diff options
author | Tobias Brunner <tobias@strongswan.org> | 2016-09-16 17:37:59 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-02-08 15:03:25 +0100 |
commit | d6ffa85feaf443afca66e77249159ef928e3d35e (patch) | |
tree | bf84b790b76ee601ab1082a7772c7e6d16c66507 /src/libcharon | |
parent | 5ab59221d2b365428e99e63c26a08114350ef2d1 (diff) | |
download | strongswan-d6ffa85feaf443afca66e77249159ef928e3d35e.tar.bz2 strongswan-d6ffa85feaf443afca66e77249159ef928e3d35e.tar.xz |
ikev2: Negotiate support for IKE message ID synchronisation during IKE_AUTH
Diffstat (limited to 'src/libcharon')
-rw-r--r-- | src/libcharon/sa/ike_sa.h | 5 | ||||
-rw-r--r-- | src/libcharon/sa/ikev2/tasks/ike_auth.c | 7 |
2 files changed, 12 insertions, 0 deletions
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index e78f4deb9..c8ba2fd2a 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -151,6 +151,11 @@ enum ike_extension_t { * IKEv2 Redirect Mechanism, RFC 5685 */ EXT_IKE_REDIRECTION = (1<<13), + + /** + * IKEv2 Message ID sync, RFC 6311 + */ + EXT_IKE_MESSAGE_ID_SYNC = (1<<14), }; /** diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 1e47144dc..53daaf2ad 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -417,6 +417,9 @@ METHOD(task_t, build_i, status_t, /* indicate support for EAP-only authentication */ message->add_notify(message, FALSE, EAP_ONLY_AUTHENTICATION, chunk_empty); + /* indicate support for RFC 6311 Message ID synchronization */ + message->add_notify(message, FALSE, IKEV2_MESSAGE_ID_SYNC_SUPPORTED, + chunk_empty); } if (!this->do_another_auth && !this->my_auth) @@ -992,6 +995,10 @@ METHOD(task_t, process_i, status_t, DBG1(DBG_IKE, "received invalid REDIRECT notify"); } break; + case IKEV2_MESSAGE_ID_SYNC_SUPPORTED: + this->ike_sa->enable_extension(this->ike_sa, + EXT_IKE_MESSAGE_ID_SYNC); + break; default: { if (type <= 16383) |