2007-04-10 06:01:03 +00:00
|
|
|
/*
|
2009-08-27 09:27:10 +00:00
|
|
|
* Copyright (C) 2008-2009 Tobias Brunner
|
2007-04-10 06:01:03 +00:00
|
|
|
* Copyright (C) 2005-2007 Martin Willi
|
|
|
|
* Copyright (C) 2005 Jan Hutter
|
|
|
|
* Hochschule fuer Technik Rapperswil
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the
|
|
|
|
* Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* for more details.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "child_cfg.h"
|
|
|
|
|
2010-06-15 08:57:12 +00:00
|
|
|
#include <stdint.h>
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
#include <daemon.h>
|
|
|
|
|
2008-04-11 08:14:48 +00:00
|
|
|
ENUM(action_names, ACTION_NONE, ACTION_RESTART,
|
2008-07-02 10:48:57 +00:00
|
|
|
"clear",
|
|
|
|
"hold",
|
|
|
|
"restart",
|
2008-04-11 08:14:48 +00:00
|
|
|
);
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
typedef struct private_child_cfg_t private_child_cfg_t;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Private data of an child_cfg_t object
|
|
|
|
*/
|
|
|
|
struct private_child_cfg_t {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Public part
|
|
|
|
*/
|
|
|
|
child_cfg_t public;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
|
|
|
* Number of references hold by others to this child_cfg
|
|
|
|
*/
|
|
|
|
refcount_t refcount;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
|
|
|
* Name of the child_cfg, used to query it
|
|
|
|
*/
|
|
|
|
char *name;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
|
|
|
* list for all proposals
|
|
|
|
*/
|
|
|
|
linked_list_t *proposals;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
|
|
|
* list for traffic selectors for my site
|
|
|
|
*/
|
|
|
|
linked_list_t *my_ts;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
|
|
|
* list for traffic selectors for others site
|
|
|
|
*/
|
|
|
|
linked_list_t *other_ts;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
|
|
|
* updown script
|
|
|
|
*/
|
|
|
|
char *updown;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
|
|
|
* allow host access
|
|
|
|
*/
|
|
|
|
bool hostaccess;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
|
|
|
* Mode to propose for a initiated CHILD: tunnel/transport
|
|
|
|
*/
|
2008-09-25 13:56:23 +00:00
|
|
|
ipsec_mode_t mode;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2010-11-28 10:57:49 +00:00
|
|
|
/**
|
|
|
|
* action to take to start CHILD_SA
|
|
|
|
*/
|
|
|
|
action_t start_action;
|
|
|
|
|
2008-04-11 08:14:48 +00:00
|
|
|
/**
|
2008-04-14 08:17:18 +00:00
|
|
|
* action to take on DPD
|
2008-04-11 08:14:48 +00:00
|
|
|
*/
|
2008-04-14 08:17:18 +00:00
|
|
|
action_t dpd_action;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2008-04-14 08:17:18 +00:00
|
|
|
/**
|
|
|
|
* action to take on CHILD_SA close
|
|
|
|
*/
|
|
|
|
action_t close_action;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/**
|
2009-08-27 09:27:10 +00:00
|
|
|
* CHILD_SA lifetime config
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2009-08-28 15:04:35 +00:00
|
|
|
lifetime_cfg_t lifetime;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2008-05-08 16:19:11 +00:00
|
|
|
/**
|
|
|
|
* enable IPComp
|
|
|
|
*/
|
|
|
|
bool use_ipcomp;
|
2008-11-11 06:29:25 +00:00
|
|
|
|
2010-01-27 14:47:08 +00:00
|
|
|
/**
|
|
|
|
* Inactivity timeout
|
|
|
|
*/
|
|
|
|
u_int32_t inactivity;
|
|
|
|
|
2010-04-22 15:03:29 +00:00
|
|
|
/**
|
2010-07-02 21:45:57 +00:00
|
|
|
* Reqid to install CHILD_SA with
|
2010-04-22 15:03:29 +00:00
|
|
|
*/
|
|
|
|
u_int32_t reqid;
|
|
|
|
|
2010-07-02 21:45:57 +00:00
|
|
|
/**
|
|
|
|
* Optional mark to install inbound CHILD_SA with
|
|
|
|
*/
|
|
|
|
