diff options
| -rw-r--r-- | src/conftest/hooks/force_cookie.c | 2 | ||||
| -rw-r--r-- | src/conftest/hooks/unencrypted_notify.c | 2 | ||||
| -rw-r--r-- | src/libcharon/encoding/message.c | 52 | ||||
| -rw-r--r-- | src/libcharon/encoding/message.h | 45 | ||||
| -rw-r--r-- | src/libcharon/network/receiver.c | 2 | ||||
| -rw-r--r-- | src/libcharon/sa/connect_manager.c | 2 | ||||
| -rw-r--r-- | src/libcharon/sa/ike_sa.c | 2 | ||||
| -rw-r--r-- | src/libcharon/sa/task_manager.c | 4 |
8 files changed, 62 insertions, 49 deletions
diff --git a/src/conftest/hooks/force_cookie.c b/src/conftest/hooks/force_cookie.c index e34f82851..e2ccb66a8 100644 --- a/src/conftest/hooks/force_cookie.c +++ b/src/conftest/hooks/force_cookie.c @@ -68,7 +68,7 @@ METHOD(listener_t, message, bool, chunk_t data = chunk_from_thing("COOKIE test data"); DBG1(DBG_CFG, "sending COOKIE: %#B", &data); - response = message_create(); + response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); dst = message->get_source(message); src = message->get_destination(message); response->set_source(response, src->clone(src)); diff --git a/src/conftest/hooks/unencrypted_notify.c b/src/conftest/hooks/unencrypted_notify.c index 80bdc64b7..507f30cae 100644 --- a/src/conftest/hooks/unencrypted_notify.c +++ b/src/conftest/hooks/unencrypted_notify.c @@ -95,7 +95,7 @@ METHOD(listener_t, ike_updown, bool, DBG1(DBG_CFG, "injecting unencrypted INFORMATIONAL message"); - message = message_create(); + message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); message->set_message_id(message, this->id); message->set_ike_sa_id(message, ike_sa->get_id(ike_sa)); message->set_exchange_type(message, INFORMATIONAL); diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index 58b7df505..71ff4b068 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -687,6 +687,11 @@ struct private_message_t { bool is_request; /** + * The message is encrypted (IKEv1) + */ + bool is_encrypted; + + /** * Higher version supported? */ bool version_flag; @@ -694,7 +699,7 @@ struct private_message_t { /** * Reserved bits in IKE header */ - bool reserved[5]; + bool reserved[2]; /** * Sorting of message disabled? @@ -1422,13 +1427,15 @@ METHOD(message_t, parse_header, status_t, } DESTROY_IF(this->ike_sa_id); - this->ike_sa_id = ike_sa_id_create(ike_header->get_initiator_spi(ike_header), + this->ike_sa_id = ike_sa_id_create( + ike_header->get_initiator_spi(ike_header), ike_header->get_responder_spi(ike_header), ike_header->get_initiator_flag(ike_header)); this->exchange_type = ike_header->get_exchange_type(ike_header); this->message_id = ike_header->get_message_id(ike_header); this->is_request = !ike_header->get_response_flag(ike_header); + this->is_encrypted = ike_header->get_encryption_flag(ike_header); this->major_version = ike_header->get_maj_version(ike_header); this->minor_version = ike_header->get_min_version(ike_header); this->first_payload = ike_header->payload_interface.get_next_type( @@ -1442,19 +1449,12 @@ METHOD(message_t, parse_header, status_t, this->reserved[i] = *reserved; } } - DBG2(DBG_ENC, "parsed a %N %s", exchange_type_names, this->exchange_type, - this->is_request ? "request" : "response"); - ike_header->destroy(ike_header); - this->rule = get_message_rule(this); - if (!this->rule) - { - DBG1(DBG_ENC, "no message rules specified for a %N %s", - exchange_type_names, this->exchange_type, - this->is_request ? "request" : "response"); - } - return status; + DBG2(DBG_ENC, "parsed a %N %s header", exchange_type_names, + this->exchange_type, this->major_version == IKEV1_MAJOR_VERSION ? + "message" : (this->is_request ? "request" : "response")); + return SUCCESS; } /** @@ -1640,6 +1640,15 @@ METHOD(message_t, parse_body, status_t, DBG2(DBG_ENC, "parsing body of message, first payload is %N", payload_type_names, type); + this->rule = get_message_rule(this); + if (!this->rule) + { + DBG1(DBG_ENC, "no message rules specified for a %N %s", + exchange_type_names, this->exchange_type, + this->is_request ? "request" : "response"); + return PARSE_ERROR; + } + while (type != NO_PAYLOAD) { DBG2(DBG_ENC, "starting parsing a %N payload", @@ -1707,7 +1716,7 @@ METHOD(message_t, destroy, void, } /* - * Described in Header-File + * Described in header. */ message_t *message_create_from_packet(packet_t *packet) { @@ -1752,8 +1761,6 @@ message_t *message_create_from_packet(packet_t *packet) .get_packet_data = _get_packet_data, .destroy = _destroy, }, - .major_version = IKEV2_MAJOR_VERSION, - .minor_version = IKEV2_MINOR_VERSION, .exchange_type = EXCHANGE_TYPE_UNDEFINED, .is_request = TRUE, .first_payload = NO_PAYLOAD, @@ -1762,14 +1769,19 @@ message_t *message_create_from_packet(packet_t *packet) .parser = parser_create(packet->get_data(packet)), ); - return (&this->public); + return &this->public; } /* - * Described in Header. + * Described in header. */ -message_t *message_create() +message_t *message_create(int major, int minor) { - return message_create_from_packet(packet_create()); + message_t *this = message_create_from_packet(packet_create()); + + this->set_major_version(this, major); + this->set_minor_version(this, minor); + + return this; } diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index 0e78ea436..20f3c16d7 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2007 Tobias Brunner + * Copyright (C) 2006-2011 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -182,7 +182,7 @@ struct message_t { * all payloads to encrypt are added to the encryption payload, which is * always the last one. * - * @param payload payload to append + * @param payload payload to append */ void (*add_payload) (message_t *this, payload_t *payload); @@ -208,14 +208,14 @@ struct message_t { /** * Parses header of message. * - * Begins parisng of a message created via message_create_from_packet(). + * Begins parsing of a message created via message_create_from_packet(). * The parsing context is stored, so a subsequent call to parse_body() * will