Charon specific strongswan.conf options generalized.
This commit is contained in:
Tobias Brunner
parent
c6fd7549e8
commit
06cdeac25f
|
|
@ -21,7 +21,7 @@ LOCAL_SRC_FILES += $(call add_plugin, kernel-pfkey)
|
||||||
|
|
||||||
LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink)
|
LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink)
|
||||||
|
|
||||||
# build libcharon --------------------------------------------------------------
|
# build libhydra ---------------------------------------------------------------
|
||||||
|
|
||||||
LOCAL_C_INCLUDES += \
|
LOCAL_C_INCLUDES += \
|
||||||
$(libvstr_PATH) \
|
$(libvstr_PATH) \
|
||||||
|
|
|
||||||
|
|
@ -316,7 +316,8 @@ static status_t attach_ipsec_dev(char* name, char *phys_name)
|
||||||
}
|
}
|
||||||
|
|
||||||
mtu = lib->settings->get_int(lib->settings,
|
mtu = lib->settings->get_int(lib->settings,
|
||||||
"charon.plugins.kernel-klips.ipsec_dev_mtu", 0);
|
"%s.plugins.kernel-klips.ipsec_dev_mtu", 0,
|
||||||
|
hydra->daemon);
|
||||||
if (mtu <= 0)
|
if (mtu <= 0)
|
||||||
{
|
{
|
||||||
/* guess MTU as physical MTU - ESP overhead [- NAT-T overhead]
|
/* guess MTU as physical MTU - ESP overhead [- NAT-T overhead]
|
||||||
|
|
@ -1418,7 +1419,7 @@ static job_requeue_t receive_events(private_kernel_klips_ipsec_t *this)
|
||||||
* longer period than configured as hard limit, we wouldn't be able
|
* longer period than configured as hard limit, we wouldn't be able
|
||||||
* to rekey the SA and just receive the hard expire and thus delete
|
* to rekey the SA and just receive the hard expire and thus delete
|
||||||
* the SA.
|
* the SA.
|
||||||
* To avoid this behavior and to make charon behave as with the
|
* To avoid this behavior and to make the daemon behave as with the
|
||||||
* other kernel plugins, we implement the expiration of SAs
|
* other kernel plugins, we implement the expiration of SAs
|
||||||
* ourselves. */
|
* ourselves. */
|
||||||
break;
|
break;
|
||||||
|
|
@ -1532,7 +1533,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
|
||||||
rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen);
|
rng->get_bytes(rng, sizeof(spi_gen), (void*)&spi_gen);
|
||||||
rng->destroy(rng);
|
rng->destroy(rng);
|
||||||
|
|
||||||
/* charon's SPIs lie within the range from 0xc0000000 to 0xcFFFFFFF */
|
/* allocated SPIs lie within the range from 0xc0000000 to 0xcFFFFFFF */
|
||||||
spi_gen = 0xc0000000 | (spi_gen & 0x0FFFFFFF);
|
spi_gen = 0xc0000000 | (spi_gen & 0x0FFFFFFF);
|
||||||
|
|
||||||
*spi = htonl(spi_gen);
|
*spi = htonl(spi_gen);
|
||||||
|
|
@ -2488,8 +2489,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
|
||||||
static void init_ipsec_devices(private_kernel_klips_ipsec_t *this)
|
static void init_ipsec_devices(private_kernel_klips_ipsec_t *this)
|
||||||
{
|
{
|
||||||
int i, count = lib->settings->get_int(lib->settings,
|
int i, count = lib->settings->get_int(lib->settings,
|
||||||
"charon.plugins.kernel-klips.ipsec_dev_count",
|
"%s.plugins.kernel-klips.ipsec_dev_count",
|
||||||
DEFAULT_IPSEC_DEV_COUNT);
|
DEFAULT_IPSEC_DEV_COUNT, hydra->daemon);
|
||||||
|
|
||||||
for (i = 0; i < count; ++i)
|
for (i = 0; i < count; ++i)
|
||||||
{
|
{
|
||||||
|
|
@ -2599,7 +2600,8 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create()
|
||||||
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
||||||
.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
