include TSi/TSr of triggering packet in acquire

11 files changed, 57 insertions, 21 deletions

diff --git a/src/charon/control/controller.c b/src/charon/control/controller.c
index 0db36775d..021cb4fdd 100644
--- a/src/charon/control/controller.c
+++ b/src/charon/control/controller.c
@@ -230,7 +230,7 @@ static status_t initiate_execute(interface_job_t *job)
 	}
 	peer_cfg->destroy(peer_cfg);
 	
-	if (ike_sa->initiate(ike_sa, listener->child_cfg, 0) == SUCCESS)
+	if (ike_sa->initiate(ike_sa, listener->child_cfg, 0, NULL, NULL) == SUCCESS)
 	{
 		charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
 		return SUCCESS;
diff --git a/src/charon/plugins/nm/nm_service.c b/src/charon/plugins/nm/nm_service.c
index e9db6a92a..bca4d9e09 100644
--- a/src/charon/plugins/nm/nm_service.c
+++ b/src/charon/plugins/nm/nm_service.c
@@ -425,7 +425,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
 	{
 		peer_cfg->destroy(peer_cfg);
 	}
-	if (ike_sa->initiate(ike_sa, child_cfg, 0) != SUCCESS)
+	if (ike_sa->initiate(ike_sa, child_cfg, 0, NULL, NULL) != SUCCESS)
 	{
 		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, ike_sa);
 		
diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index d3b522b5d..8adf0522a 100644
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -1106,7 +1106,8 @@ static void resolve_hosts(private_ike_sa_t *this)
  * Implementation of ike_sa_t.initiate
  */
 static status_t initiate(private_ike_sa_t *this,
-						 child_cfg_t *child_cfg, u_int32_t reqid)
+						 child_cfg_t *child_cfg, u_int32_t reqid,
+						 traffic_selector_t *tsi, traffic_selector_t *tsr)
 {
 	task_t *task;
 	
@@ -1168,7 +1169,7 @@ static status_t initiate(private_ike_sa_t *this,
 #endif /* ME */
 	{
 		/* normal IKE_SA with CHILD_SA */
-		task = (task_t*)child_create_create(&this->public, child_cfg);
+		task = (task_t*)child_create_create(&this->public, child_cfg, tsi, tsr);
 		child_cfg->destroy(child_cfg);
 		if (reqid)
 		{
@@ -1607,7 +1608,7 @@ static status_t reestablish(private_ike_sa_t *this)
 #ifdef ME
 	if (this->peer_cfg->is_mediation(this->peer_cfg))
 	{
-		status = new->initiate(new, NULL, 0);
+		status = new->initiate(new, NULL, 0, NULL, NULL);
 	}
 	else
 #endif /* ME */
@@ -1630,7 +1631,7 @@ static status_t reestablish(private_ike_sa_t *this)
 					DBG1(DBG_IKE, "restarting CHILD_SA %s",
 						 child_cfg->get_name(child_cfg));
 					child_cfg->get_ref(child_cfg);
-					status = new->initiate(new, child_cfg, 0);
+					status = new->initiate(new, child_cfg, 0, NULL, NULL);
 					break;
 				case ACTION_ROUTE:
 					charon->traps->install(charon->traps,
@@ -1989,7 +1990,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
 	this->public.get_name = (char* (*)(ike_sa_t*))get_name;
 	this->public.get_statistic = (u_int32_t(*)(ike_sa_t*, statistic_t kind))get_statistic;
 	this->public.process_message = (status_t (*)(ike_sa_t*, message_t*)) process_message;
-	this->public.initiate = (status_t (*)(ike_sa_t*,child_cfg_t*,u_int32_t)) initiate;
+	this->public.initiate = (status_t (*)(ike_sa_t*,child_cfg_t*,u_int32_t,traffic_selector_t*,traffic_selector_t*)) initiate;
 	this->public.get_ike_cfg = (ike_cfg_t* (*)(ike_sa_t*))get_ike_cfg;
 	this->public.set_ike_cfg = (void (*)(ike_sa_t*,ike_cfg_t*))set_ike_cfg;
 	this->public.get_peer_cfg = (peer_cfg_t* (*)(ike_sa_t*))get_peer_cfg;
diff --git a/src/charon/sa/ike_sa.h b/src/charon/sa/ike_sa.h
index e9ab9d7b8..b751bda0c 100644
--- a/src/charon/sa/ike_sa.h
+++ b/src/charon/sa/ike_sa.h
@@ -600,16 +600,21 @@ struct ike_sa_t {
 	/**
 	 * Initiate a new connection.
 	 *
-	 * The configs are owned by the IKE_SA after the call.
+	 * The configs are owned by the IKE_SA after the call. If the initiate
+	 * is triggered by a packet, traffic selectors of the packet can be added
+	 * to the CHILD_SA.
 	 * 
 	 * @param child_cfg		child config to create CHILD from
 	 * @param reqid			reqid to use for CHILD_SA, 0 assigne uniquely
+	 * @param tsi			source of triggering packet
+	 * @param tsr			destination of triggering packet.
 	 * @return				
 	 * 						- SUCCESS if initialization started
 	 * 						- DESTROY_ME if initialization failed
 	 */
 	status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg,
-						  u_int32_t reqid);
+						  u_int32_t reqid, traffic_selector_t *tsi,
+						  traffic_selector_t *tsr);
 	
