- implemented and tested ts_payload_t

18 files changed, 1391 insertions, 15 deletions

diff --git a/Source/charon/encoding/generator.c b/Source/charon/encoding/generator.c
index a8e02316f..83dfa062e 100644
--- a/Source/charon/encoding/generator.c
+++ b/Source/charon/encoding/generator.c
@@ -42,6 +42,7 @@
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/id_payload.h>
 #include <encoding/payloads/auth_payload.h>
+#include <encoding/payloads/ts_payload.h>
 
 
 typedef struct private_generator_t private_generator_t;
@@ -285,6 +286,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
 			case U_INT_4:
 				number_of_bits = 4;
 				break;
+			case TS_TYPE:
 			case U_INT_8:
 				number_of_bits = 8;
 				break;
@@ -358,6 +360,7 @@ static void generate_u_int_type (private_generator_t *this,encoding_type_t int_t
 			};
 			break;
 		}
+		case TS_TYPE:
 		case U_INT_8:
 		{
 			/* 8 bit values are written as they are */
@@ -666,13 +669,14 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
 							i, mapping_find(encoding_type_m,rules[i].type));
 		switch (rules[i].type)
 		{
-			/* all u int values, IKE_SPI and ATTRIBUTE_TYPE are generated in generate_u_int_type */
+			/* all u int values, IKE_SPI,TS_TYPE and ATTRIBUTE_TYPE are generated in generate_u_int_type */
 			case U_INT_4:
 			case U_INT_8:
 			case U_INT_16:
 			case U_INT_32:
 			case U_INT_64:
 			case IKE_SPI:
+			case TS_TYPE:
 			case ATTRIBUTE_TYPE:
 			{
 				this->generate_u_int_type(this,rules[i].type,rules[i].offset);
@@ -715,6 +719,12 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
 				/* last spi size is temporary stored */
 				this->last_spi_size = *((u_int8_t *)(this->data_struct + rules[i].offset));
 				break;
+			case ADDRESS:
+			{
+				/* the Address value is generated from chunk */
+				this->generate_from_chunk(this,rules[i].offset);
+				break;
+			}
 			case SPI:
 			{
 				/* the SPI value is generated from chunk */
@@ -822,7 +832,6 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
 				this->write_bytes_to_buffer_at_offset(this,&int16_val,sizeof(u_int16_t),payload_length_position_offset);
 				break;
 			}	
-
 			case TRANSFORMS:
 			{	
 				/* before iterative generate the transforms, store the current length position */
@@ -925,6 +934,42 @@ static void generate_payload (private_generator_t *this,payload_t *payload)
 				}
 				break;
 			}
+			case TRAFFIC_SELECTORS:
+			{
+				/* before iterative generate the traffic_selectors, store the current payload length position */
+				u_int32_t payload_length_position_offset = this->last_payload_length_position_offset;
+				/* Length of SA_PAYLOAD is calculated */
+				u_int16_t length_of_ts_payload = TS_PAYLOAD_HEADER_LENGTH;
+				u_int16_t int16_val;
+				/* traffic selectors are stored in a linked list and so accessed */
+				linked_list_t *traffic_selectors = *((linked_list_t **)(this->data_struct + rules[i].offset));
+
+				iterator_t *iterator;
+				/* create forward iterator */
+				iterator = traffic_selectors->create_iterator(traffic_selectors,TRUE);
+				/* every proposal is processed (iterative call )*/
+				while (iterator->has_next(iterator))
+				{
+					payload_t *current_traffic_selector_substructure;
+					u_int32_t before_generate_position_offset;
+					u_int32_t after_generate_position_offset;
+					
+					iterator->current(iterator,(void **)&current_traffic_selector_substructure);
+
+					before_generate_position_offset = this->get_current_buffer_offset(this);
+					this->public.generate_payload(&(this->public),current_traffic_selector_substructure);
+					after_generate_position_offset = this->get_current_buffer_offset(this);
+					
+					/* increase size of transform */
+					length_of_ts_payload += (after_generate_position_offset - before_generate_position_offset);
+				}
+				iterator->destroy(iterator);
+				
+				int16_val = htons(length_of_ts_payload);
+				this->write_bytes_to_buffer_at_offset(this,&int16_val,sizeof(u_int16_t),payload_length_position_offset);
+				break;
+			}	
+			
 			case ENCRYPTED_DATA:
 			{
 				this->generate_from_chunk(this, rules[i].offset);
diff --git a/Source/charon/encoding/parser.c b/Source/charon/encoding/parser.c
index b69819873..076157ce2 100644
--- a/Source/charon/encoding/parser.c
+++ b/Source/charon/encoding/parser.c
@@ -43,6 +43,7 @@
 #include <encoding/payloads/notify_payload.h>
 #include <encoding/payloads/encryption_payload.h>
 #include <encoding/payloads/auth_payload.h>
+#include <encoding/payloads/ts_payload.h>
 
 
 typedef struct private_parser_t private_parser_t;
@@ -574,6 +575,7 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
 	payload_t *pld;
 	void *output;
 	size_t rule_count, payload_length, spi_size, attribute_length;
+	u_int16_t ts_type;
 	bool attribute_format;
 	int rule_number;
 	encoding_rule_t *rule;
@@ -855,6 +857,36 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
 				}		
 				break;	
 			}
+			case TS_TYPE:
+			{
+				if (this->parse_uint8(this, rule_number, output + rule->offset) != SUCCESS) 
+				{
+					pld->destroy(pld);
+					return PARSE_ERROR;
+				}
+				ts_type = *(u_int8_t*)(output + rule->offset);
+				break;							
+			}
+			case ADDRESS:
+			{
+				size_t address_length = (ts_type == TS_IPV4_ADDR_RANGE) ? 4 : 16;
+				if (this->parse_chunk(this, rule_number, output + rule->offset,address_length) != SUCCESS) 
+				{
+					pld->destroy(pld);
+					return PARSE_ERROR;
+				}
+				break;							
+			}
+			case TRAFFIC_SELECTORS:
+			{
+				size_t traffic_selectors_length = payload_length - TS_PAYLOAD_HEADER_LENGTH;
+				if (this->parse_list(this, rule_number, output + rule->offset, TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic_selectors_length) != SUCCESS) 
+				{
+					pld->destroy(pld);
+					return PARSE_ERROR;
+				}
+				break;							
+			}
 			default:
 			{
 				this->logger->log(this->logger, ERROR, "  no rule to parse rule %d %s (%d)", rule_number, mapping_find(encoding_type_m, rule->type), rule->type);
diff --git a/Source/charon/encoding/payloads/Makefile.payloads b/Source/charon/encoding/payloads/Makefile.payloads
index c9046a089..91cd2307e 100644
--- a/Source/charon/encoding/payloads/Makefile.payloads
+++ b/Source/charon/encoding/payloads/Makefile.payloads
@@ -42,9 +42,13 @@ OBJS+= $(BUILD_DIR)auth_payload.o
 $(BUILD_DIR)auth_payload.o :				$(PAYLOADS_DIR)auth_payload.c $(PAYLOADS_DIR)auth_payload.h
 										$(CC) $(CFLAGS) -c -o $@ $<
 
-#OBJS+= $(BUILD_DIR)ts_payload.o
-#$(BUILD_DIR)ts_payload.o :				$(PAYLOADS_DIR)ts_payload.c $(PAYLOADS_DIR)ts_payload.h
-#										$(CC) $(CFLAGS) -c -o $@ $<
+OBJS+= $(BUILD_DIR)ts_payload.o
+$(BUILD_DIR)ts_payload.o :				$(PAYLOADS_DIR)ts_payload.c $(PAYLOADS_DIR)ts_payload.h
+										$(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)traffic_selector_substructure.o
+$(BUILD_DIR)traffic_selector_substructure.o :	$(PAYLOADS_DIR)traffic_selector_substructure.c $(PAYLOADS_DIR)traffic_selector_substructure.h
+												$(CC) $(CFLAGS) -c -o $@ $<
 
 OBJS+= $(BUILD_DIR)payload.o
 $(BUILD_DIR)payload.o :					$(PAYLOADS_DIR)payload.c $(PAYLOADS_DIR)payload.h
diff --git a/Source/charon/encoding/payloads/encodings.c b/Source/charon/encoding/payloads/encodings.c
index 1619dde49..5d952121f 100644
--- a/Source/charon/encoding/payloads/encodings.c
+++ b/Source/charon/encoding/payloads/encodings.c
@@ -51,5 +51,8 @@ mapping_t encoding_type_m[] = {
 	{ID_DATA, "ID_DATA"},
 	{AUTH_DATA, "AUTH_DATA"},
 	{ENCRYPTED_DATA, "ENCRYPTED_DATA"},
+	{TS_TYPE, "TS_TYPE"},
+	{ADDRESS, "ADDRESS"},
+	{TRAFFIC_SELECTORS, "TRAFFIC_SELECTORS"},
 	{MAPPING_END, NULL}
 };
diff --git a/Source/charon/encoding/payloads/encodings.h b/Source/charon/encoding/payloads/encodings.h
index 106419bf2..edc26990b 100644
--- a/Source/charon/encoding/payloads/encodings.h
+++ b/Source/charon/encoding/payloads/encodings.h
@@ -298,6 +298,45 @@ enum encoding_type_t{
 	 * When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
 	 */
 	ATTRIBUTE_VALUE,
+	
+	/**
+	 * Representating one or more Traffic selectors of a TS payload.
+	 * 
+	 * The offset points to a linked_list_t pointer.
+	 * 
+	 * When generating the traffic_selector_substructure_t objects are stored 
+	 * in the pointed linked_list.
+	 * 
+	 * When parsing the parsed traffic_selector_substructure_t objects have 
+	 * to be stored in the pointed linked_list.
+	 */	
+	TRAFFIC_SELECTORS,
+	
+	/**
+	 * Representating a Traffic selector type field.
+	 * 
+	 * When generating it must be changed from host to network order.
+	 * The value is read from the associated data struct.
+ 	 * The current write position is moved 16 bit forward afterwards.
+	 * 
+	 * When parsing it must be changed from network to host order.
+	 * The value is written to the associated data struct.
+	 * The current read pointer is moved 16 bit forward afterwards.
+	 */
+	TS_TYPE,
+	
+	/**
+	 * Representating an address field in a traffic selector.
+	 * 
+	 * Depending on the last field of type TS_TYPE
+	 * this field is either 4 or 16 byte long.
+	 * 
+ 	 * When generating the content of the chunkt pointing to 
+ 	 * is written.
+	 * 
+	 * When parsing 4 or 16 bytes are read and written into the chunk pointing to.
+	 */
+	ADDRESS,
 
 	/**
 	 * Representating a Nonce Data field.
diff --git a/Source/charon/encoding/payloads/payload.c b/Source/charon/encoding/payloads/payload.c
index fd25aa4c6..bc68cb11f 100644
--- a/Source/charon/encoding/payloads/payload.c
+++ b/Source/charon/encoding/payloads/payload.c
@@ -31,10 +31,7 @@
 #include <encoding/payloads/ke_payload.h>
 #include <encoding/payloads/notify_payload.h>
 #include <encoding/payloads/auth_payload.h>
-
-
-
-
+#include <encoding/payloads/ts_payload.h>
 
 /*
  * build the mappings for payload_type_t
@@ -61,6 +58,7 @@ mapping_t payload_type_m[] = {
 	{PROPOSAL_SUBSTRUCTURE, "PROPOSAL_SUBSTRUCTURE"},
 	{TRANSFORM_SUBSTRUCTURE, "TRANSFORM_SUBSTRUCTURE"},
 	{TRANSFORM_ATTRIBUTE, "TRANSFORM_ATTRIBUTE"},
+	{TRAFFIC_SELECTOR_SUBSTRUCTURE, "TRAFFIC_SELECTOR_SUBSTRUCTURE"},
 	{MAPPING_END, NULL}
 };
 
@@ -89,6 +87,12 @@ payload_t *payload_create(payload_type_t type)
 			return (payload_t*)id_payload_create(FALSE);
 		case AUTHENTICATION:
 			return (payload_t*)auth_payload_create();
+		case TRAFFIC_SELECTOR_SUBSTRUCTURE:
+			return (payload_t*)traffic_selector_substructure_create();
+		case TRAFFIC_SELECTOR_INITIATOR:
+			return (payload_t*)ts_payload_create(TRUE);
+		case TRAFFIC_SELECTOR_RESPONDER:
+			return (payload_t*)ts_payload_create(FALSE);
 		case KEY_EXCHANGE:
 			return (payload_t*)ke_payload_create();
 		case NOTIFY:
diff --git a/Source/charon/encoding/payloads/payload.h b/Source/charon/encoding/payloads/payload.h
index 1bd3bf00a..6fceaa2ad 100644
--- a/Source/charon/encoding/payloads/payload.h
+++ b/Source/charon/encoding/payloads/payload.h
@@ -158,6 +158,14 @@ enum payload_type_t{
 	 * used internally to handle a transform attribute like a payload.
 	 */
 	TRANSFORM_ATTRIBUTE = 143,
+
+	/**
+	 * TRAFFIC_SELECTOR_SUBSTRUCTURE has a value of PRIVATE USE space.
+	 * 
+	 * This payload type is not send over wire and just 
+	 * used internally to handle a transform selector like a payload.
+	 */	
+	TRAFFIC_SELECTOR_SUBSTRUCTURE = 144,
 };
 
 
diff --git a/Source/charon/encoding/payloads/traffic_selector_substructure.c b/Source/charon/encoding/payloads/traffic_selector_substructure.c
new file mode 100644
index 000000000..d2c9af54d
--- /dev/null
+++ b/Source/charon/encoding/payloads/traffic_selector_substructure.c
@@ -0,0 +1,338 @@
+/**
+ * @file traffic_selector_substructure.c
+ * 
+ * @brief Interface of traffic_selector_substructure_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "traffic_selector_substructure.h"
+
+#include <encoding/payloads/encodings.h>
+#include <utils/allocator.h>
+#include <utils/linked_list.h>
+
+/** 
+ * String mappings for ts_type_t.
+ */
+mapping_t ts_type_m[] = {
+{TS_IPV4_ADDR_RANGE, "TS_IPV4_ADDR_RANGE"},
+{TS_IPV6_ADDR_RANGE, "TS_IPV6_ADDR_RANGE"},
+{MAPPING_END, NULL}
+};
+
+
+typedef struct private_traffic_selector_substructure_t private_traffic_selector_substructure_t;
+
+/**
+ * Private data of an traffic_selector_substructure_t object.
+ * 
+ */
+struct private_traffic_selector_substructure_t {
+	/**
+	 * Public traffic_selector_substructure_t interface.
+	 */
+	traffic_selector_substructure_t public;
+	
+	/**
+	 * Type of traffic selector.
+	 */
+	u_int8_t ts_type;
+	
+	/**
+	 * IP Protocol ID.
+	 */
+	u_int8_t  ip_protocol_id;
+
+	/**
+	 * Length of this payload.
+	 */
+	u_int16_t payload_length;
+	
+	/**
+	 * Start port number.
+	 */
+	u_int16_t start_port;
+
+	/**
+	 * End port number.
+	 */
+	u_int16_t end_port;
+	
+	/**
+	 * Starting address.
+	 */
+	chunk_t starting_address;
+
+	/**
+	 * Ending address.
+	 */
+	chunk_t ending_address;
+};
+
+/**
+ * Encoding rules to parse or generate a TS payload
+ * 
+ * The defined offsets are the positions in a object of type 
+ * private_traffic_selector_substructure_t.
+ * 
+ */
+encoding_rule_t traffic_selector_substructure_encodings[] = {
+ 	/* 1 Byte next ts type*/
+	{ TS_TYPE,			offsetof(private_traffic_selector_substructure_t, ts_type) 			},
+ 	/* 1 Byte IP protocol id*/
+	{ U_INT_8,			offsetof(private_traffic_selector_substructure_t, ip_protocol_id) 	},
+	/* Length of the whole payload*/	
+	{ PAYLOAD_LENGTH,	offsetof(private_traffic_selector_substructure_t, payload_length)		},
+ 	/* 2 Byte start port*/
+	{ U_INT_16,		offsetof(private_traffic_selector_substructure_t, start_port)			},
+ 	/* 2 Byte end port*/
+	{ U_INT_16,		offsetof(private_traffic_selector_substructure_t, end_port)			},
+	/* starting address is either 4 or 16 byte */
+	{ ADDRESS,			offsetof(private_traffic_selector_substructure_t, starting_address)	},
+	/* ending address is either 4 or 16 byte */
+	{ ADDRESS,			offsetof(private_traffic_selector_substructure_t, ending_address)		}
+
+};
+
+/*
+                           1                   2                   3
+       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      !   TS Type     !IP Protocol ID*|       Selector Length         |
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      |           Start Port*         |           End Port*           |
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      !                                                               !
+      ~                         Starting Address*                     ~
+      !                                                               !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      !                                                               !
+      ~                         Ending Address*                       ~
+      !                                                               !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+/**
+ * Implementation of payload_t.verify.
+ */
+static status_t verify(private_traffic_selector_substructure_t *this)
+{
+	
+	if (this->start_port > this->end_port)
+	{
+		return FAILED;
+	}
+	switch (this->ts_type)
+	{
+		case TS_IPV4_ADDR_RANGE:
+		{
+			if ((this->starting_address.len != 4) || 
+				(this->ending_address.len != 4))
+			{
+				/* ipv4 address must be 4 bytes long */
+				return FAILED;
+			}
+			break;
+		}
+		case TS_IPV6_ADDR_RANGE:
+		default:
+		{
+			/* not supported ts type */
+			return FAILED;
+		}
+	}
+
+	
+	return SUCCESS;
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.get_encoding_rules.
+ */
+static void get_encoding_rules(private_traffic_selector_substructure_t *this, encoding_rule_t **rules, size_t *rule_count)
+{
+	*rules = traffic_selector_substructure_encodings;
+	*rule_count = sizeof(traffic_selector_substructure_encodings) / sizeof(encoding_rule_t);
+}
+
+/**
+ * Implementation of payload_t.get_type.
+ */
+static payload_type_t get_payload_type(private_traffic_selector_substructure_t *this)
+{
+	return TRAFFIC_SELECTOR_SUBSTRUCTURE;
+}
+
+/**
+ * Implementation of payload_t.get_next_type.
+ */
+static payload_type_t get_next_type(private_traffic_selector_substructure_t *this)
+{
+	return 0;
+}
+
+/**
+ * Implementation of payload_t.set_next_type.
+ */
+static void set_next_type(private_traffic_selector_substructure_t *this,payload_type_t type)
+{
+}
+
+/**
+ * Implementation of payload_t.get_length.
+ */
+static size_t get_length(private_traffic_selector_substructure_t *this)
+{
+	return this->payload_length;
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.get_ts_type.
+ */
+static ts_type_t get_ts_type (private_traffic_selector_substructure_t *this)
+{
+	return this->ts_type;
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.set_ts_type.
+ */
+static void set_ts_type (private_traffic_selector_substructure_t *this,ts_type_t ts_type)
+{
+	this->ts_type = ts_type;
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.get_protocol_id.
+ */
+static u_int8_t get_protocol_id (private_traffic_selector_substructure_t *this)
+{
+	return this->ip_protocol_id;
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.set_protocol_id.
+ */	
+static void set_protocol_id (private_traffic_selector_substructure_t *this,u_int8_t protocol_id)
+{
+	this->ip_protocol_id = protocol_id;
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.get_start_host.
+ */
+static host_t * get_start_host (private_traffic_selector_substructure_t *this)
+{
+	return (host_create_from_chunk(AF_INET,this->starting_address, this->start_port));
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.set_start_host.
+ */
+static void set_start_host (private_traffic_selector_substructure_t *this,host_t *start_host)
+{
+	this->start_port = start_host->get_port(start_host);
+	if (this->starting_address.ptr != NULL)
+	{
+		allocator_free_chunk(&(this->starting_address));
+	}
+	this->starting_address = start_host->get_address_as_chunk(start_host);
+	this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH + this->starting_address.len + this->ending_address.len;
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.get_end_host.
+ */
+static host_t *get_end_host (private_traffic_selector_substructure_t *this)
+{
+	return (host_create_from_chunk(AF_INET,this->ending_address, this->end_port));
+}
+
+/**
+ * Implementation of traffic_selector_substructure_t.set_end_host.
+ */
+static void set_end_host (private_traffic_selector_substructure_t *this,host_t *end_host)
+{
+	this->end_port = end_host->get_port(end_host);
+	if (this->ending_address.ptr != NULL)
+	{
+		allocator_free_chunk(&(this->ending_address));
+	}
+	this->ending_address = end_host->get_address_as_chunk(end_host);
+	this->payload_length = TRAFFIC_SELECTOR_HEADER_LENGTH + this->starting_address.len + this->ending_address.len;	
+}
+
+/**
+ * Implementation of payload_t.destroy and traffic_selector_substructure_t.destroy.
+ */
+static void destroy(private_traffic_selector_substructure_t *this)
+{
+	
+	if (this->starting_address.ptr != NULL)
+	{
+		allocator_free_chunk(&(this->starting_address));
+	}
+	
+	if (this->ending_address.ptr != NULL)
+	{
+		allocator_free_chunk(&(this->ending_address));
+	}
+	
+	allocator_free(this);	
+}
+
+/*
+ * Described in header
+ */
+traffic_selector_substructure_t *traffic_selector_substructure_create(bool is_initiator)
+{
+	private_traffic_selector_substructure_t *this = allocator_alloc_thing(private_traffic_selector_substructure_t);
+
+	/* interface functions */
+	this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
+	this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
+	this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
+	this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
+	this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
+	this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
+	this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
+	
+	/* public functions */
+	this->public.destroy = (void (*) (traffic_selector_substructure_t *)) destroy;
+	this->public.get_ts_type = (ts_type_t (*) (traffic_selector_substructure_t *)) get_ts_type;
+	this->public.set_ts_type = (void (*) (traffic_selector_substructure_t *,ts_type_t)) set_ts_type;
+	this->public.get_protocol_id = (u_int8_t (*) (traffic_selector_substructure_t *)) get_protocol_id;
+	this->public.set_protocol_id = (void (*) (traffic_selector_substructure_t *,u_int8_t)) set_protocol_id;
+	this->public.get_start_host = (host_t * (*) (traffic_selector_substructure_t *))get_start_host;
+	this->public.set_start_host = (void (*) (traffic_selector_substructure_t *, host_t *))set_start_host;
+	this->public.get_end_host = (host_t * (*) (traffic_selector_substructure_t *))get_end_host;
+	this->public.set_end_host = (void (*) (traffic_selector_substructure_t *, host_t *))set_end_host;
+	
+	
+	/* private variables */
+	this->payload_length =TRAFFIC_SELECTOR_HEADER_LENGTH;
+	this->start_port = 0;
+	this->end_port = 0;
+	this->starting_address = CHUNK_INITIALIZER;
+	this->ending_address = CHUNK_INITIALIZER;
+	this->ip_protocol_id = 0;
+	/* must be set to be valid */
+	this->ts_type = TS_IPV4_ADDR_RANGE;
+
+	return (&(this->public));
+}
diff --git a/Source/charon/encoding/payloads/traffic_selector_substructure.h b/Source/charon/encoding/payloads/traffic_selector_substructure.h
new file mode 100644
index 000000000..43e697415
--- /dev/null
+++ b/Source/charon/encoding/payloads/traffic_selector_substructure.h
@@ -0,0 +1,175 @@
+/**
+ * @file traffic_selector_substructure.h
+ * 
+ * @brief Interface of traffic_selector_substructure_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+
+#ifndef TRAFFIC_SELECTOR_SUBSTRUCTURE_H_
+#define TRAFFIC_SELECTOR_SUBSTRUCTURE_H_
+
+#include <types.h>
+#include <encoding/payloads/payload.h>
+#include <network/host.h>
+
+/**
+ * Length of a TRAFFIC SELECTOR SUBSTRUCTURE without start and end address.
+ * 
+ * @ingroup payloads
+ */
+#define TRAFFIC_SELECTOR_HEADER_LENGTH 8
+
+
+typedef enum ts_type_t ts_type_t;
+
+/**
+ * Traffic selector Types.
+ * 
+ * @ingroup payloads
+ */
+enum ts_type_t {
+	/*
+	 * A range of IPv4 addresses, represented by two four (4) octet
+     * values.  The first value is the beginning IPv4 address
+     * (inclusive) and the second value is the ending IPv4 address
+     * (inclusive). All addresses falling between the two specified
+     * addresses are considered to be within the list.
+     */
+	TS_IPV4_ADDR_RANGE = 7,
+	/*
+	 * A range of IPv6 addresses, represented by two sixteen (16)
+     * octet values.  The first value is the beginning IPv6 address
+     * (inclusive) and the second value is the ending IPv6 address
+     * (inclusive). All addresses falling between the two specified
+     *  addresses are considered to be within the list.
+	 */
+	TS_IPV6_ADDR_RANGE = 8
+};
+
+extern mapping_t ts_type_m[];
+
+typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
+
+/**
+ * Object representing an IKEv2 TRAFFIC SELECTOR.
+ * 
+ * The TRAFFIC SELECTOR format is described in draft section 3.13.1.
+ * 
+ * @ingroup payloads
+ * 
+ */
+struct traffic_selector_substructure_t {
+	/**
+	 * The payload_t interface.
+	 */
+	payload_t payload_interface;
+	
+	/**
+	 * @brief Get the type of Traffic selector.
+	 *
+	 * @param this 		calling traffic_selector_substructure_t object
+	 * @return			type of traffic selector
+	 *  
+	 */
+	ts_type_t (*get_ts_type) (traffic_selector_substructure_t *this);
+	
+	/**
+	 * @brief Set the type of Traffic selector.
+	 *
+	 * @param this 		calling traffic_selector_substructure_t object
+	 * @param ts_type	type of traffic selector	
+	 */
+	void (*set_ts_type) (traffic_selector_substructure_t *this,ts_type_t ts_type);
+	
+	/**
+	 * @brief Get the IP protocol ID of Traffic selector.
+	 *
+	 * @param this 		calling traffic_selector_substructure_t object
+	 * @return			type of traffic selector
+	 *  
+	 */
+	u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this);
+	
+	/**
+	 * @brief Set the IP protocol ID of Traffic selector
+	 *
+	 * @param this 			calling traffic_selector_substructure_t object
+	 * @param protocol_id	protocol ID of traffic selector	
+	 */
+	void (*set_protocol_id) (traffic_selector_substructure_t *this,u_int8_t protocol_id);
+	
+	/**
+	 * @brief Get the start port and address as host_t object.
+	 *
+	 * Returned host_t object has to get destroyed by the caller.
+	 * 
+	 * @param this 		calling traffic_selector_substructure_t object
+	 * @return			start host as host_t object
+	 *  
+	 */
+	host_t *(*get_start_host) (traffic_selector_substructure_t *this);
+	
+	/**
+	 * @brief Set the start port and address as host_t object.
+	 *
+	 * @param this 			calling traffic_selector_substructure_t object
+	 * @param start_host	start host as host_t object
+	 */
+	void (*set_start_host) (traffic_selector_substructure_t *this,host_t *start_host);
+	
+	/**
+	 * @brief Get the end port and address as host_t object.
+	 *