continue the parsing process. * * @return - * - SUCCESS if header could be parsed + * - SUCCESS if header could be parsed * - PARSE_ERROR if corrupted/invalid data found - * - FAILED if consistence check of header failed + * - FAILED if consistency check of header failed */ status_t (*parse_header) (message_t *this); @@ -230,11 +230,11 @@ struct message_t { * * @param aead aead transform to verify/decrypt message * @return - * - SUCCESS if parsing successful + * - SUCCESS if parsing successful * - PARSE_ERROR if message parsing failed - * - VERIFY_ERROR if message verification failed (bad syntax) - * - FAILED if integrity check failed - * - INVALID_STATE if aead not supplied, but needed + * - VERIFY_ERROR if message verification failed (bad syntax) + * - FAILED if integrity check failed + * - INVALID_STATE if aead not supplied, but needed */ status_t (*parse_body) (message_t *this, aead_t *aead); @@ -250,10 +250,10 @@ struct message_t { * @param aead aead transform to encrypt/sign message * @param packet copy of generated packet * @return - * - SUCCESS if packet could be generated - * - INVALID_STATE if exchange type is currently not set - * - NOT_FOUND if no rules found for message generation - * - INVALID_STATE if aead not supplied but needed. + * - SUCCESS if packet could be generated + * - INVALID_STATE if exchange type is currently not set + * - NOT_FOUND if no rules found for message generation + * - INVALID_STATE if aead not supplied but needed. */ status_t (*generate) (message_t *this, aead_t *aead, packet_t **packet); @@ -278,7 +278,7 @@ struct message_t { * Sets the source host informations. * * @warning host_t object is not getting cloned and gets destroyed by - * message_t.destroy or next call of message_t.set_source. + * message_t.destroy or next call of message_t.set_source. * * @param host host_t object representing source host */ @@ -298,7 +298,7 @@ struct message_t { * Sets the destination host informations. * * @warning host_t object is not getting cloned and gets destroyed by - * message_t.destroy or next call of message_t.set_destination. + * message_t.destroy or next call of message_t.set_destination. * * @param host host_t object representing destination host */ @@ -357,26 +357,27 @@ struct message_t { }; /** - * Creates an message_t object from a incoming UDP Packet. + * Creates a message_t object from an incoming UDP packet. * * The given packet gets owned by the message. The message is uninitialized, * call parse_header() to populate header fields. * * @param packet packet_t object which is assigned to message - * @return message_t object + * @return message_t object */ -message_t * message_create_from_packet(packet_t *packet); - +message_t *message_create_from_packet(packet_t *packet); /** - * Creates an empty message_t object. + * Creates an empty message_t object for a specific major/minor version. * * - exchange_type is set to NOT_SET * - original_initiator is set to TRUE * - is_request is set to TRUE * - * @return message_t object + * @param major major IKE version of this message + * @param minor minor IKE version of this message + * @return message_t object */ -message_t * message_create(void); +message_t *message_create(int major, int minor); #endif /** MESSAGE_H_ @}*/ diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 3e75d9b04..2f024900e 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -144,7 +144,7 @@ static void send_notify(message_t *request, notify_type_t type, chunk_t data) packet_t *packet; ike_sa_id_t *ike_sa_id; - response = message_create(); + response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); dst = request->get_source(request); src = request->get_destination(request); response->set_source(response, src->clone(src)); diff --git a/src/libcharon/sa/connect_manager.c b/src/libcharon/sa/connect_manager.c index 7b6ca430f..31947aa7b 100644 --- a/src/libcharon/sa/connect_manager.c +++ b/src/libcharon/sa/connect_manager.c @@ -1028,7 +1028,7 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t * static void send_check(private_connect_manager_t *this, check_list_t *checklist, check_t *check, endpoint_pair_t *pair, bool request) { - message_t *message = message_create(); + message_t *message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); message->set_message_id(message, check->mid); message->set_exchange_type(message, INFORMATIONAL); message->set_request(message, request); diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 75868ab2c..29ce3ce81 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -926,7 +926,7 @@ static void send_notify_response(private_ike_sa_t *this, message_t *request, message_t *response; packet_t *packet; - response = message_create(); + response = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); response->set_exchange_type(response, request->get_exchange_type(request)); response->set_request(response, FALSE); response->set_message_id(response, request->get_message_id(request)); diff --git a/src/libcharon/sa/task_manager.c b/src/libcharon/sa/task_manager.c index 473bf34f1..8a4e81ac2 100644 --- a/src/libcharon/sa/task_manager.c +++ b/src/libcharon/sa/task_manager.c @@ -425,7 +425,7 @@ METHOD(task_manager_t, initiate, status_t, me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); - message = message_create(); + message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); message->set_message_id(message, this->initiating.mid); message->set_source(message, me->clone(me)); message->set_destination(message, other->clone(other)); @@ -607,7 +607,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request) me = request->get_destination(request); other = request->get_source(request); - message = message_create(); + message = message_create(IKEV2_MAJOR_VERSION, IKEV2_MINOR_VERSION); message->set_exchange_type(message, request->get_exchange_type(request)); /* send response along the path the request came in */ message->set_source(message, me->clone(me)); |