|
.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
|
||||||
.install_routes = lib->settings->get_bool(lib->settings,
|
.install_routes = lib->settings->get_bool(lib->settings,
|
||||||
"charon.install_routes", TRUE),
|
"%s.install_routes", TRUE,
|
||||||
|
hydra->daemon),
|
||||||
);
|
);
|
||||||
|
|
||||||
/* initialize ipsec devices */
|
/* initialize ipsec devices */
|
||||||
|
|
|
||||||
|
|
@ -2167,7 +2167,8 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
|
||||||
(hashtable_equals_t)policy_equals, 32),
|
(hashtable_equals_t)policy_equals, 32),
|
||||||
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
||||||
.install_routes = lib->settings->get_bool(lib->settings,
|
.install_routes = lib->settings->get_bool(lib->settings,
|
||||||
"charon.install_routes", TRUE),
|
"%s.install_routes", TRUE,
|
||||||
|
hydra->daemon),
|
||||||
);
|
);
|
||||||
|
|
||||||
/* disable lifetimes for allocated SPIs in kernel */
|
/* disable lifetimes for allocated SPIs in kernel */
|
||||||
|
|
|
||||||
|
|
@ -1437,17 +1437,17 @@ kernel_netlink_net_t *kernel_netlink_net_create()
|
||||||
this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
|
this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
|
||||||
timerclear(&this->last_roam);
|
timerclear(&this->last_roam);
|
||||||
this->routing_table = lib->settings->get_int(lib->settings,
|
this->routing_table = lib->settings->get_int(lib->settings,
|
||||||
"charon.routing_table", ROUTING_TABLE);
|
"%s.routing_table", ROUTING_TABLE, hydra->daemon);
|
||||||
this->routing_table_prio = lib->settings->get_int(lib->settings,
|
this->routing_table_prio = lib->settings->get_int(lib->settings,
|
||||||
"charon.routing_table_prio", ROUTING_TABLE_PRIO);
|
"%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon);
|
||||||
this->process_route = lib->settings->get_bool(lib->settings,
|
this->process_route = lib->settings->get_bool(lib->settings,
|
||||||
"charon.process_route", TRUE);
|
"%s.process_route", TRUE, hydra->daemon);
|
||||||
this->install_virtual_ip = lib->settings->get_bool(lib->settings,
|
this->install_virtual_ip = lib->settings->get_bool(lib->settings,
|
||||||
"charon.install_virtual_ip", TRUE);
|
"%s.install_virtual_ip", TRUE, hydra->daemon);
|
||||||
|
|
||||||
this->rt_exclude = linked_list_create();
|
this->rt_exclude = linked_list_create();
|
||||||
exclude = lib->settings->get_str(lib->settings,
|
exclude = lib->settings->get_str(lib->settings,
|
||||||
"charon.ignore_routing_tables", NULL);
|
"%s.ignore_routing_tables", NULL, hydra->daemon);
|
||||||
if (exclude)
|
if (exclude)
|
||||||
{
|
{
|
||||||
char *token;
|
char *token;
|
||||||
|
|
|
||||||
|
|
@ -2133,7 +2133,8 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
|
||||||
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
|
||||||
.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
|
.mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT),
|
||||||
.install_routes = lib->settings->get_bool(lib->settings,
|
.install_routes = lib->settings->get_bool(lib->settings,
|
||||||
"charon.install_routes", TRUE),
|
"%s.install_routes", TRUE,
|
||||||
|
hydra->daemon),
|
||||||
);
|
);
|
||||||
|
|
||||||
/* create a PF_KEY socket to communicate with the kernel */
|
/* create a PF_KEY socket to communicate with the kernel */
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue