starter: Store mode of the IPsec SA/policy in a separate member.
This commit is contained in:
Tobias Brunner
parent
f82365ad27
commit
6d065f14ae
|
|
@ -83,8 +83,8 @@ static void default_values(starter_config_t *cfg)
|
|||
cfg->conn_default.seen = SEEN_NONE;
|
||||
cfg->conn_default.startup = STARTUP_NO;
|
||||
cfg->conn_default.state = STATE_IGNORE;
|
||||
cfg->conn_default.policy = POLICY_ENCRYPT | POLICY_TUNNEL | POLICY_PUBKEY |
|
||||
POLICY_PFS | POLICY_MOBIKE;
|
||||
cfg->conn_default.mode = MODE_TUNNEL;
|
||||
cfg->conn_default.policy = POLICY_PFS | POLICY_MOBIKE;
|
||||
|
||||
cfg->conn_default.ike = strdupnull(ike_defaults);
|
||||
cfg->conn_default.esp = strdupnull(esp_defaults);
|
||||
|
|
@ -312,7 +312,8 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
|
|||
32 : 128;
|
||||
}
|
||||
}
|
||||
conn->policy |= POLICY_TUNNEL;
|
||||
conn->mode = MODE_TUNNEL;
|
||||
conn->proxy_mode = FALSE;
|
||||
break;
|
||||
case KW_SENDCERT:
|
||||
if (end->sendcert == CERT_YES_SEND)
|
||||
|
|
@ -372,7 +373,8 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token,
|
|||
}
|
||||
end->sourceip = strdupnull(value);
|
||||
end->has_natip = TRUE;
|
||||
conn->policy |= POLICY_TUNNEL;
|
||||
conn->mode = MODE_TUNNEL;
|
||||
conn->proxy_mode = FALSE;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
|
|
@ -529,32 +531,30 @@ static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg
|
|||
switch (token)
|
||||
{
|
||||
case KW_TYPE:
|
||||
conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK);
|
||||
conn->mode = MODE_TRANSPORT;
|
||||
conn->proxy_mode = FALSE;
|
||||
if (streq(kw->value, "tunnel"))
|
||||
{
|
||||
conn->policy |= POLICY_TUNNEL;
|
||||
conn->mode = MODE_TUNNEL;
|
||||
}
|
||||
else if (streq(kw->value, "beet"))
|
||||
{
|
||||
conn->policy |= POLICY_BEET;
|
||||
conn->mode = MODE_BEET;
|
||||
}
|
||||
else if (streq(kw->value, "transport_proxy"))
|
||||
{
|
||||
conn->policy |= POLICY_PROXY;
|
||||
conn->mode = MODE_TRANSPORT;
|
||||
conn->proxy_mode = TRUE;
|
||||
}
|
||||
else if (streq(kw->value, "passthrough") || streq(kw->value, "pass"))
|
||||
{
|
||||
conn->policy |= POLICY_SHUNT_PASS;
|
||||
conn->mode = MODE_PASS;
|
||||
}
|
||||
else if (streq(kw->value, "drop"))
|
||||
else if (streq(kw->value, "drop") || streq(kw->value, "reject"))
|
||||
{
|
||||
conn->policy |= POLICY_SHUNT_DROP;
|
||||
conn->mode = MODE_DROP;
|
||||
}
|
||||
else if (streq(kw->value, "reject"))
|
||||
{
|
||||
conn->policy |= POLICY_SHUNT_REJECT;
|
||||
}
|
||||
else if (strcmp(kw->value, "transport") != 0)
|
||||
else if (!streq(kw->value, "transport"))
|
||||
{
|
||||
DBG1(DBG_APP, "# bad policy value: %s=%s", kw->entry->name,
|
||||
kw->value);
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@
|
|||
|
||||
#include <freeswan.h>
|
||||
#include "../pluto/constants.h"
|
||||
#include <kernel/kernel_ipsec.h>
|
||||
|
||||
#include "ipsec-parser.h"
|
||||
|
||||
|
|
@ -116,6 +117,8 @@ struct starter_conn {
|
|||
char *aaa_identity;
|
||||
char *xauth_identity;
|
||||
char *authby;
|
||||
ipsec_mode_t mode;
|
||||
bool proxy_mode;
|
||||
lset_t policy;
|
||||
time_t sa_ike_life_seconds;
|
||||
time_t sa_ipsec_life_seconds;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* Stroke for charon is the counterpart to whack from pluto
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
|
|
@ -204,31 +204,8 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
|||
msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
|
||||
msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
|
||||
|
||||
if (conn->policy & POLICY_TUNNEL)
|
||||
{
|
||||
msg.add_conn.mode = MODE_TUNNEL;
|
||||
}
|
||||
else if (conn->policy & POLICY_BEET)
|
||||
{
|
||||
msg.add_conn.mode = MODE_BEET;
|
||||
}
|
||||
else if (conn->policy & POLICY_PROXY)
|
||||
{
|
||||
msg.add_conn.mode = MODE_TRANSPORT;
|
||||
msg.add_conn.proxy_mode = TRUE;
|
||||
}
|
||||
else if (conn->policy & POLICY_SHUNT_PASS)
|
||||
{
|
||||
msg.add_conn.mode = MODE_PASS;
|
||||
}
|
||||
else if (conn->policy & (POLICY_SHUNT_DROP | POLICY_SHUNT_REJECT))
|
||||
{
|
||||
msg.add_conn.mode = MODE_DROP;
|
||||
}
|
||||
else
|
||||
{
|
||||
msg.add_conn.mode = MODE_TRANSPORT;
|
||||
}
|
||||
msg.add_conn.mode = conn->mode;
|
||||
msg.add_conn.proxy_mode = conn->proxy_mode;
|
||||
|
||||
if (!(conn->policy & POLICY_DONT_REKEY))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
/* Stroke for charon is the counterpart to whack from pluto
|
||||
* Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
|
@ -17,12 +18,12 @@
|
|||
|
||||
#include "confread.h"
|
||||
|
||||
extern int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn);
|
||||
extern int starter_stroke_del_conn(starter_conn_t *conn);
|
||||
extern int starter_stroke_route_conn(starter_conn_t *conn);
|
||||
extern int starter_stroke_initiate_conn(starter_conn_t *conn);
|
||||
extern int starter_stroke_add_ca(starter_ca_t *ca);
|
||||
extern int starter_stroke_del_ca(starter_ca_t *ca);
|
||||
extern int starter_stroke_configure(starter_config_t *cfg);
|
||||
int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn);
|
||||
int starter_stroke_del_conn(starter_conn_t *conn);
|
||||
int starter_stroke_route_conn(starter_conn_t *conn);
|
||||
int starter_stroke_initiate_conn(starter_conn_t *conn);
|
||||
int starter_stroke_add_ca(starter_ca_t *ca);
|
||||
int starter_stroke_del_ca(starter_ca_t *ca);
|
||||
int starter_stroke_configure(starter_config_t *cfg);
|
||||
|
||||
#endif /* _STARTER_STROKE_H_ */
|
||||
|
|
|
|||
Loading…
Reference in New Issue