ikev2: Negotiate support for IKE message ID synchronisation during IKE_AUTH

2 files changed, 12 insertions, 0 deletions

diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index e78f4deb9..c8ba2fd2a 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -151,6 +151,11 @@ enum ike_extension_t {
 	 * IKEv2 Redirect Mechanism, RFC 5685
 	 */
 	EXT_IKE_REDIRECTION = (1<<13),
+
+	/**
+	 * IKEv2 Message ID sync, RFC 6311
+	 */
+	EXT_IKE_MESSAGE_ID_SYNC = (1<<14),
 };
 
 /**
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 1e47144dc..53daaf2ad 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -417,6 +417,9 @@ METHOD(task_t, build_i, status_t,
 		/* indicate support for EAP-only authentication */
 		message->add_notify(message, FALSE, EAP_ONLY_AUTHENTICATION,
 							chunk_empty);
+		/* indicate support for RFC 6311 Message ID synchronization */
+		message->add_notify(message, FALSE, IKEV2_MESSAGE_ID_SYNC_SUPPORTED,
+							chunk_empty);
 	}
 
 	if (!this->do_another_auth && !this->my_auth)
@@ -992,6 +995,10 @@ METHOD(task_t, process_i, status_t,
 						DBG1(DBG_IKE, "received invalid REDIRECT notify");
 					}
 					break;
+				case IKEV2_MESSAGE_ID_SYNC_SUPPORTED:
+					this->ike_sa->enable_extension(this->ike_sa,
+												   EXT_IKE_MESSAGE_ID_SYNC);
+					break;
 				default:
 				{
 					if (type <= 16383)