summaryrefslogtreecommitdiffstats
path: root/src/plugins/ikev2/ikev2_priv.h
diff options
context:
space:
mode:
authorAtzm Watanabe <atzmism@gmail.com>2022-08-18 17:57:53 +0900
committerBeno�t Ganne <bganne@cisco.com>2024-02-09 14:19:31 +0000
commitd4f405a70f28f6e5399a503c91da7ae8f90f94af (patch)
treea148ea35049fc74757e2f91fc1720bed015517e1 /src/plugins/ikev2/ikev2_priv.h
parentd9b4d9fb1ff1319c5e24800780a24e15a24cbb2f (diff)
ikev2: accept rekey request for IKE SA
RFC 7296 describes the way to rekey IKE SAs: to rekey an IKE SA, establish a new equivalent IKE SA with the peer to whom the old IKE SA is shared using a CREATE_CHILD_SA within the existing IKE SA. An IKE SA so created inherits all of the original IKE SA's Child SAs, and the new IKE SA is used for all control messages needed to maintain those Child SAs. Type: improvement Signed-off-by: Atzm Watanabe <atzmism@gmail.com> Change-Id: Icdf43b67c38bf183913a28a08a85236ba16343af
Diffstat (limited to 'src/plugins/ikev2/ikev2_priv.h')
-rw-r--r--src/plugins/ikev2/ikev2_priv.h25
1 files changed, 22 insertions, 3 deletions
diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index dca2fe80c57..a11538f92c7 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -243,7 +243,7 @@ typedef struct
{
u8 proposal_num;
ikev2_protocol_id_t protocol_id:8;
- u32 spi;
+ u64 spi;
ikev2_sa_transform_t *transforms;
} ikev2_sa_proposal_t;
@@ -330,6 +330,22 @@ typedef struct
typedef struct
{
+ u16 notify_type;
+ u16 dh_group;
+ u64 ispi;
+ u64 rspi;
+ u8 *i_nonce;
+ u8 *r_nonce;
+ u8 *dh_shared_key;
+ u8 *dh_private_key;
+ u8 *i_dh_data;
+ u8 *r_dh_data;
+ ikev2_sa_proposal_t *i_proposals;
+ ikev2_sa_proposal_t *r_proposals;
+} ikev2_sa_rekey_t;
+
+typedef struct
+{
u16 msg_type;
u8 protocol_id;
u32 spi;
@@ -432,6 +448,9 @@ typedef struct
ikev2_rekey_t *new_child;
+ /* pending sa rekeyings */
+ ikev2_sa_rekey_t *sa_rekey;
+
/* packet data */
u8 *last_sa_init_req_packet_data;
u8 *last_sa_init_res_packet_data;
@@ -601,8 +620,8 @@ void ikev2_payload_add_notify (ikev2_payload_chain_t * c, u16 msg_type,
u8 * data);
void ikev2_payload_add_notify_2 (ikev2_payload_chain_t * c, u16 msg_type,
u8 * data, ikev2_notify_t * notify);
-void ikev2_payload_add_sa (ikev2_payload_chain_t * c,
- ikev2_sa_proposal_t * proposals);
+void ikev2_payload_add_sa (ikev2_payload_chain_t *c,
+ ikev2_sa_proposal_t *proposals, u8 force_spi);
void ikev2_payload_add_ke (ikev2_payload_chain_t * c, u16 dh_group,
u8 * dh_data);
void ikev2_payload_add_nonce (ikev2_payload_chain_t * c, u8 * nonce);