mark_t mark_in;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Optional mark to install outbound CHILD_SA with
|
|
|
|
*/
|
|
|
|
mark_t mark_out;
|
2010-12-08 12:41:04 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Traffic Flow Confidentiality padding, if enabled
|
|
|
|
*/
|
|
|
|
u_int32_t tfc;
|
|
|
|
|
2008-11-11 06:29:25 +00:00
|
|
|
/**
|
|
|
|
* set up IPsec transport SA in MIPv6 proxy mode
|
|
|
|
*/
|
|
|
|
bool proxy_mode;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* enable installation and removal of kernel IPsec policies
|
|
|
|
*/
|
|
|
|
bool install_policy;
|
2007-04-10 06:01:03 +00:00
|
|
|
};
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_name, char*,
|
|
|
|
private_child_cfg_t *this)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
return this->name;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, add_proposal, void,
|
|
|
|
private_child_cfg_t *this, proposal_t *proposal)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
this->proposals->insert_last(this->proposals, proposal);
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_proposals, linked_list_t*,
|
|
|
|
private_child_cfg_t *this, bool strip_dh)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
enumerator_t *enumerator;
|
2007-04-10 06:01:03 +00:00
|
|
|
proposal_t *current;
|
|
|
|
linked_list_t *proposals = linked_list_create();
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2008-03-26 10:06:45 +00:00
|
|
|
enumerator = this->proposals->create_enumerator(this->proposals);
|
|
|
|
while (enumerator->enumerate(enumerator, ¤t))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
current = current->clone(current);
|
2007-04-19 08:02:19 +00:00
|
|
|
if (strip_dh)
|
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
current->strip_dh(current);
|
2007-04-19 08:02:19 +00:00
|
|
|
}
|
2007-04-10 06:01:03 +00:00
|
|
|
proposals->insert_last(proposals, current);
|
|
|
|
}
|
2008-03-26 10:06:45 +00:00
|
|
|
enumerator->destroy(enumerator);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2012-08-08 08:05:47 +00:00
|
|
|
DBG2(DBG_CFG, "configured proposals: %#P", proposals);
|
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
return proposals;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, select_proposal, proposal_t*,
|
|
|
|
private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh,
|
|
|
|
bool private)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
enumerator_t *stored_enum, *supplied_enum;
|
2007-04-10 06:01:03 +00:00
|
|
|
proposal_t *stored, *supplied, *selected = NULL;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2008-03-26 10:06:45 +00:00
|
|
|
stored_enum = this->proposals->create_enumerator(this->proposals);
|
|
|
|
supplied_enum = proposals->create_enumerator(proposals);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/* compare all stored proposals with all supplied. Stored ones are preferred. */
|
2008-03-26 10:06:45 +00:00
|
|
|
while (stored_enum->enumerate(stored_enum, &stored))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2007-04-23 12:59:10 +00:00
|
|
|
stored = stored->clone(stored);
|
2008-03-26 10:06:45 +00:00
|
|
|
while (supplied_enum->enumerate(supplied_enum, &supplied))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2007-04-19 08:02:19 +00:00
|
|
|
if (strip_dh)
|
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
stored->strip_dh(stored);
|
2007-04-19 08:02:19 +00:00
|
|
|
}
|
2010-01-07 10:07:53 +00:00
|
|
|
selected = stored->select(stored, supplied, private);
|
2007-04-10 06:01:03 +00:00
|
|
|
if (selected)
|
|
|
|
{
|
2008-06-12 11:42:19 +00:00
|
|
|
DBG2(DBG_CFG, "received proposals: %#P", proposals);
|
|
|
|
DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
|
|
|
|
DBG2(DBG_CFG, "selected proposal: %P", selected);
|
2007-04-10 06:01:03 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2007-04-23 12:59:10 +00:00
|
|
|
stored->destroy(stored);
|
2007-04-10 06:01:03 +00:00
|
|
|
if (selected)
|
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
2008-03-26 10:06:45 +00:00
|
|
|
supplied_enum->destroy(supplied_enum);
|
2009-09-04 11:46:09 +00:00
|
|
|
supplied_enum = proposals->create_enumerator(proposals);
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
2008-03-26 10:06:45 +00:00
|
|
|
stored_enum->destroy(stored_enum);
|
|
|
|
supplied_enum->destroy(supplied_enum);
|
2008-06-12 11:42:19 +00:00
|
|
|
if (selected == NULL)
|
|
|
|
{
|
|
|
|
DBG1(DBG_CFG, "received proposals: %#P", proposals);
|
|
|
|
DBG1(DBG_CFG, "configured proposals: %#P", this->proposals);
|
|
|
|
}
|
2007-04-10 06:01:03 +00:00
|
|
|
return selected;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, add_traffic_selector, void,
|
|
|
|
private_child_cfg_t *this, bool local, traffic_selector_t *ts)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
if (local)
|
|
|
|
{
|
|
|
|
this->my_ts->insert_last(this->my_ts, ts);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
this->other_ts->insert_last(this->other_ts, ts);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
|
2012-09-18 10:46:36 +00:00
|
|
|
private_child_cfg_t *this, bool local, linked_list_t *supplied,
|
|
|
|
linked_list_t *hosts)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
enumerator_t *e1, *e2;
|
2007-04-10 06:01:03 +00:00
|
|
|
traffic_selector_t *ts1, *ts2, *selected;
|
2012-09-18 10:46:36 +00:00
|
|
|
linked_list_t *result, *derived;
|
|
|
|
host_t *host;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2012-09-18 10:46:36 +00:00
|
|
|
result = linked_list_create();
|
|
|
|
derived = linked_list_create();
|
2007-04-10 06:01:03 +00:00
|
|
|
if (local)
|
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
e1 = this->my_ts->create_enumerator(this->my_ts);
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
e1 = this->other_ts->create_enumerator(this->other_ts);
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
2012-09-18 10:46:36 +00:00
|
|
|
/* In a first step, replace "dynamic" TS with the host list */
|
|
|
|
while (e1->enumerate(e1, &ts1))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2012-09-21 16:13:42 +00:00
|
|
|
if (hosts && hosts->get_count(hosts) &&
|
|
|
|
ts1->is_dynamic(ts1))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2012-09-21 16:13:42 +00:00
|
|
|
e2 = hosts->create_enumerator(hosts);
|
|
|
|
while (e2->enumerate(e2, &host))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2012-09-21 16:13:42 +00:00
|
|
|
ts2 = ts1->clone(ts1);
|
|
|
|
ts2->set_address(ts2, host);
|
|
|
|
derived->insert_last(derived, ts2);
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
2012-09-21 16:13:42 +00:00
|
|
|
e2->destroy(e2);
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
2012-09-18 10:46:36 +00:00
|
|
|
else
|
|
|
|
{
|
|
|
|
derived->insert_last(derived, ts1->clone(ts1));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
e1->destroy(e1);
|
|
|
|
|
|
|
|
DBG2(DBG_CFG, "%s traffic selectors for %s:",
|
|
|
|
supplied ? "selecting" : "proposing", local ? "us" : "other");
|
|
|
|
if (supplied == NULL)
|
|
|
|
{
|
|
|
|
while (derived->remove_first(derived, (void**)&ts1) == SUCCESS)
|
|
|
|
{
|
|
|
|
DBG2(DBG_CFG, " %R", ts1);
|
|
|
|
result->insert_last(result, ts1);
|
|
|
|
}
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2012-09-18 10:46:36 +00:00
|
|
|
e1 = supplied->create_enumerator(supplied);
|
|
|
|