 	/**
 	 * Initiates the deletion of an IKE_SA.
diff --git a/src/charon/sa/task_manager.c b/src/charon/sa/task_manager.c
index 354c968ea..2cd9532eb 100644
--- a/src/charon/sa/task_manager.c
+++ b/src/charon/sa/task_manager.c
@@ -678,7 +678,7 @@ static status_t process_request(private_task_manager_t *this,
 				this->passive_tasks->insert_last(this->passive_tasks, task);
 				task = (task_t*)ike_config_create(this->ike_sa, FALSE);
 				this->passive_tasks->insert_last(this->passive_tasks, task);
-				task = (task_t*)child_create_create(this->ike_sa, NULL);
+				task = (task_t*)child_create_create(this->ike_sa, NULL, NULL, NULL);
 				this->passive_tasks->insert_last(this->passive_tasks, task);
 				task = (task_t*)ike_auth_lifetime_create(this->ike_sa, FALSE);
 				this->passive_tasks->insert_last(this->passive_tasks, task);
@@ -726,7 +726,8 @@ static status_t process_request(private_task_manager_t *this,
 					}
 					else
 					{
-						task = (task_t*)child_create_create(this->ike_sa, NULL);
+						task = (task_t*)child_create_create(this->ike_sa,
+															NULL, NULL, NULL);
 					}
 				}
 				else
diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
index 6bf9e9d00..f51443738 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -85,6 +85,16 @@ struct private_child_create_t {
 	linked_list_t *tsr;
 	
 	/**
+	 * source of triggering packet
+	 */
+	traffic_selector_t *packet_tsi;
+	
+	/**
+	 * destination of triggering packet
+	 */
+	traffic_selector_t *packet_tsr;
+	
+	/**
 	 * optional diffie hellman exchange
 	 */
 	diffie_hellman_t *dh;
@@ -692,7 +702,17 @@ static status_t build_i(private_child_create_t *this, message_t *message)
 	}
 	this->tsr = this->config->get_traffic_selectors(this->config, FALSE, 
 													NULL, other);
-
+	
+	if (this->packet_tsi)
+	{
+		this->tsi->insert_first(this->tsi,
+								this->packet_tsi->clone(this->packet_tsi));
+	}
+	if (this->packet_tsr)
+	{
+		this->tsr->insert_first(this->tsr,
+								this->packet_tsr->clone(this->packet_tsr));
+	}
 	this->proposals = this->config->get_proposals(this->config,
 												  this->dh_group == MODP_NONE);
 	this->mode = this->config->get_mode(this->config);
@@ -1138,6 +1158,8 @@ static void destroy(private_child_create_t *this)
 	{
 		DESTROY_IF(this->child_sa);
 	}
+	DESTROY_IF(this->packet_tsi);
+	DESTROY_IF(this->packet_tsr);
 	DESTROY_IF(this->proposal);
 	DESTROY_IF(this->dh);
 	if (this->proposals)
@@ -1152,7 +1174,8 @@ static void destroy(private_child_create_t *this)
 /*
  * Described in header.
  */
-child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config)
+child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config,
+							traffic_selector_t *tsi, traffic_selector_t *tsr)
 {
 	private_child_create_t *this = malloc_thing(private_child_create_t);
 
@@ -1184,6 +1207,8 @@ child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config)
 	this->proposal = NULL;
 	this->tsi = NULL;
 	this->tsr = NULL;
+	this->packet_tsi = tsi ? tsi->clone(tsi) : NULL;
+	this->packet_tsr = tsr ? tsr->clone(tsr) : NULL;
 	this->dh = NULL;
 	this->dh_group = MODP_NONE;
 	this->keymat = ike_sa->get_keymat(ike_sa);
diff --git a/src/charon/sa/tasks/child_create.h b/src/charon/sa/tasks/child_create.h
index 16c45f040..ce2829a9a 100644
--- a/src/charon/sa/tasks/child_create.h
+++ b/src/charon/sa/tasks/child_create.h
@@ -71,8 +71,11 @@ struct child_create_t {
  *
  * @param ike_sa		IKE_SA this task works for
  * @param config		child_cfg if task initiator, NULL if responder
- * @return			 	child_create task to handle by the task_manager
+ * @param tsi			source of triggering packet, or NULL
+ * @param tsr			destination of triggering packet, or NULL
+ * @return				child_create task to handle by the task_manager
  */
-child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config);
+child_create_t *child_create_create(ike_sa_t *ike_sa, child_cfg_t *config,
+							traffic_selector_t *tsi, traffic_selector_t *tsr);
 
