starter: Use custom type for SA specific options (flags).
This commit is contained in:
parent
29906e0eab
commit
5b09310e67
|
@ -49,7 +49,7 @@ starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2)
|
|||
if ((c1 == NULL) || (c2 == NULL))
|
||||
return FALSE;
|
||||
|
||||
VARCMP(policy);
|
||||
VARCMP(options);
|
||||
VARCMP(mark_in.value);
|
||||
VARCMP(mark_in.mask);
|
||||
VARCMP(mark_out.value);
|
||||
|
|
|
@ -83,7 +83,7 @@ static void default_values(starter_config_t *cfg)
|
|||
cfg->conn_default.startup = STARTUP_NO;
|
||||
cfg->conn_default.state = STATE_IGNORE;
|
||||
cfg->conn_default.mode = MODE_TUNNEL;
|
||||
cfg->conn_default.policy = POLICY_MOBIKE;
|
||||
cfg->conn_default.options = SA_OPTION_MOBIKE;
|
||||
|
||||
cfg->conn_default.ike = strdupnull(ike_defaults);
|
||||
cfg->conn_default.esp = strdupnull(esp_defaults);
|
||||
|
@ -108,10 +108,10 @@ static void default_values(starter_config_t *cfg)
|
|||
cfg->ca_default.seen = SEEN_NONE;
|
||||
}
|
||||
|
||||
#define KW_POLICY_FLAG(sy, sn, fl) \
|
||||
if (streq(kw->value, sy)) { conn->policy |= fl; } \
|
||||
else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \
|
||||
else { DBG1(DBG_APP, "# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
|
||||
#define KW_SA_OPTION_FLAG(sy, sn, fl) \
|
||||
if (streq(kw->value, sy)) { conn->options |= fl; } \
|
||||
else if (streq(kw->value, sn)) { conn->options &= ~fl; } \
|
||||
else { DBG1(DBG_APP, "# bad option value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
|
||||
|
||||
static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
|
||||
{
|
||||
|
@ -499,10 +499,10 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
|
|||
}
|
||||
break;
|
||||
case KW_COMPRESS:
|
||||
KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS)
|
||||
KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_COMPRESS)
|
||||
break;
|
||||
case KW_AUTH:
|
||||
KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE)
|
||||
KW_SA_OPTION_FLAG("ah", "esp", SA_OPTION_AUTHENTICATE)
|
||||
break;
|
||||
case KW_MARK:
|
||||
if (!handle_mark(kw->value, &conn->mark_in))
|
||||
|
@ -561,22 +561,22 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
|
|||
}
|
||||
break;
|
||||
case KW_REKEY:
|
||||
KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY)
|
||||
KW_SA_OPTION_FLAG("no", "yes", SA_OPTION_DONT_REKEY)
|
||||
break;
|
||||
case KW_REAUTH:
|
||||
KW_POLICY_FLAG("no", "yes", POLICY_DONT_REAUTH)
|
||||
KW_SA_OPTION_FLAG("no", "yes", SA_OPTION_DONT_REAUTH)
|
||||
break;
|
||||
case KW_MOBIKE:
|
||||
KW_POLICY_FLAG("yes", "no", POLICY_MOBIKE)
|
||||
KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_MOBIKE)
|
||||
break;
|
||||
case KW_FORCEENCAPS:
|
||||
KW_POLICY_FLAG("yes", "no", POLICY_FORCE_ENCAP)
|
||||
KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_FORCE_ENCAP)
|
||||
break;
|
||||
case KW_MODECONFIG:
|
||||
KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH)
|
||||
KW_SA_OPTION_FLAG("push", "pull", SA_OPTION_MODECFG_PUSH)
|
||||
break;
|
||||
case KW_XAUTH:
|
||||
KW_POLICY_FLAG("server", "client", POLICY_XAUTH_SERVER)
|
||||
KW_SA_OPTION_FLAG("server", "client", SA_OPTION_XAUTH_SERVER)
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
|
|
@ -55,6 +55,20 @@ typedef enum {
|
|||
STRICT_IFURI