/* enumerate all configured/derived selectors */
|
|
|
|
while (derived->remove_first(derived, (void**)&ts1) == SUCCESS)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2012-09-18 10:46:36 +00:00
|
|
|
/* enumerate all supplied traffic selectors */
|
|
|
|
while (e1->enumerate(e1, &ts2))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
selected = ts1->get_subset(ts1, ts2);
|
|
|
|
if (selected)
|
|
|
|
{
|
2007-10-02 07:39:56 +00:00
|
|
|
DBG2(DBG_CFG, " config: %R, received: %R => match: %R",
|
|
|
|
ts1, ts2, selected);
|
2007-04-10 06:01:03 +00:00
|
|
|
result->insert_last(result, selected);
|
2007-10-02 07:39:56 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
DBG2(DBG_CFG, " config: %R, received: %R => no match",
|
2009-02-11 16:41:37 +00:00
|
|
|
ts1, ts2);
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
|
|
|
}
|
2012-09-18 10:46:36 +00:00
|
|
|
supplied->reset_enumerator(supplied, e1);
|
2007-04-10 06:01:03 +00:00
|
|
|
ts1->destroy(ts1);
|
|
|
|
}
|
2008-03-26 10:06:45 +00:00
|
|
|
e1->destroy(e1);
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
2012-09-18 10:46:36 +00:00
|
|
|
derived->destroy(derived);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
/* remove any redundant traffic selectors in the list */
|
2008-03-26 10:06:45 +00:00
|
|
|
e1 = result->create_enumerator(result);
|
|
|
|
e2 = result->create_enumerator(result);
|
|
|
|
while (e1->enumerate(e1, &ts1))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
while (e2->enumerate(e2, &ts2))
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
if (ts1 != ts2)
|
|
|
|
{
|
|
|
|
if (ts2->is_contained_in(ts2, ts1))
|
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
result->remove_at(result, e2);
|
2007-04-10 06:01:03 +00:00
|
|
|
ts2->destroy(ts2);
|
2012-09-18 10:46:36 +00:00
|
|
|
result->reset_enumerator(result, e1);
|
2007-04-10 06:01:03 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (ts1->is_contained_in(ts1, ts2))
|
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
result->remove_at(result, e1);
|
2007-04-10 06:01:03 +00:00
|
|
|
ts1->destroy(ts1);
|
2012-09-18 10:46:36 +00:00
|
|
|
result->reset_enumerator(result, e2);
|
2007-04-10 06:01:03 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2008-03-26 10:06:45 +00:00
|
|
|
e1->destroy(e1);
|
|
|
|
e2->destroy(e2);
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2007-04-10 06:01:03 +00:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_updown, char*,
|
|
|
|
private_child_cfg_t *this)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
return this->updown;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_hostaccess, bool,
|
|
|
|
private_child_cfg_t *this)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
return this->hostaccess;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2009-08-27 09:27:10 +00:00
|
|
|
* Applies jitter to the rekey value. Returns the new rekey value.
|
|
|
|
* Note: The distribution of random values is not perfect, but it
|
|
|
|
* should get the job done.
|
2007-04-10 06:01:03 +00:00
|
|
|
*/
|
2009-08-27 09:27:10 +00:00
|
|
|
static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2009-08-27 09:27:10 +00:00
|
|
|
if (jitter == 0)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2009-08-27 09:27:10 +00:00
|
|
|
return rekey;
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
2009-08-27 09:27:10 +00:00
|
|
|
jitter = (jitter == UINT64_MAX) ? jitter : jitter + 1;
|
|
|
|
return rekey - jitter * (random() / (RAND_MAX + 1.0));
|
|
|
|
}
|
2009-08-28 15:04:35 +00:00
|
|
|
#define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter)
|
2009-08-27 09:27:10 +00:00
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*,
|
|
|
|
private_child_cfg_t *this)
|
2009-08-27 09:27:10 +00:00
|
|
|
{
|
|
|
|
lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t);
|
2009-08-28 15:04:35 +00:00
|
|
|
memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t));
|
|
|
|
APPLY_JITTER(lft->time);
|
|
|
|
APPLY_JITTER(lft->bytes);
|
|
|
|
APPLY_JITTER(lft->packets);
|
2009-08-27 09:27:10 +00:00
|
|
|
return lft;
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_mode, ipsec_mode_t,
|
|
|
|
private_child_cfg_t *this)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
return this->mode;
|
|
|
|
}
|
|
|
|
|
2010-11-28 10:57:49 +00:00
|
|
|
METHOD(child_cfg_t, get_start_action, action_t,
|
|
|
|
private_child_cfg_t *this)
|
|
|
|
{
|
|
|
|
return this->start_action;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_dpd_action, action_t,
|
|
|
|
private_child_cfg_t *this)
|
2008-04-14 08:17:18 +00:00
|
|
|
{
|
|
|
|
return this->dpd_action;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_close_action, action_t,
|
|
|
|
private_child_cfg_t *this)
|
2008-04-11 08:14:48 +00:00
|
|
|
{
|
2008-04-14 08:17:18 +00:00
|
|
|
return this->close_action;
|
2008-04-11 08:14:48 +00:00
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t,
|
|
|
|
private_child_cfg_t *this)
|
2007-04-19 08:02:19 +00:00
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
enumerator_t *enumerator;
|
2007-04-19 08:02:19 +00:00
|
|
|
proposal_t *proposal;
|
2008-03-26 10:06:45 +00:00
|
|
|
u_int16_t dh_group = MODP_NONE;
|
2009-09-04 11:46:09 +00:00
|
|
|
|
2008-03-26 10:06:45 +00:00
|
|
|
enumerator = this->proposals->create_enumerator(this->proposals);
|
|
|
|
while (enumerator->enumerate(enumerator, &proposal))
|
2007-04-19 08:02:19 +00:00
|
|
|
{
|
2008-03-26 10:06:45 +00:00
|
|
|
if (proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, &dh_group, NULL))
|
2007-04-19 08:02:19 +00:00
|
|
|
{
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2008-03-26 10:06:45 +00:00
|
|
|
enumerator->destroy(enumerator);
|
2007-04-19 08:02:19 +00:00
|
|
|
return dh_group;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, use_ipcomp, bool,
|
|
|
|
private_child_cfg_t *this)
|
2008-05-08 16:19:11 +00:00
|
|
|
{
|
|
|
|
return this->use_ipcomp;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_inactivity, u_int32_t,
|
|
|
|
private_child_cfg_t *this)
|
2010-01-27 14:47:08 +00:00
|
|
|
{
|
|
|
|
return this->inactivity;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_reqid, u_int32_t,
|
|
|
|
private_child_cfg_t *this)
|
2010-04-22 15:03:29 +00:00
|
|
|
{
|
|
|
|
return this->reqid;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_mark, mark_t,
|
|
|
|
private_child_cfg_t *this, bool inbound)
|
2010-07-02 21:45:57 +00:00
|
|
|
{
|
|
|
|
return inbound ? this->mark_in : this->mark_out;
|
|
|
|
}
|
|
|
|
|
2010-12-08 12:41:04 +00:00
|
|
|
METHOD(child_cfg_t, get_tfc, u_int32_t,
|
|
|
|
private_child_cfg_t *this)
|
|
|
|
{
|
|
|
|
return this->tfc;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, set_mipv6_options, void,
|
|
|
|
private_child_cfg_t *this, bool proxy_mode, bool install_policy)
|
2008-11-11 06:29:25 +00:00
|
|
|
{
|
|
|
|
this->proxy_mode = proxy_mode;
|
|
|
|
this->install_policy = install_policy;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, use_proxy_mode, bool,
|
|
|
|
private_child_cfg_t *this)
|
2008-11-11 06:29:25 +00:00
|
|
|
{
|
|
|
|
return this->proxy_mode;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, install_policy, bool,
|
|
|
|
private_child_cfg_t *this)
|
2008-11-11 06:29:25 +00:00
|
|
|
{
|
|
|
|
return this->install_policy;
|
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, get_ref, child_cfg_t*,
