if (!this->proposal) if (!this->proposal)
{ {

View File

@ -482,7 +482,7 @@ static status_t select_and_install(private_child_create_t *this,
private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
this->proposal = this->config->select_proposal(this->config, this->proposal = this->config->select_proposal(this->config,
this->proposals, no_dh, private); this->proposals, no_dh, private, TRUE);
if (this->proposal == NULL) if (this->proposal == NULL)
{ {
DBG1(DBG_IKE, "no acceptable proposal found"); DBG1(DBG_IKE, "no acceptable proposal found");