Raise an alert on traffic selector mismatch

2 files changed, 5 insertions, 0 deletions

diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 4b6d3ec8b..aabc0fed0 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -111,6 +111,9 @@ enum alert_t {
 	ALERT_PROPOSAL_MISMATCH_IKE,
 	/** CHILD proposals do not match, argument is linked_list_t of proposal_t */
 	ALERT_PROPOSAL_MISMATCH_CHILD,
+	/** traffic selectors do not match, arguments are two linked_list_t
+	 *  containing traffic_selector_t for initiator and for responder */
+	ALERT_TS_MISMATCH,
 	/** IKE_SA deleted because of "replace" unique policy, no argument */
 	ALERT_UNIQUE_REPLACE,
 	/** IKE_SA deleted because of "keep" unique policy, no arguement */
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index f9f719acc..0ded7fcfc 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -454,6 +454,7 @@ static status_t select_and_install(private_child_create_t *this,
 
 	if (my_ts->get_count(my_ts) == 0 || other_ts->get_count(other_ts) == 0)
 	{
+		charon->bus->alert(charon->bus, ALERT_TS_MISMATCH, this->tsi, this->tsr);
 		my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy));
 		other_ts->destroy_offset(other_ts, offsetof(traffic_selector_t, destroy));
 		DBG1(DBG_IKE, "no acceptable traffic selectors found");
@@ -1042,6 +1043,7 @@ METHOD(task_t, build_r, status_t,
 	{
 		DBG1(DBG_IKE, "traffic selectors %#R=== %#R inacceptable",
 			 this->tsr, this->tsi);
+		charon->bus->alert(charon->bus, ALERT_TS_MISMATCH, this->tsi, this->tsr);
 		message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty);
 		handle_child_sa_failure(this, message);
 		return SUCCESS;