+	 * Returned host_t object has to get destroyed by the caller.
+	 * 
+	 * @param this 		calling traffic_selector_substructure_t object
+	 * @return			end host as host_t object
+	 *  
+	 */
+	host_t *(*get_end_host) (traffic_selector_substructure_t *this);
+	
+	/**
+	 * @brief Set the end port and address as host_t object.
+	 *
+	 * @param this 		calling traffic_selector_substructure_t object
+	 * @param end_host	end host as host_t object
+	 */
+	void (*set_end_host) (traffic_selector_substructure_t *this,host_t *end_host);
+	
+	/**
+	 * @brief Destroys an traffic_selector_substructure_t object.
+	 *
+	 * @param this 	traffic_selector_substructure_t object to destroy
+	 */
+	void (*destroy) (traffic_selector_substructure_t *this);
+};
+
+/**
+ * @brief Creates an empty traffic_selector_substructure_t object.
+ *
+ * TS type is set to default TS_IPV4_ADDR_RANGE!
+ *  
+ * @return				created traffic_selector_substructure_t object
+ * 
+ * @ingroup payloads
+ */
+traffic_selector_substructure_t *traffic_selector_substructure_create();
+
+
+#endif //TRAFFIC_SELECTOR_SUBSTRUCTURE_H_
diff --git a/Source/charon/encoding/payloads/ts_payload.c b/Source/charon/encoding/payloads/ts_payload.c
new file mode 100644
index 000000000..2e7df5b6d
--- /dev/null
+++ b/Source/charon/encoding/payloads/ts_payload.c
@@ -0,0 +1,317 @@
+/**
+ * @file ts_payload.c
+ * 
+ * @brief Implementation of ts_payload_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "ts_payload.h"
+
+#include <encoding/payloads/encodings.h>
+#include <utils/allocator.h>
+#include <utils/linked_list.h>
+
+typedef struct private_ts_payload_t private_ts_payload_t;
+
+/**
+ * Private data of an ts_payload_t object.
+ * 
+ */
+struct private_ts_payload_t {
+	/**
+	 * Public ts_payload_t interface.
+	 */
+	ts_payload_t public;
+	
+	/**
+	 * TRUE if this TS payload is of type TSi, FALSE for TSr.
+	 */
+	bool is_initiator;
+	
+	/**
+	 * Next payload type.
+	 */
+	u_int8_t  next_payload;
+
+	/**
+	 * Critical flag.
+	 */
+	bool critical;
+	
+	/**
+	 * Length of this payload.
+	 */
+	u_int16_t payload_length;
+	
+	/**
+	 * Number of traffic selectors
+	 */
+	u_int8_t number_of_traffic_selectors;
+	
+	/**
+	 * Contains the traffic selectors of type traffic_selector_substructure_t.
+	 */
+	linked_list_t *traffic_selectors;
+	
+	/**
+	 * @brief Computes the length of this payload.
+	 *
+	 * @param this 	calling private_ts_payload_t object
+	 */
+	void (*compute_length) (private_ts_payload_t *this);
+};
+
+/**
+ * Encoding rules to parse or generate a TS payload
+ * 
+ * The defined offsets are the positions in a object of type 
+ * private_ts_payload_t.
+ * 
+ */
+encoding_rule_t ts_payload_encodings[] = {
+ 	/* 1 Byte next payload type, stored in the field next_payload */
+	{ U_INT_8,			offsetof(private_ts_payload_t, next_payload) 				},
+	/* the critical bit */
+	{ FLAG,				offsetof(private_ts_payload_t, critical) 					},
+ 	/* 7 Bit reserved bits, nowhere stored */
+	{ RESERVED_BIT,	0 																},
+	{ RESERVED_BIT,	0 																},
+	{ RESERVED_BIT,	0 																},
+	{ RESERVED_BIT,	0 																},
+	{ RESERVED_BIT,	0 																},
+	{ RESERVED_BIT,	0 																},
+	{ RESERVED_BIT,	0 																},
+	/* Length of the whole payload*/	
+	{ PAYLOAD_LENGTH,	offsetof(private_ts_payload_t, payload_length)},
+ 	/* 1 Byte TS type*/
+	{ U_INT_8,			offsetof(private_ts_payload_t, number_of_traffic_selectors)	},
+	/* 3 reserved bytes */
+	{ RESERVED_BYTE,	0 															},
+	{ RESERVED_BYTE,	0 															},
+	{ RESERVED_BYTE,	0 															},
+	/* some ts data bytes, length is defined in PAYLOAD_LENGTH */
+	{ TRAFFIC_SELECTORS,	offsetof(private_ts_payload_t, traffic_selectors)		}
+};
+
+/*
+                           1                   2                   3
+       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      ! Next Payload  !C!  RESERVED   !         Payload Length        !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      ! Number of TSs !                 RESERVED                      !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      !                                                               !
+      ~                       <Traffic Selectors>                     ~
+      !                                                               !
+      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+/**
+ * Implementation of payload_t.verify.
+ */
+static status_t verify(private_ts_payload_t *this)
+{
+	iterator_t *iterator;
+	status_t status;
+	
+	if (this->critical)
+	{
+		/* critical bit is set! */
+		return FAILED;
+	}
+	if (this->number_of_traffic_selectors != (this->traffic_selectors->get_count(this->traffic_selectors)))
+	{
+		/* must be the same */
+		return FAILED;
+	}
+	
+	iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE);
+	
+	while(iterator->has_next(iterator))
+	{
+		payload_t *current_traffic_selector;
+		iterator->current(iterator,(void **)&current_traffic_selector);
+
+		status = current_traffic_selector->verify(current_traffic_selector);
+		if (status != SUCCESS)
+		{
+			break;
+		}
+	}
+	
+	iterator->destroy(iterator);
+	
+	
+	return status;
+}
+
+/**
+ * Implementation of ts_payload_t.get_encoding_rules.
+ */
+static void get_encoding_rules(private_ts_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
+{
+	*rules = ts_payload_encodings;
+	*rule_count = sizeof(ts_payload_encodings) / sizeof(encoding_rule_t);
+}
+
+/**
+ * Implementation of payload_t.get_type.
+ */
+static payload_type_t get_payload_type(private_ts_payload_t *this)
+{
+	return ((this->is_initiator) ? TRAFFIC_SELECTOR_INITIATOR : TRAFFIC_SELECTOR_RESPONDER);
+}
+
+/**
+ * Implementation of payload_t.get_next_type.
+ */
+static payload_type_t get_next_type(private_ts_payload_t *this)
+{
+	return (this->next_payload);
+}
+
+/**
+ * Implementation of payload_t.set_next_type.
+ */
+static void set_next_type(private_ts_payload_t *this,payload_type_t type)
+{
+	this->next_payload = type;
+}
+
+/**
+ * Implementation of payload_t.get_length.
+ */
+static size_t get_length(private_ts_payload_t *this)
+{
+	this->compute_length(this);
+	return this->payload_length;
+}
+
+/**
+ * Implementation of ts_payload_t.get_initiator.
+ */
+static bool get_initiator (private_ts_payload_t *this)
+{
+	return (this->is_initiator);
+}
+
+/**
+ * Implementation of ts_payload_t.set_initiator.
+ */
+static void set_initiator (private_ts_payload_t *this,bool is_initiator)
+{
+	this->is_initiator = is_initiator;
+}
+
+/**
+ * Implementation of ts_payload_t.add_traffic_selector_substructure.
+ */
+static void add_traffic_selector_substructure (private_ts_payload_t *this,traffic_selector_substructure_t *traffic_selector)
+{
+	this->traffic_selectors->insert_last(this->traffic_selectors,traffic_selector);
+	this->number_of_traffic_selectors= this->traffic_selectors->get_count(this->traffic_selectors);
+}
+
+/**
+ * Implementation of ts_payload_t.create_traffic_selector_substructure_iterator.
+ */
+static iterator_t * create_traffic_selector_substructure_iterator (private_ts_payload_t *this, bool forward)
+{
+	return this->traffic_selectors->create_iterator(this->traffic_selectors,forward);
+}
+
+/**
+ * Implementation of private_ts_payload_t.compute_length.
+ */
+static void compute_length (private_ts_payload_t *this)
+{
+	iterator_t *iterator;
+	size_t ts_count = 0;
+	size_t length = TS_PAYLOAD_HEADER_LENGTH;
+	iterator = this->traffic_selectors->create_iterator(this->traffic_selectors,TRUE);
+	while (iterator->has_next(iterator))
+	{
+		payload_t * current_traffic_selector;
+		iterator->current(iterator,(void **) &current_traffic_selector);
+		length += current_traffic_selector->get_length(current_traffic_selector);
+		ts_count++;
+	}
+	iterator->destroy(iterator);
+	
+	this->number_of_traffic_selectors= ts_count;
+	this->payload_length = length;	
+
+}
+
+
+/**
+ * Implementation of payload_t.destroy and ts_payload_t.destroy.
+ */
+static void destroy(private_ts_payload_t *this)
+{
+	while (this->traffic_selectors->get_count(this->traffic_selectors) > 0)
+	{
+		payload_t *current_traffic_selector;
+		
+		this->traffic_selectors->remove_last(this->traffic_selectors,(void **) &current_traffic_selector);
+		
+		current_traffic_selector->destroy(current_traffic_selector);
+	}
+	
+	this->traffic_selectors->destroy(this->traffic_selectors);
+		
+	allocator_free(this);	
+}
+
+/*
+ * Described in header
+ */
+ts_payload_t *ts_payload_create(bool is_initiator)
+{
+	private_ts_payload_t *this = allocator_alloc_thing(private_ts_payload_t);
+
+	/* interface functions */
+	this->public.payload_interface.verify = (status_t (*) (payload_t *))verify;
+	this->public.payload_interface.get_encoding_rules = (void (*) (payload_t *, encoding_rule_t **, size_t *) ) get_encoding_rules;
+	this->public.payload_interface.get_length = (size_t (*) (payload_t *)) get_length;
+	this->public.payload_interface.get_next_type = (payload_type_t (*) (payload_t *)) get_next_type;
+	this->public.payload_interface.set_next_type = (void (*) (payload_t *,payload_type_t)) set_next_type;
+	this->public.payload_interface.get_type = (payload_type_t (*) (payload_t *)) get_payload_type;
+	this->public.payload_interface.destroy = (void (*) (payload_t *))destroy;
+	
+	/* public functions */
+	this->public.destroy = (void (*) (ts_payload_t *)) destroy;
+	this->public.get_initiator = (bool (*) (ts_payload_t *)) get_initiator;
+	this->public.set_initiator = (void (*) (ts_payload_t *,bool)) set_initiator;
+	this->public.add_traffic_selector_substructure = (void (*) (ts_payload_t *,traffic_selector_substructure_t *)) add_traffic_selector_substructure;
+	this->public.create_traffic_selector_substructure_iterator = (iterator_t* (*) (ts_payload_t *,bool)) create_traffic_selector_substructure_iterator;
+	
+	/* private functions */
+	this->compute_length = compute_length;
+	
+	/* private variables */
+	this->critical = FALSE;
+	this->next_payload = NO_PAYLOAD;
+	this->payload_length =TS_PAYLOAD_HEADER_LENGTH;
+	this->is_initiator = is_initiator;
+	this->number_of_traffic_selectors=0;
+	this->traffic_selectors = linked_list_create();
+
+	return (&(this->public));
+}
diff --git a/Source/charon/encoding/payloads/ts_payload.h b/Source/charon/encoding/payloads/ts_payload.h
new file mode 100644
index 000000000..02cd3a410
--- /dev/null
+++ b/Source/charon/encoding/payloads/ts_payload.h
@@ -0,0 +1,127 @@
+/**
+ * @file ts_payload.h
+ * 
+ * @brief Interface of ts_payload_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+
+#ifndef TS_PAYLOAD_H_
+#define TS_PAYLOAD_H_
+
+#include <types.h>
+#include <utils/iterator.h>
+#include <encoding/payloads/payload.h>
+#include <encoding/payloads/traffic_selector_substructure.h>
+
+/**
+ * Length of a TS payload without the Traffic selectors.
+ * 
+ * @ingroup payloads
+ */
+#define TS_PAYLOAD_HEADER_LENGTH 8
+
+
+typedef struct ts_payload_t ts_payload_t;
+
+/**
+ * Object representing an IKEv2 TS payload.
+ * 
+ * The TS payload format is described in draft section 3.13.
+ * 
+ * @ingroup payloads
+ * 
+ */
+struct ts_payload_t {
+	/**
+	 * The payload_t interface.
+	 */
+	payload_t payload_interface;
+	
+	/**
+	 * @brief Get the type of TSpayload (TSi or TSr).
+	 *
+	 * @param this 			calling id_payload_t object
+	 * @return
+	 * 						- TRUE if this payload is of type TSi
+	 * 						- FALSE if this payload is of type TSr
+	 * 
+	 */
+	bool (*get_initiator) (ts_payload_t *this);
+	
+	/**
+	 * @brief Set the type of TS payload (TSi or TSr).
+	 *
+	 * @param this 			calling id_payload_t object
+	 * @param is_initiator	
+	 * 						- TRUE if this payload is of type TSi
+	 * 						- FALSE if this payload is of type TSr
+	 * 
+	 */
+	void (*set_initiator) (ts_payload_t *this,bool is_initiator);
+	
+	/**
+	 * @brief Adds a traffic_selector_substructure_t object to this object.
+	 * 
+	 * @warning The added traffic_selector_substructure_t object  is 
+	 * 			getting destroyed in destroy function of ts_payload_t.
+	 *
+	 * @param this 				calling ts_payload_t object
+	 * @param traffic_selector  traffic_selector_substructure_t object to add
+	 */
+	void (*add_traffic_selector_substructure) (ts_payload_t *this,traffic_selector_substructure_t *traffic_selector);
+	
+	/**
+	 * @brief Creates an iterator of stored traffic_selector_substructure_t objects.
+	 * 
+	 * @warning The created iterator has to get destroyed by the caller!
+	 * 
+	 * @warning When removing an traffic_selector_substructure_t object 
+	 * 			using this iterator, the length of this payload 
+	 * 			has to get refreshed by calling payload_t.get_length!
+	 *
+	 * @param this 			calling ts_payload_t object
+	 * @param[in] forward 	iterator direction (TRUE: front to end)
+	 * @return				created iterator_t object
+	 */
+	iterator_t *(*create_traffic_selector_substructure_iterator) (ts_payload_t *this, bool forward);
+
+	/**
+	 * @brief Destroys an ts_payload_t object.
+	 *
+	 * @param this 	ts_payload_t object to destroy
+	 */
+	void (*destroy) (ts_payload_t *this);
+};
+
+/**
+ * @brief Creates an empty id_payload_t object.
+ * 
+ * 
+ * @param is_initiator	
+ * 						- TRUE if this payload is of type TSi
+ * 						- FALSE if this payload is of type TSr
+ * 
+ * @return				created id_payload_t object
+ * 
+ * @ingroup payloads
+ */
+ts_payload_t *ts_payload_create(bool is_initiator);
+
+
+#endif //TS_PAYLOAD_H_
diff --git a/Source/charon/network/host.c b/Source/charon/network/host.c
index 65dcf7b3f..43861238f 100644
--- a/Source/charon/network/host.c
+++ b/Source/charon/network/host.c
@@ -89,6 +89,32 @@ static char *get_address(private_host_t *this)
 }
 
 /**
+ * Implementation of host_t.get_address_as_chunk.
+ */
+static chunk_t get_address_as_chunk(private_host_t *this)
+{
+	chunk_t address = CHUNK_INITIALIZER;
+	
+	switch (this->family) 
+	{
+		case AF_INET: 
+		{
+			/* allocate 4 bytes for IPV4 address*/
+			address.ptr = allocator_alloc(4);
+			address.len = 4;
+			struct sockaddr_in *sin = (struct sockaddr_in*)&(this->address);
+			memcpy(address.ptr,&(sin->sin_addr.s_addr),4);
+		}
+		default:
+		{
+			/* empty chunk is returned */
+			return address;
+		}
+	}
+	
+}
+
+/**
  * implements host_t.get_port
  */
 static u_int16_t get_port(private_host_t *this)
@@ -128,7 +154,7 @@ static private_host_t *clone(private_host_t *this)
 
 
 /*
- * see header
+ * Described in header.
  */
 host_t *host_create(int family, char *address, u_int16_t port)
 {
@@ -138,6 +164,7 @@ host_t *host_create(int family, char *address, u_int16_t port)
 	this->public.get_sockaddr_len = (socklen_t*(*) (host_t*))get_sockaddr_len;
 	this->public.clone = (host_t* (*) (host_t*))clone;
 	this->public.get_address = (char* (*) (host_t *))get_address;
+	this->public.get_address_as_chunk = (chunk_t (*) (host_t *)) get_address_as_chunk;
 	this->public.get_port = (u_int16_t (*) (host_t *))get_port;
 	this->public.destroy = (void (*) (host_t*))destroy;
 	
