ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

starter: Use custom type for SA specific options (flags).

This commit is contained in:
Tobias Brunner 2012-05-15 16:31:46 +02:00
parent 29906e0eab
commit 5b09310e67
4 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/starter/cmp.c
View File

@ -49,7 +49,7 @@ starter_cmp_conn(starter_conn_t *c1, starter_conn_t *c2)
if ((c1 == NULL) || (c2 == NULL))
return FALSE;
VARCMP(policy);
VARCMP(options);
VARCMP(mark_in.value);
VARCMP(mark_in.mask);
VARCMP(mark_out.value);

26
src/starter/confread.c
View File

@ -83,7 +83,7 @@ static void default_values(starter_config_t *cfg)
cfg->conn_default.startup = STARTUP_NO;
cfg->conn_default.state = STATE_IGNORE;
cfg->conn_default.mode = MODE_TUNNEL;
cfg->conn_default.policy = POLICY_MOBIKE;
cfg->conn_default.options = SA_OPTION_MOBIKE;
cfg->conn_default.ike = strdupnull(ike_defaults);
cfg->conn_default.esp = strdupnull(esp_defaults);
@ -108,10 +108,10 @@ static void default_values(starter_config_t *cfg)
cfg->ca_default.seen = SEEN_NONE;
}
#define KW_POLICY_FLAG(sy, sn, fl) \
if (streq(kw->value, sy)) { conn->policy |= fl; } \
else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \
else { DBG1(DBG_APP, "# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
#define KW_SA_OPTION_FLAG(sy, sn, fl) \
if (streq(kw->value, sy)) { conn->options |= fl; } \
else if (streq(kw->value, sn)) { conn->options &= ~fl; } \
else { DBG1(DBG_APP, "# bad option value: %s=%s", kw->entry->name, kw->value); cfg->err++; }
static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp)
{
@ -499,10 +499,10 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
}
break;
case KW_COMPRESS:
KW_POLICY_FLAG("yes", "no", POLICY_COMPRESS)
KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_COMPRESS)
break;
case KW_AUTH:
KW_POLICY_FLAG("ah", "esp", POLICY_AUTHENTICATE)
KW_SA_OPTION_FLAG("ah", "esp", SA_OPTION_AUTHENTICATE)
break;
case KW_MARK:
if (!handle_mark(kw->value, &conn->mark_in))
@ -561,22 +561,22 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
}
break;
case KW_REKEY:
KW_POLICY_FLAG("no", "yes", POLICY_DONT_REKEY)
KW_SA_OPTION_FLAG("no", "yes", SA_OPTION_DONT_REKEY)
break;
case KW_REAUTH:
KW_POLICY_FLAG("no", "yes", POLICY_DONT_REAUTH)
KW_SA_OPTION_FLAG("no", "yes", SA_OPTION_DONT_REAUTH)
break;
case KW_MOBIKE:
KW_POLICY_FLAG("yes", "no", POLICY_MOBIKE)
KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_MOBIKE)
break;
case KW_FORCEENCAPS:
KW_POLICY_FLAG("yes", "no", POLICY_FORCE_ENCAP)
KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_FORCE_ENCAP)
break;
case KW_MODECONFIG:
KW_POLICY_FLAG("push", "pull", POLICY_MODECFG_PUSH)
KW_SA_OPTION_FLAG("push", "pull", SA_OPTION_MODECFG_PUSH)
break;
case KW_XAUTH:
KW_POLICY_FLAG("server", "client", POLICY_XAUTH_SERVER)
KW_SA_OPTION_FLAG("server", "client", SA_OPTION_XAUTH_SERVER)
break;
default:
break;

16
src/starter/confread.h
View File

@ -55,6 +55,20 @@ typedef enum {
STRICT_IFURI
} strict_t;
typedef enum {
/* IPsec options */
SA_OPTION_AUTHENTICATE = 1 << 0, /* use AH instead of ESP? */
SA_OPTION_COMPRESS = 1 << 1, /* use IPComp */
/* IKE and other other options */
SA_OPTION_DONT_REKEY = 1 << 2, /* don't rekey state either Phase */
SA_OPTION_DONT_REAUTH = 1 << 3, /* don't reauthenticate on rekeying, IKEv2 only */
SA_OPTION_MODECFG_PUSH = 1 << 4, /* is modecfg pushed by server? */
SA_OPTION_XAUTH_SERVER = 1 << 5, /* are we an XAUTH server? */
SA_OPTION_MOBIKE = 1 << 6, /* enable MOBIKE for IKEv2 */
SA_OPTION_FORCE_ENCAP = 1 << 7, /* force UDP encapsulation */
} sa_option_t;
typedef struct starter_end starter_end_t;
struct starter_end {
@ -112,7 +126,7 @@ struct starter_conn {
char *authby;
ipsec_mode_t mode;
bool proxy_mode;
lset_t policy;
sa_option_t options;
time_t sa_ike_life_seconds;
time_t sa_ipsec_life_seconds;
time_t sa_rekey_margin;

14
src/starter/starterstroke.c
View File

@ -167,9 +167,9 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.mode = conn->mode;
msg.add_conn.proxy_mode = conn->proxy_mode;
if (!(conn->policy & POLICY_DONT_REKEY))
if (!(conn->options & SA_OPTION_DONT_REKEY))
{
msg.add_conn.rekey.reauth = (conn->policy & POLICY_DONT_REAUTH) == LEMPTY;
msg.add_conn.rekey.reauth = !(conn->options & SA_OPTION_DONT_REAUTH);
msg.add_conn.rekey.ipsec_lifetime = conn->sa_ipsec_life_seconds;
msg.add_conn.rekey.ike_lifetime = conn->sa_ike_life_seconds;
msg.add_conn.rekey.margin = conn->sa_rekey_margin;
@ -180,9 +180,9 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.rekey.tries = conn->sa_keying_tries;
msg.add_conn.rekey.fuzz = conn->sa_rekey_fuzz;
}
msg.add_conn.mobike = (conn->policy & POLICY_MOBIKE) != 0;
msg.add_conn.force_encap = (conn->policy & POLICY_FORCE_ENCAP) != 0;
msg.add_conn.ipcomp = (conn->policy & POLICY_COMPRESS) != 0;
msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE;
msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP;
msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS;
msg.add_conn.install_policy = conn->install_policy;
msg.add_conn.aggressive = conn->aggressive;
msg.add_conn.crl_policy = (crl_policy_t)cfg->setup.strictcrlpolicy;
@ -226,7 +226,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
{
msg.add_conn.me.auth = push_string(&msg, "pubkey");
msg.add_conn.other.auth = push_string(&msg, "pubkey");
if (conn->policy & POLICY_XAUTH_SERVER)
if (conn->options & SA_OPTION_XAUTH_SERVER)
{
msg.add_conn.other.auth2 = push_string(&msg, "xauth");
}
@ -239,7 +239,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
{
msg.add_conn.me.auth = push_string(&msg, "psk");
msg.add_conn.other.auth = push_string(&msg, "psk");
if (conn->policy & POLICY_XAUTH_SERVER)
if (conn->options & SA_OPTION_XAUTH_SERVER)
{
msg.add_conn.other.auth2 = push_string(&msg, "xauth");
}