diff options
| author | Martin Willi <martin@revosec.ch> | 2013-10-11 10:15:43 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-10-11 10:15:43 +0200 |
| commit | b59bcba2b38dda5f0f6301b7ae90acc58b4a069b (patch) | |
| tree | 65c3cee3a20b6f323f5887b95bd88bc1981fa59c /src/libcharon/encoding/payloads/sa_payload.c | |
| parent | 4524e128f845f8842cdf9ffecf4c1978218212cb (diff) | |
| parent | 5fdbb3c6ad49f992c5df7075f920a2a133a81860 (diff) | |
| download | strongswan-b59bcba2b38dda5f0f6301b7ae90acc58b4a069b.tar.bz2 strongswan-b59bcba2b38dda5f0f6301b7ae90acc58b4a069b.tar.xz | |
Merge branch 'ah'
Brings support for Security Associations integrity protected by the
Authentication Header protocol, both to IKEv1 and IKEv2. Currently only plain
AH is supported, but no (now deprecated) RFC2401 style AH+ESP bundles.
Diffstat (limited to 'src/libcharon/encoding/payloads/sa_payload.c')
| -rw-r--r-- | src/libcharon/encoding/payloads/sa_payload.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index 613412014..3a5bb43a6 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -341,10 +341,10 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*, { int current_proposal = -1, unsupported_proposal = -1; enumerator_t *enumerator; - proposal_substructure_t *substruct, *esp = NULL, *ipcomp = NULL; + proposal_substructure_t *substruct, *espah = NULL, *ipcomp = NULL; linked_list_t *list; - /* we currently only support the combination ESP+IPComp, find the first */ + /* we currently only support the combination ESP|AH+IPComp, find the first */ enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &substruct)) { @@ -355,25 +355,27 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*, { continue; } - if (protocol_id != PROTO_ESP && protocol_id != PROTO_IPCOMP) + if (protocol_id != PROTO_ESP && protocol_id != PROTO_AH && + protocol_id != PROTO_IPCOMP) { /* unsupported combination */ - esp = ipcomp = NULL; + espah = ipcomp = NULL; unsupported_proposal = current_proposal; continue; } if (proposal_number != current_proposal) { /* start of a new proposal */ - if (esp && ipcomp) + if (espah && ipcomp) { /* previous proposal is valid */ break; } - esp = ipcomp = NULL; + espah = ipcomp = NULL; current_proposal = proposal_number; } switch (protocol_id) { case PROTO_ESP: - esp = substruct; + case PROTO_AH: + espah = substruct; break; case PROTO_IPCOMP: ipcomp = substruct; @@ -383,9 +385,9 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*, enumerator->destroy(enumerator); list = linked_list_create(); - if (esp && ipcomp && ipcomp->get_cpi(ipcomp, cpi)) + if (espah && ipcomp && ipcomp->get_cpi(ipcomp, cpi)) { - esp->get_proposals(esp, list); + espah->get_proposals(espah, list); } return list; } |