@@ -159,3 +186,40 @@ host_t *host_create(int family, char *address, u_int16_t port)
 	allocator_free(this);
 	return NULL;
 }
+
+/*
+ * Described in header.
+ */
+host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port)
+{
+	private_host_t *this = allocator_alloc_thing(private_host_t);
+	
+	this->public.get_sockaddr = (sockaddr_t* (*) (host_t*))get_sockaddr;
+	this->public.get_sockaddr_len = (socklen_t*(*) (host_t*))get_sockaddr_len;
+	this->public.clone = (host_t* (*) (host_t*))clone;
+	this->public.get_address = (char* (*) (host_t *))get_address;
+	this->public.get_address_as_chunk = (chunk_t (*) (host_t *)) get_address_as_chunk;
+	this->public.get_port = (u_int16_t (*) (host_t *))get_port;
+	this->public.destroy = (void (*) (host_t*))destroy;
+	
+	this->family = family;
+
+	if (address.len == 4)
+	{
+		switch (family)
+		{
+			/* IPv4 */
+			case AF_INET:
+			{
+				struct sockaddr_in *sin = (struct sockaddr_in*)&(this->address);
+				sin->sin_family = AF_INET;
+				memcpy(&(sin->sin_addr.s_addr),address.ptr,4);
+				sin->sin_port = htons(port);
+				this->socklen = sizeof(struct sockaddr_in);
+				return (host_t*)this;
+			}
+		}
+	}
+	allocator_free(this);
+	return NULL;
+}
diff --git a/Source/charon/network/host.h b/Source/charon/network/host.h
index a430d7134..fa06b1474 100644
--- a/Source/charon/network/host.h
+++ b/Source/charon/network/host.h
@@ -79,12 +79,22 @@ struct host_t {
 	 * @brief get the address of this host
 	 * 
 	 * Mostly used for debugging purposes. 
-	 * @warging string must NOT be freed
+	 * @warning string must NOT be freed
 	 * 
 	 * @param this			object to clone
 	 * @return				address string, 
 	 */
 	char* (*get_address) (host_t *this);
+	
+	/** 
+	 * @brief get the address of this host as chunk_t
+	 * 
+	 * @warning returned chunk has to get destroyed by caller.
+	 * 
+	 * @param this			object to clone
+	 * @return				address string, 
+	 */
+	chunk_t (*get_address_as_chunk) (host_t *this);
 		