|
||||
} strict_t;
|
||||
|
||||
typedef enum {
|
||||
/* IPsec options */
|
||||
SA_OPTION_AUTHENTICATE = 1 << 0, /* use AH instead of ESP? */
|
||||
SA_OPTION_COMPRESS = 1 << 1, /* use IPComp */
|
||||
|
||||
/* IKE and other other options */
|
||||
SA_OPTION_DONT_REKEY = 1 << 2, /* don't rekey state either Phase */
|
||||
SA_OPTION_DONT_REAUTH = 1 << 3, /* don't reauthenticate on rekeying, IKEv2 only */
|
||||
SA_OPTION_MODECFG_PUSH = 1 << 4, /* is modecfg pushed by server? */
|
||||
SA_OPTION_XAUTH_SERVER = 1 << 5, /* are we an XAUTH server? */
|
||||
SA_OPTION_MOBIKE = 1 << 6, /* enable MOBIKE for IKEv2 */
|
||||
SA_OPTION_FORCE_ENCAP = 1 << 7, /* force UDP encapsulation */
|
||||
} sa_option_t;
|
||||
|
||||
typedef struct starter_end starter_end_t;
|
||||
|
||||
struct starter_end {
|
||||
|
@ -112,7 +126,7 @@ struct starter_conn {
|
|||
char *authby;
|
||||
ipsec_mode_t mode;
|
||||
bool proxy_mode;
|
||||
lset_t policy;
|
||||
sa_option_t options;
|
||||
time_t sa_ike_life_seconds;
|
||||
time_t sa_ipsec_life_seconds;
|
||||
time_t sa_rekey_margin;
|
||||
|
|
|
@ -167,9 +167,9 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
|||
msg.add_conn.mode = conn->mode;
|
||||
msg.add_conn.proxy_mode = conn->proxy_mode;
|
||||
|
||||
if (!(conn->policy & POLICY_DONT_REKEY))
|
||||
if (!(conn->options & SA_OPTION_DONT_REKEY))
|
||||
{
|
||||
msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY;
|
||||
msg.add_conn.rekey.reauth = !(conn->options & SA_OPTION_DONT_REAUTH);
|
||||
msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
|
||||
msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
|
||||
msg.add_conn.rekey.margin = conn->sa_rekey_margin;
|
||||
|
@ -180,9 +180,9 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
|||
msg.add_conn.rekey.tries = conn->sa_keying_tries;
|
||||
msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
|
||||
}
|
||||
msg.add_conn.mobike = (conn->policy & POLICY_MOBIKE) != 0;
|
||||
msg.add_conn.force_encap = (conn->policy & POLICY_FORCE_ENCAP) != 0;
|
||||
msg.add_conn.ipcomp = (conn->policy & POLICY_COMPRESS) != 0;
|
||||
msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE;
|
||||
msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP;
|
||||
msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS;
|
||||
msg.add_conn.install_policy = conn->install_policy;
|
||||
msg.add_conn.aggressive = conn->aggressive;
|
||||
msg.add_conn.crl_policy = (crl_policy_t)cfg->setup.strictcrlpolicy;
|
||||
|
@ -226,7 +226,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
|||
{
|
||||
msg.add_conn.me.auth = push_string(&msg, "pubkey");
|
||||
msg.add_conn.other.auth = push_string(&msg, "pubkey");
|
||||
if (conn->policy & POLICY_XAUTH_SERVER)
|
||||
if (conn->options & SA_OPTION_XAUTH_SERVER)
|
||||
{
|
||||
msg.add_conn.other.auth2 = push_string(&msg, "xauth");
|
||||
}
|
||||
|
@ -239,7 +239,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
|||
{
|
||||
msg.add_conn.me.auth = push_string(&msg, "psk");
|
||||
msg.add_conn.other.auth = push_string(&msg, "psk");
|
||||
if (conn->policy & POLICY_XAUTH_SERVER)
|
||||
if (conn->options & SA_OPTION_XAUTH_SERVER)
|
||||
{
|
||||
msg.add_conn.other.auth2 = push_string(&msg, "xauth");
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue