From c65921f7744a0da09ede876b6588628e3a188529 Mon Sep 17 00:00:00 2001
From: Atzm Watanabe <atzmism@gmail.com>
Date: Fri, 12 Aug 2022 14:29:31 +0900
Subject: ikev2: accept key exchange on CREATE_CHILD_SA

In RFC 7296, CREATE_CHILD_SA Exchange may contain the KE payload
to enable stronger guarantees of forward secrecy.
When the KEi payload is included in the CREATE_CHILD_SA request,
responder should reply with the KEr payload and complete the key
exchange, in accordance with the RFC.

Type: improvement
Signed-off-by: Atzm Watanabe <atzmism@gmail.com>
Change-Id: I13cf6cf24359c11c3366757e585195bb7e999638
---
 src/plugins/ikev2/ikev2_priv.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/plugins/ikev2/ikev2_priv.h')

diff --git a/src/plugins/ikev2/ikev2_priv.h b/src/plugins/ikev2/ikev2_priv.h
index 379b68dbdfc..4ce147890d5 100644
--- a/src/plugins/ikev2/ikev2_priv.h
+++ b/src/plugins/ikev2/ikev2_priv.h
@@ -313,6 +313,7 @@ typedef struct
 typedef struct
 {
   u16 notify_type;
+  u8 kex;
   u8 protocol_id;
   u32 spi;
   u32 ispi;
-- 
cgit 1.2.3-korg