 	/** 
 	 * @brief get the port of this host
@@ -121,4 +131,19 @@ struct host_t {
  */
 host_t *host_create(int family, char *address, u_int16_t port);
 
+/**
+ * @brief Constructor to create a host_t object
+ * 
+ * Currently supports only IPv4!
+ *
+ * @param family 		Address family to use for this object, such as AF_INET or AF_INET6
+ * @param address		address as 4 byte chunk_t in networ order
+ * @param port			port number
+ * @return 				
+ * 						- the host_t object, or 
+ * 						- NULL, when family not supported or chunk_t length not 4 bytes.
+ * 
+ * @ingroup network
+ */
+host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port);
 #endif /*HOST_H_*/
diff --git a/Source/charon/testcases/generator_test.c b/Source/charon/testcases/generator_test.c
index d53a8e7ce..6f13eecea 100644
--- a/Source/charon/testcases/generator_test.c
+++ b/Source/charon/testcases/generator_test.c
@@ -40,6 +40,7 @@
 #include <encoding/payloads/nonce_payload.h>
 #include <encoding/payloads/id_payload.h>
 #include <encoding/payloads/auth_payload.h>
+#include <encoding/payloads/ts_payload.h>
 
 /*
  * Described in Header 
@@ -838,3 +839,87 @@ void test_generator_with_auth_payload(tester_t *tester)
 		
 	charon->logger_manager->destroy_logger(charon->logger_manager,logger);	
 }
+
+/*
+ * Described in header.
+ */ 
+void test_generator_with_ts_payload(tester_t *tester)
+{
+	generator_t *generator;
+	ts_payload_t *ts_payload;
+	traffic_selector_substructure_t *ts1, *ts2;
+	host_t *start_host1, *start_host2, *end_host1, *end_host2;
+	logger_t *logger;
+	chunk_t generated_data;
+	
+	logger = charon->logger_manager->create_logger(charon->logger_manager,TESTER,"Message with TS Payload");
+	
+	/* create generator */
+	generator = generator_create();
+	tester->assert_true(tester,(generator != NULL), "generator create check");
+
+	ts_payload = ts_payload_create(TRUE);
+	
+	/* first traffic selector */
+	ts1 = traffic_selector_substructure_create();
+	
+	start_host1 = host_create(AF_INET,"192.168.1.0",500);
+	ts1->set_start_host(ts1,start_host1);
+	start_host1->destroy(start_host1);
+
+	end_host1 = host_create(AF_INET,"192.168.1.255",500);
+	ts1->set_end_host(ts1,end_host1);
+	end_host1->destroy(end_host1);
+
+	ts_payload->add_traffic_selector_substructure(ts_payload,ts1);
+
+	/* second traffic selector */
+
+	ts2 = traffic_selector_substructure_create();
+	
+	start_host2 = host_create(AF_INET,"0.0.0.0",0);
+	ts2->set_start_host(ts2,start_host2);
+	ts2->set_protocol_id(ts2,3);
+	start_host2->destroy(start_host2);
+
+	end_host2 = host_create(AF_INET,"255.255.255.255",65535);
+	ts2->set_end_host(ts2,end_host2);
+	end_host2->destroy(end_host2);
+
+	ts_payload->add_traffic_selector_substructure(ts_payload,ts2);
+
+	
+	generator->generate_payload(generator,(payload_t *)ts_payload);
+	generator->write_to_chunk(generator,&generated_data);
+	logger->log_chunk(logger,RAW,"generated payload",&generated_data);	
+	
+
+	u_int8_t expected_generation[] = {
+		/* payload header */
+		0x00,0x00,0x00,0x28,
+		0x02,0x00,0x00,0x00,
+		
+		/* traffic selector 1 */
+		0x07,0x00,0x00,0x10,
+		0x01,0xF4,0x01,0xF4,
+		0xC0,0xA8,0x01,0x00,
+		0xC0,0xA8,0x01,0xFF,
+
+		/* traffic selector 2 */
+		0x07,0x03,0x00,0x10,
+		0x00,0x00,0xFF,0xFF,
+		0x00,0x00,0x00,0x00,
+		0xFF,0xFF,0xFF,0xFF,			
+	};
+	
+	logger->log_bytes(logger,RAW,"expected payload",expected_generation,sizeof(expected_generation));	
+	
+	tester->assert_true(tester,(memcmp(expected_generation,generated_data.ptr,sizeof(expected_generation)) == 0), "compare generated data");
+
+	allocator_free_chunk(&generated_data);
+	
+	ts_payload->destroy(ts_payload);
+	generator->destroy(generator);
+		
+	charon->logger_manager->destroy_logger(charon->logger_manager,logger);	
+}
diff --git a/Source/charon/testcases/generator_test.h b/Source/charon/testcases/generator_test.h
index c0f2a6206..34c054a82 100644
--- a/Source/charon/testcases/generator_test.h
+++ b/Source/charon/testcases/generator_test.h
@@ -116,5 +116,14 @@ void test_generator_with_id_payload(tester_t *tester);
  */
 void test_generator_with_auth_payload(tester_t *tester);
 
+/**
+ * @brief Test function used to test the generator with TS payload.
+ * 
+ * @param tester associated tester_t object
+ * 
+ * @ingroup testcases
+ */
+void test_generator_with_ts_payload(tester_t *tester);
+
 
 #endif /*GENERATOR_TEST_H_*/
diff --git a/Source/charon/testcases/parser_test.c b/Source/charon/testcases/parser_test.c
index f07773504..f6f0fb202 100644
--- a/Source/charon/testcases/parser_test.c
+++ b/Source/charon/testcases/parser_test.c
@@ -36,7 +36,7 @@
 #include <encoding/payloads/ke_payload.h>
 #include <encoding/payloads/notify_payload.h>
 #include <encoding/payloads/auth_payload.h>
-
+#include <encoding/payloads/ts_payload.h>
 
