replaced the COOKIE notify payload in connectivity checks with a ME_CONNECTAUTH notify payload

author: Tobias Brunner <tobias@strongswan.org> 2008-03-27 09:54:09 +0000
committer: Tobias Brunner <tobias@strongswan.org> 2008-03-27 09:54:09 +0000
commit: b0dee635d23d969b76537b37ec20a715b5f76adf (patch)
tree: 7839d3d0fa0ec05bec331107c03c7272ebb32f95 /src
parent: f957f7dfb32b18fd483285fa7feabd8514d34216 (diff)
download: strongswan-b0dee635d23d969b76537b37ec20a715b5f76adf.tar.bz2
strongswan-b0dee635d23d969b76537b37ec20a715b5f76adf.tar.xz
3 files changed, 21 insertions, 17 deletions
diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c
index 975cc6d43..a893ab42a 100644
--- a/src/charon/encoding/payloads/notify_payload.c
+++ b/src/charon/encoding/payloads/notify_payload.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2008 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -85,6 +85,7 @@ ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
 	"ME_CALLBACK",
 	"ME_CONNECTID",
 	"ME_CONNECTKEY",
+	"ME_CONNECTAUTH",
 	"ME_RESPONSE");
 ENUM_END(notify_type_names, ME_RESPONSE);
 
@@ -148,6 +149,7 @@ ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
 	"ME_CB",
 	"ME_CID",
 	"ME_CKEY",
+	"ME_CAUTH",
 	"ME_R");
 ENUM_END(notify_type_short_names, ME_RESPONSE);
 
@@ -288,6 +290,7 @@ static status_t verify(private_notify_payload_t *this)
 		}
 		case NAT_DETECTION_SOURCE_IP:
 		case NAT_DETECTION_DESTINATION_IP:
+		case ME_CONNECTAUTH:
 		{
 			if (this->notification_data.len != HASH_SIZE_SHA1)
 			{
diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h
index 5677bb563..c2287dd2f 100644
--- a/src/charon/encoding/payloads/notify_payload.h
+++ b/src/charon/encoding/payloads/notify_payload.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2008 Tobias Brunner
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
@@ -99,7 +99,8 @@ enum notify_type_t {
 	ME_CALLBACK = 40964,
 	ME_CONNECTID = 40965,
 	ME_CONNECTKEY = 40966,
-	ME_RESPONSE = 40967
+	ME_CONNECTAUTH = 40967,
+	ME_RESPONSE = 40968
 };
 
 /**
diff --git a/src/charon/sa/connect_manager.c b/src/charon/sa/connect_manager.c
index c0f49713e..be6fed745 100644
--- a/src/charon/sa/connect_manager.c
+++ b/src/charon/sa/connect_manager.c
@@ -344,8 +344,8 @@ struct check_t {
 	/** raw endpoint payload (to verify the signature) */
 	chunk_t endpoint_raw;
 	
-    /** cookie */
-    chunk_t cookie;
+    /** connect auth */
+    chunk_t auth;
 };
 
 /**
@@ -355,7 +355,7 @@ static void check_destroy(check_t *this)
 {
 	chunk_free(&this->connect_id);
 	chunk_free(&this->endpoint_raw);
-	chunk_free(&this->cookie);
+	chunk_free(&this->auth);
 	DESTROY_IF(this->endpoint);
 	free(this);
 }
@@ -368,7 +368,7 @@ static check_t *check_create()
 	check_t *this = malloc_thing(check_t);
 	
 	this->connect_id = chunk_empty;
-	this->cookie = chunk_empty;
+	this->auth = chunk_empty;
 	this->endpoint_raw = chunk_empty;
 	this->endpoint = NULL;
 	
@@ -863,15 +863,15 @@ static status_t process_payloads(message_t *message, check_t *check)
 				DBG2(DBG_IKE, "received ME_CONNECTID %#B", &check->connect_id);
 				break;
 			}
-			case COOKIE:
+			case ME_CONNECTAUTH:
 			{
-				if (check->cookie.ptr)
+				if (check->auth.ptr)
 				{
-					DBG1(DBG_IKE, "connectivity check contains multiple COOKIE notifies");
+					DBG1(DBG_IKE, "connectivity check contains multiple ME_CONNECTAUTH notifies");
 					break;
 				}
-				check->cookie = chunk_clone(notify->get_notification_data(notify));
-				DBG2(DBG_IKE, "received COOKIE %#B", &check->cookie);
+				check->auth = chunk_clone(notify->get_notification_data(notify));
+				DBG2(DBG_IKE, "received ME_CONNECTAUTH %#B", &check->auth);
 				break;
 			}
 			default:
@@ -880,7 +880,7 @@ static status_t process_payloads(message_t *message, check_t *check)
 	}
 	iterator->destroy(iterator);
 	
-	if (!check->connect_id.ptr || !check->endpoint || !check->cookie.ptr)
+	if (!check->connect_id.ptr || !check->endpoint || !check->auth.ptr)
 	{
 		DBG1(DBG_IKE, "at least one payload was missing from the connectivity check");
 		return FAILED;
@@ -1014,9 +1014,9 @@ static void send_check(private_connect_manager_t *this, check_list_t *checklist,
 	message->add_payload(message, (payload_t*)endpoint);
 	DBG2(DBG_IKE, "send ME_ENDPOINT notify");
 	
-	check->cookie = build_signature(this, checklist, check, TRUE);
-	message->add_notify(message, FALSE, COOKIE, check->cookie);
-	DBG2(DBG_IKE, "send COOKIE %#B", &check->cookie);
+	check->auth = build_signature(this, checklist, check, TRUE);
+	message->add_notify(message, FALSE, ME_CONNECTAUTH, check->auth);
+	DBG2(DBG_IKE, "send ME_CONNECTAUTH %#B", &check->auth);
 	
 	packet_t *packet;
 	if (message->generate(message, NULL, NULL, &packet) == SUCCESS)
@@ -1334,7 +1334,7 @@ static void process_check(private_connect_manager_t *this, message_t *message)
 	}
 	
 	chunk_t sig = build_signature(this, checklist, check, FALSE); 
-	if (!chunk_equals(sig, check->cookie))
+	if (!chunk_equals(sig, check->auth))
 	{
 		DBG1(DBG_IKE, "connectivity check verification failed");
 		check_destroy(check);
author	Tobias Brunner <tobias@strongswan.org>	2008-03-27 09:54:09 +0000
committer	Tobias Brunner <tobias@strongswan.org>	2008-03-27 09:54:09 +0000
commit	b0dee635d23d969b76537b37ec20a715b5f76adf (patch)
tree	7839d3d0fa0ec05bec331107c03c7272ebb32f95 /src
parent	f957f7dfb32b18fd483285fa7feabd8514d34216 (diff)
download	strongswan-b0dee635d23d969b76537b37ec20a715b5f76adf.tar.bz2 strongswan-b0dee635d23d969b76537b37ec20a715b5f76adf.tar.xz