Commit d0c36baef9 for strongswan.org
commit d0c36baef98ef16fffd90fc7b64e1eadde64be3a
Author: Tobias Brunner <tobias@strongswan.org>
Date: Tue Dec 9 10:08:35 2025 +0100
charon-cmd: Add support for childless IKE SA initiation
References strongswan/strongswan#1594
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index cb16600901..65e522765e 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -122,6 +122,11 @@ struct private_cmd_connection_t {
*/
bool key_seen;
+ /**
+ * Whether to use childless IKE SA initiation
+ */
+ childless_t childless;
+
/**
* Selected connection profile
*/
@@ -149,6 +154,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
.remote = this->host,
.remote_port = IKEV2_UDP_PORT,
.fragmentation = FRAGMENTATION_YES,
+ .childless = this->childless,
};
peer_cfg_create_t peer = {
.cert_policy = CERT_SEND_IF_ASKED,
@@ -542,6 +548,13 @@ METHOD(cmd_connection_t, handle, bool,
}
this->child_proposals->insert_last(this->child_proposals, proposal);
break;
+ case CMD_OPT_CHILDLESS:
+ this->childless = CHILDLESS_PREFER;
+ if (arg && streq("force", arg))
+ {
+ this->childless = CHILDLESS_FORCE;
+ }
+ break;
case CMD_OPT_PROFILE:
set_profile(this, arg);
break;
@@ -582,6 +595,7 @@ cmd_connection_t *cmd_connection_create()
.remote_ts = linked_list_create(),
.ike_proposals = linked_list_create(),
.child_proposals = linked_list_create(),
+ .childless = CHILDLESS_NEVER,
.profile = PROF_UNDEF,
);
diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c
index 8aa09050fb..6731177c3d 100644
--- a/src/charon-cmd/cmd/cmd_options.c
+++ b/src/charon-cmd/cmd/cmd_options.c
@@ -63,6 +63,10 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = {
"a single ESP proposal to offer instead of the default", {}},
{ CMD_OPT_AH_PROPOSAL, "ah-proposal", required_argument, "proposal",
"a single AH proposal to offer instead of the default", {}},
+ { CMD_OPT_CHILDLESS, "childless", optional_argument, "force",
+ "use childless IKE SA initiation if supported by the responder, ", {
+ "passing 'force' aborts if that's not the case",
+ }},
{ CMD_OPT_PROFILE, "profile", required_argument, "name",
"authentication profile to use, where name is one of:", {
" ikev2-pub, ikev2-eap, ikev2-pub-eap, ikev2-psk",
diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h
index 0fe2f5698f..47249181bb 100644
--- a/src/charon-cmd/cmd/cmd_options.h
+++ b/src/charon-cmd/cmd/cmd_options.h
@@ -48,6 +48,7 @@ enum cmd_option_type_t {
CMD_OPT_IKE_PROPOSAL,
CMD_OPT_AH_PROPOSAL,
CMD_OPT_ESP_PROPOSAL,
+ CMD_OPT_CHILDLESS,
CMD_OPT_PROFILE,
CMD_OPT_COUNT