aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/encoding/message.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2011-11-30 16:55:24 +0100
committerTobias Brunner <tobias@strongswan.org>2012-03-20 17:31:10 +0100
commita0bea44a971baaa07704f34f94a09480af27b872 (patch)
tree600542279e18be33c1ededfc88dce1a8e9943aa2 /src/libcharon/encoding/message.c
parentc5dc9d3383871e0e3b183bc2a166e45dec386ad6 (diff)
downloadstrongswan-a0bea44a971baaa07704f34f94a09480af27b872.tar.bz2
strongswan-a0bea44a971baaa07704f34f94a09480af27b872.tar.xz
Message rules for IKEv1 NAT-T payloads added.
Diffstat (limited to 'src/libcharon/encoding/message.c')
-rw-r--r--src/libcharon/encoding/message.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 835073a5c..b63264bf9 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -60,6 +60,11 @@
#define MAX_CERTREQ_PAYLOADS 5
/**
+ * Max number of NAT-D payloads per IKEv1 message
+ */
+#define MAX_NAT_D_PAYLOADS 5
+
+/**
* A payload rule defines the rules for a payload
* in a specific message rule. It defines if and how
* many times a payload must/can occur in a message
@@ -431,6 +436,7 @@ static payload_rule_t id_prot_i_rules[] = {
{NONCE_V1, 0, 1, FALSE, FALSE},
{VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
{CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
+ {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
{ID_V1, 0, 1, TRUE, FALSE},
{CERTIFICATE_V1, 0, 1, TRUE, FALSE},
{SIGNATURE_V1, 0, 1, TRUE, FALSE},
@@ -452,6 +458,7 @@ static payload_order_t id_prot_i_order[] = {
{CERTIFICATE_REQUEST_V1, 0},
{NOTIFY_V1, 0},
{VENDOR_ID_V1, 0},
+ {NAT_D_V1, 0},
};
/**
@@ -465,6 +472,7 @@ static payload_rule_t id_prot_r_rules[] = {
{NONCE_V1, 0, 1, FALSE, FALSE},
{VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
{CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
+ {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
{ID_V1, 0, 1, TRUE, FALSE},
{CERTIFICATE_V1, 0, 1, TRUE, FALSE},
{SIGNATURE_V1, 0, 1, TRUE, FALSE},
@@ -486,6 +494,7 @@ static payload_order_t id_prot_r_order[] = {
{CERTIFICATE_REQUEST_V1, 0},
{NOTIFY_V1, 0},
{VENDOR_ID_V1, 0},
+ {NAT_D_V1, 0},
};
/**
@@ -499,6 +508,7 @@ static payload_rule_t aggressive_i_rules[] = {
{NONCE_V1, 0, 1, FALSE, FALSE},
{VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
{CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
+ {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
{ID_V1, 0, 1, FALSE, FALSE},
{CERTIFICATE_V1, 0, 1, FALSE, FALSE},
{SIGNATURE_V1, 0, 1, FALSE, FALSE},
@@ -515,6 +525,7 @@ static payload_order_t aggressive_i_order[] = {
{NONCE_V1, 0},
{ID_V1, 0},
{CERTIFICATE_V1, 0},
+ {NAT_D_V1, 0},
{SIGNATURE_V1, 0},
{HASH_V1, 0},
{CERTIFICATE_REQUEST_V1, 0},
@@ -533,6 +544,7 @@ static payload_rule_t aggressive_r_rules[] = {
{NONCE_V1, 0, 1, FALSE, FALSE},
{VENDOR_ID_V1, 0, MAX_VID_PAYLOADS, FALSE, FALSE},
{CERTIFICATE_REQUEST_V1, 0, MAX_CERTREQ_PAYLOADS, FALSE, FALSE},
+ {NAT_D_V1, 0, MAX_NAT_D_PAYLOADS, FALSE, FALSE},
{ID_V1, 0, 1, FALSE, FALSE},
{CERTIFICATE_V1, 0, 1, FALSE, FALSE},
{SIGNATURE_V1, 0, 1, FALSE, FALSE},
@@ -549,6 +561,7 @@ static payload_order_t aggressive_r_order[] = {
{NONCE_V1, 0},
{ID_V1, 0},
{CERTIFICATE_V1, 0},
+ {NAT_D_V1, 0},
{SIGNATURE_V1, 0},
{HASH_V1, 0},
{CERTIFICATE_REQUEST_V1, 0},
@@ -588,6 +601,7 @@ static payload_rule_t quick_mode_i_rules[] = {
{NONCE_V1, 0, 1, TRUE, FALSE},
{KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE},
{ID_V1, 0, 2, TRUE, FALSE},
+ {NAT_OA_V1, 0, 2, TRUE, FALSE},
};
/**
@@ -602,6 +616,7 @@ static payload_order_t quick_mode_i_order[] = {
{NONCE_V1, 0},
{KEY_EXCHANGE_V1, 0},
{ID_V1, 0},
+ {NAT_OA_V1, 0},
};
/**
@@ -616,6 +631,7 @@ static payload_rule_t quick_mode_r_rules[] = {
{NONCE_V1, 0, 1, TRUE, FALSE},
{KEY_EXCHANGE_V1, 0, 1, TRUE, FALSE},
{ID_V1, 0, 2, TRUE, FALSE},
+ {NAT_OA_V1, 0, 2, TRUE, FALSE},
};
/**
@@ -630,6 +646,7 @@ static payload_order_t quick_mode_r_order[] = {
{NONCE_V1, 0},
{KEY_EXCHANGE_V1, 0},
{ID_V1, 0},
+ {NAT_OA_V1, 0},
};
/**