 #endif /** CHILD_CREATE_H_ @}*/
diff --git a/src/charon/sa/tasks/child_delete.c b/src/charon/sa/tasks/child_delete.c
index dd5945fd6..0d89c148e 100644
--- a/src/charon/sa/tasks/child_delete.c
+++ b/src/charon/sa/tasks/child_delete.c
@@ -201,7 +201,8 @@ static status_t destroy_and_reestablish(private_child_delete_t *this)
 			{
 				case ACTION_RESTART:
 					child_cfg->get_ref(child_cfg);
-					status = this->ike_sa->initiate(this->ike_sa, child_cfg, 0);
+					status = this->ike_sa->initiate(this->ike_sa, child_cfg, 0,
+													NULL, NULL);
 					break;
 				case ACTION_ROUTE:	
 					charon->traps->install(charon->traps,
diff --git a/src/charon/sa/tasks/child_rekey.c b/src/charon/sa/tasks/child_rekey.c
index 62b704eb2..6ab00dc5b 100644
--- a/src/charon/sa/tasks/child_rekey.c
+++ b/src/charon/sa/tasks/child_rekey.c
@@ -157,7 +157,7 @@ static status_t build_i(private_child_rekey_t *this, message_t *message)
 	
 	/* ... our CHILD_CREATE task does the hard work for us. */
 	reqid = this->child_sa->get_reqid(this->child_sa);
-	this->child_create = child_create_create(this->ike_sa, config);
+	this->child_create = child_create_create(this->ike_sa, config, NULL, NULL);
 	this->child_create->use_reqid(this->child_create, reqid);
 	this->child_create->task.build(&this->child_create->task, message);
 	
@@ -416,7 +416,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol,
 		this->public.task.build = (status_t(*)(task_t*,message_t*))build_r;
 		this->public.task.process = (status_t(*)(task_t*,message_t*))process_r;
 		this->initiator = FALSE;
-		this->child_create = child_create_create(ike_sa, NULL);
+		this->child_create = child_create_create(ike_sa, NULL, NULL, NULL);
 	}
 	
 	this->ike_sa = ike_sa;
diff --git a/src/charon/sa/tasks/ike_reauth.c b/src/charon/sa/tasks/ike_reauth.c
index ff57abb7e..80f1b7b8c 100644
--- a/src/charon/sa/tasks/ike_reauth.c
+++ b/src/charon/sa/tasks/ike_reauth.c
@@ -98,7 +98,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 	/* we initiate the new IKE_SA of the mediation connection without CHILD_SA */
 	if (peer_cfg->is_mediation(peer_cfg))
 	{
-		if (new->initiate(new, NULL, 0) == DESTROY_ME)
+		if (new->initiate(new, NULL, 0, NULL, NULL) == DESTROY_ME)
 		{
 			charon->ike_sa_manager->checkin_and_destroy(
 								charon->ike_sa_manager, new);
@@ -126,7 +126,7 @@ static status_t process_i(private_ike_reauth_t *this, message_t *message)
 				/* initiate/queue all child SAs */
 				child_cfg_t *child_cfg = child_sa->get_config(child_sa);
 				child_cfg->get_ref(child_cfg);
-				if (new->initiate(new, child_cfg, 0) == DESTROY_ME)
+				if (new->initiate(new, child_cfg, 0, NULL, NULL) == DESTROY_ME)
 				{
 					iterator->destroy(iterator);
 					charon->ike_sa_manager->checkin_and_destroy(
diff --git a/src/charon/sa/trap_manager.c b/src/charon/sa/trap_manager.c
index ecc4c8189..dc04e327a 100644
--- a/src/charon/sa/trap_manager.c
+++ b/src/charon/sa/trap_manager.c
@@ -284,7 +284,7 @@ static void acquire(private_trap_manager_t *this, u_int32_t reqid,
 		}
 		child->get_ref(child);
 		reqid = found->child_sa->get_reqid(found->child_sa);
-		if (ike_sa->initiate(ike_sa, child, reqid) != DESTROY_ME)
+		if (ike_sa->initiate(ike_sa, child, reqid, src, dst) != DESTROY_ME)
 		{
 			found->pending = ike_sa;
 			charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);