diff options
author | Tobias Brunner <tobias@strongswan.org> | 2011-11-30 16:55:24 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2012-03-20 17:31:10 +0100 |
commit | a0bea44a971baaa07704f34f94a09480af27b872 (patch) | |
tree | 600542279e18be33c1ededfc88dce1a8e9943aa2 /src/libcharon/encoding/message.c | |
parent | c5dc9d3383871e0e3b183bc2a166e45dec386ad6 (diff) | |
download | strongswan-a0bea44a971baaa07704f34f94a09480af27b872.tar.bz2 strongswan-a0bea44a971baaa07704f34f94a09480af27b872.tar.xz |
Message rules for IKEv1 NAT-T payloads added.
Diffstat (limited to 'src/libcharon/encoding/message.c')
-rw-r--r-- | src/libcharon/encoding/message.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 835073a5c..b63264bf9 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -60,6 +60,11 @@ #define MAX_CERTREQ_PAYLOADS 5 /** + * Max number of NAT-D payloads per IKEv1 message + */ +#define MAX_NAT_D_PAYLOADS 5 + +/** * A payload rule defines the rules for a payload * in a specific message rule. It defines if and how * many times a payload must/can occur in a message @@ -431,6 +436,7 @@ static payload_rule_t id_prot_i_rules[] = { {NONCE_V1, 0, 1, FALSE, FALSE}, {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {ID_V1, 0, 1, TRUE, FALSE}, {CERTIFICATE_V1, 0, 1, TRUE, FALSE}, {SIGNATURE_V1, 0, 1, TRUE, FALSE}, @@ -452,6 +458,7 @@ static payload_order_t id_prot_i_order[] = { {CERTIFICATE_REQUEST_V1, 0}, {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, + {NAT_D_V1, 0}, }; /** @@ -465,6 +472,7 @@ static payload_rule_t id_prot_r_rules[] = { {NONCE_V1, 0, 1, FALSE, FALSE}, {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {ID_V1, 0, 1, TRUE, FALSE}, {CERTIFICATE_V1, 0, 1, TRUE, FALSE}, {SIGNATURE_V1, 0, 1, TRUE, FALSE}, @@ -486,6 +494,7 @@ static payload_order_t id_prot_r_order[] = { {CERTIFICATE_REQUEST_V1, 0}, {NOTIFY_V1, 0}, {VENDOR_ID_V1, 0}, + {NAT_D_V1, 0}, }; /** @@ -499,6 +508,7 @@ static payload_rule_t aggressive_i_rules[] = { {NONCE_V1, 0, 1, FALSE, FALSE}, {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {ID_V1, 0, 1, FALSE, FALSE}, {CERTIFICATE_V1, 0, 1, FALSE, FALSE}, {SIGNATURE_V1, 0, 1, FALSE, FALSE}, @@ -515,6 +525,7 @@ static payload_order_t aggressive_i_order[] = { {NONCE_V1, 0}, {ID_V1, 0}, {CERTIFICATE_V1, 0}, + {NAT_D_V1, 0}, {SIGNATURE_V1, 0}, {HASH_V1, 0}, {CERTIFICATE_REQUEST_V1, 0}, @@ -533,6 +544,7 @@ static payload_rule_t aggressive_r_rules[] = { {NONCE_V1, 0, 1, FALSE, FALSE}, {VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE}, {CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE}, + {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE}, {ID_V1, 0, 1, FALSE, FALSE}, {CERTIFICATE_V1, 0, 1, FALSE, FALSE}, {SIGNATURE_V1, 0, 1, FALSE, FALSE}, @@ -549,6 +561,7 @@ static payload_order_t aggressive_r_order[] = { {NONCE_V1, 0}, {ID_V1, 0}, {CERTIFICATE_V1, 0}, + {NAT_D_V1, 0}, {SIGNATURE_V1, 0}, {HASH_V1, 0}, {CERTIFICATE_REQUEST_V1, 0}, @@ -588,6 +601,7 @@ static payload_rule_t quick_mode_i_rules[] = { {NONCE_V1, 0, 1, TRUE, FALSE}, {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE}, {ID_V1, 0, 2, TRUE, FALSE}, + {NAT_OA_V1, 0, 2, TRUE, FALSE}, }; /** @@ -602,6 +616,7 @@ static payload_order_t quick_mode_i_order[] = { {NONCE_V1, 0}, {KEY_EXCHANGE_V1, 0}, {ID_V1, 0}, + {NAT_OA_V1, 0}, }; /** @@ -616,6 +631,7 @@ static payload_rule_t quick_mode_r_rules[] = { {NONCE_V1, 0, 1, TRUE, FALSE}, {KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE}, {ID_V1, 0, 2, TRUE, FALSE}, + {NAT_OA_V1, 0, 2, TRUE, FALSE}, }; /** @@ -630,6 +646,7 @@ static payload_order_t quick_mode_r_order[] = { {NONCE_V1, 0}, {KEY_EXCHANGE_V1, 0}, {ID_V1, 0}, + {NAT_OA_V1, 0}, }; /** |