|
|
|
|
private_child_cfg_t *this)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
ref_get(&this->refcount);
|
2008-05-06 10:55:42 +00:00
|
|
|
return &this->public;
|
2007-04-10 06:01:03 +00:00
|
|
|
}
|
|
|
|
|
2010-11-26 15:32:15 +00:00
|
|
|
METHOD(child_cfg_t, destroy, void,
|
|
|
|
private_child_cfg_t *this)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
|
|
|
if (ref_put(&this->refcount))
|
|
|
|
{
|
|
|
|
this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy));
|
|
|
|
this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy));
|
|
|
|
this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy));
|
|
|
|
if (this->updown)
|
|
|
|
{
|
|
|
|
free(this->updown);
|
|
|
|
}
|
|
|
|
free(this->name);
|
|
|
|
free(this);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Described in header-file
|
|
|
|
*/
|
2009-08-27 09:27:10 +00:00
|
|
|
child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime,
|
|
|
|
char *updown, bool hostaccess,
|
2010-11-28 10:57:49 +00:00
|
|
|
ipsec_mode_t mode, action_t start_action,
|
|
|
|
action_t dpd_action, action_t close_action,
|
|
|
|
bool ipcomp, u_int32_t inactivity, u_int32_t reqid,
|
2010-12-08 12:41:04 +00:00
|
|
|
mark_t *mark_in, mark_t *mark_out, u_int32_t tfc)
|
2007-04-10 06:01:03 +00:00
|
|
|
{
|
2010-11-26 15:32:15 +00:00
|
|
|
private_child_cfg_t *this;
|
|
|
|
|
|
|
|
INIT(this,
|
|
|
|
.public = {
|
|
|
|
.get_name = _get_name,
|
|
|
|
.add_traffic_selector = _add_traffic_selector,
|
|
|
|
.get_traffic_selectors = _get_traffic_selectors,
|
|
|
|
.add_proposal = _add_proposal,
|
|
|
|
.get_proposals = _get_proposals,
|
|
|
|
.select_proposal = _select_proposal,
|
|
|
|
.get_updown = _get_updown,
|
|
|
|
.get_hostaccess = _get_hostaccess,
|
|
|
|
.get_mode = _get_mode,
|
2010-11-28 10:57:49 +00:00
|
|
|
.get_start_action = _get_start_action,
|
2010-11-26 15:32:15 +00:00
|
|
|
.get_dpd_action = _get_dpd_action,
|
|
|
|
.get_close_action = _get_close_action,
|
|
|
|
.get_lifetime = _get_lifetime,
|
|
|
|
.get_dh_group = _get_dh_group,
|
|
|
|
.set_mipv6_options = _set_mipv6_options,
|
|
|
|
.use_ipcomp = _use_ipcomp,
|
|
|
|
.get_inactivity = _get_inactivity,
|
|
|
|
.get_reqid = _get_reqid,
|
|
|
|
.get_mark = _get_mark,
|
2010-12-08 12:41:04 +00:00
|
|
|
.get_tfc = _get_tfc,
|
2010-11-26 15:32:15 +00:00
|
|
|
.use_proxy_mode = _use_proxy_mode,
|
|
|
|
.install_policy = _install_policy,
|
|
|
|
.get_ref = _get_ref,
|
|
|
|
.destroy = _destroy,
|
|
|
|
},
|
|
|
|
.name = strdup(name),
|
2010-12-15 11:15:12 +00:00
|
|
|
.updown = strdupnull(updown),
|
2010-11-26 15:32:15 +00:00
|
|
|
.hostaccess = hostaccess,
|
|
|
|
.mode = mode,
|
|
|
|
.start_action = start_action,
|
|
|
|
.dpd_action = dpd_action,
|
|
|
|
.close_action = close_action,
|
|
|
|
.use_ipcomp = ipcomp,
|
|
|
|
.inactivity = inactivity,
|
|
|
|
.reqid = reqid,
|
|
|
|
.proxy_mode = FALSE,
|
|
|
|
.install_policy = TRUE,
|
|
|
|
.refcount = 1,
|
|
|
|
.proposals = linked_list_create(),
|
|
|
|
.my_ts = linked_list_create(),
|
|
|
|
.other_ts = linked_list_create(),
|
2010-12-08 12:41:04 +00:00
|
|
|
.tfc = tfc,
|
2010-11-26 15:32:15 +00:00
|
|
|
);
|
2010-07-02 21:45:57 +00:00
|
|
|
|
2010-07-09 07:06:02 +00:00
|
|
|
if (mark_in)
|
2010-07-02 21:45:57 +00:00
|
|
|
{
|
2010-07-09 07:06:02 +00:00
|
|
|
this->mark_in = *mark_in;
|
|
|
|
}
|
|
|
|
if (mark_out)
|
|
|
|
{
|
|
|
|
this->mark_out = *mark_out;
|
2010-07-02 21:45:57 +00:00
|
|
|
}
|
2009-08-28 15:04:35 +00:00
|
|
|
memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t));
|
2007-04-10 06:01:03 +00:00
|
|
|
|
|
|
|
return &this->public;
|
|
|
|
}
|
2008-04-11 08:14:48 +00:00
|
|
|
|