 
 /*
@@ -385,3 +385,90 @@ void test_parser_with_auth_payload(tester_t *tester)
 	auth_payload->destroy(auth_payload);
 	allocator_free_chunk(&result);
 }
+
+/*
+ * Described in Header 
+ */
+void test_parser_with_ts_payload(tester_t *tester)
+{
+	parser_t *parser;
+	ts_payload_t *ts_payload;
+	status_t status;
+	chunk_t ts_chunk;
+	traffic_selector_substructure_t *ts1, *ts2;
+	host_t *start_host1, *start_host2, *end_host1, *end_host2;
+	iterator_t *iterator;
+	
+	u_int8_t ts_bytes[] = {
+		/* payload header */
+		0x00,0x00,0x00,0x28,
+		0x02,0x00,0x00,0x00,
+		
+			/* traffic selector 1 */
+			0x07,0x00,0x00,0x10,
+			0x01,0xF4,0x01,0xF4,
+			0xC0,0xA8,0x01,0x00,
+			0xC0,0xA8,0x01,0xFF,
+
+			/* traffic selector 2 */
+			0x07,0x03,0x00,0x10,
+			0x00,0x00,0xFF,0xFF,
+			0x00,0x00,0x00,0x00,
+			0xFF,0xFF,0xFF,0xFF,			
+	};
+	
+	ts_chunk.ptr = ts_bytes;
+	ts_chunk.len = sizeof(ts_bytes);
+
+	parser = parser_create(ts_chunk);
+	tester->assert_true(tester,(parser != NULL), "parser create check");
+	status = parser->parse_payload(parser, TRAFFIC_SELECTOR_RESPONDER, (payload_t**)&ts_payload);
+	tester->assert_true(tester,(status == SUCCESS),"parse_payload call check");
+	parser->destroy(parser);
+	
+	if (status != SUCCESS)
+	{
+		return;	
+	}
+	
+	iterator = ts_payload->create_traffic_selector_substructure_iterator(ts_payload,TRUE);
+	
+	tester->assert_true(tester,(iterator->has_next(iterator)), "has next check");
+
+	/* check first ts */
+	iterator->current(iterator,(void **)&ts1);
+	tester->assert_true(tester,(ts1->get_protocol_id(ts1) == 0), "ip protocol id check");
+	start_host1 = ts1->get_start_host(ts1);
+	end_host1 = ts1->get_end_host(ts1);
+	tester->assert_true(tester,(start_host1->get_port(start_host1) == 500), "start port check");
+	tester->assert_true(tester,(end_host1->get_port(end_host1) == 500), "start port check");
+	tester->assert_true(tester,(memcmp(start_host1->get_address(start_host1),"192.168.1.0",strlen("192.168.1.0")) == 0), "start address check");
+	tester->assert_true(tester,(memcmp(end_host1->get_address(end_host1),"192.168.1.255",strlen("192.168.1.255")) == 0), "end address check");
+	
+	start_host1->destroy(start_host1);
+	end_host1->destroy(end_host1);
+
+	tester->assert_true(tester,(iterator->has_next(iterator)), "has next check");
+
+	/* check second ts */
+
+	iterator->current(iterator,(void **)&ts2);
+	
+	tester->assert_true(tester,(ts2->get_protocol_id(ts2) == 3), "ip protocol id check");
+	start_host2 = ts2->get_start_host(ts2);
+	end_host2 = ts2->get_end_host(ts2);
+	tester->assert_true(tester,(start_host2->get_port(start_host2) == 0), "start port check");
+	tester->assert_true(tester,(end_host2->get_port(end_host2) == 65535), "start port check");
+	tester->assert_true(tester,(memcmp(start_host2->get_address(start_host2),"0.0.0.0",strlen("0.0.0.0")) == 0), "start address check");
+	tester->assert_true(tester,(memcmp(end_host2->get_address(end_host2),"255.255.255.255",strlen("255.255.255.255")) == 0), "end address check");
+	start_host2->destroy(start_host2);	
+	end_host2->destroy(end_host2);
+	
+	
+	
+	tester->assert_false(tester,(iterator->has_next(iterator)), "has next check");
+	
+	iterator->destroy(iterator);
+	
+	ts_payload->destroy(ts_payload);
+}
diff --git a/Source/charon/testcases/parser_test.h b/Source/charon/testcases/parser_test.h
index e25e0356d..11af67ae5 100644
--- a/Source/charon/testcases/parser_test.h
+++ b/Source/charon/testcases/parser_test.h
@@ -95,4 +95,14 @@ void test_parser_with_notify_payload(tester_t *tester);
  */
 void test_parser_with_auth_payload(tester_t *tester);
 
+/**
+ * @brief Test function used to test the parser_t functionality when 
+ * parsing a TS payload.
+ *
+ * @param tester 	associated tester_t object
+ * 
+ * @ingroup testcases
+ */
+void test_parser_with_ts_payload(tester_t *tester);
+
 #endif /*PARSER_TEST_H_*/
diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c
index 4bf978825..6a8ddcd98 100644
--- a/Source/charon/testcases/testcases.c
+++ b/Source/charon/testcases/testcases.c
@@ -83,6 +83,7 @@ test_t generator_test7 = {test_generator_with_notify_payload,"Generator: Notify
 test_t generator_test8 = {test_generator_with_nonce_payload,"Generator: Nonce Payload"};
 test_t generator_test9 = {test_generator_with_id_payload,"Generator: ID Payload"};
 test_t generator_test10 = {test_generator_with_auth_payload,"Generator: AUTH Payload"};
+test_t generator_test11 = {test_generator_with_ts_payload,"Generator: TS Payload"};
 test_t parser_test1 = {test_parser_with_header_payload, "Parser: header payload"};
 test_t parser_test2 = {test_parser_with_sa_payload, "Parser: sa payload"};
 test_t parser_test3 = {test_parser_with_nonce_payload, "Parser: nonce payload"};
@@ -90,6 +91,7 @@ test_t parser_test4 = {test_parser_with_ke_payload, "Parser: key exchange payloa
 test_t parser_test5 = {test_parser_with_notify_payload, "Parser: notify payload"};
 test_t parser_test6 = {test_parser_with_id_payload, "Parser: ID payload"};
 test_t parser_test7 = {test_parser_with_auth_payload, "Parser: AUTH payload"};
+test_t parser_test8 = {test_parser_with_ts_payload, "Parser: TS payload"};
 test_t packet_test = {test_packet,"Packet"};
 test_t diffie_hellman_test = {test_diffie_hellman,"Diffie Hellman"};
 test_t sha1_hasher_test = {test_sha1_hasher,"SHA1 hasher"};
@@ -171,6 +173,7 @@ int main()
 		&parser_test5,
 		&parser_test6,
 		&parser_test7,
+		&parser_test8,
 		&generator_test3,
 		&generator_test4,
 		&generator_test5,
@@ -179,6 +182,7 @@ int main()
 		&generator_test8,
 		&generator_test9,
 		&generator_test10,
+		&generator_test11,
 		&ike_sa_manager_test,
 		&packet_test,
 		&diffie_hellman_test,
@@ -196,13 +200,13 @@ int main()
 	daemon_create();
  
 	charon->logger_manager->disable_logger_level(charon->logger_manager,TESTER,FULL);
-	//charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW);
+	charon->logger_manager->enable_logger_level(charon->logger_manager,TESTER,RAW);
 	
 	tester_t *tester = tester_create(test_output, FALSE);
 	
 	
-	tester->perform_tests(tester,all_tests);
-	//tester->perform_test(tester,&generator_test9); 
+//	tester->perform_tests(tester,all_tests);
+	tester->perform_test(tester,&parser_test8); 
 	
 	
 	tester->destroy(tester);