full support of ikev1 and ikev2 connection flags
This commit is contained in:
Andreas Steffen
parent
9db4f61476
commit
6d5e617f7d
|
|
@ -225,21 +225,22 @@ void log_connections(private_local_connection_store_t *this, logger_t *logger, c
|
|||
logger = this->logger;
|
||||
}
|
||||
|
||||
logger->log(logger, CONTROL, "templates:");
|
||||
logger->log(logger, CONTROL, "Templates:");
|
||||
|
||||
pthread_mutex_lock(&(this->mutex));
|
||||
iterator = this->connections->create_iterator(this->connections, TRUE);
|
||||
while (iterator->has_next(iterator))
|
||||
{
|
||||
iterator->current(iterator, (void**)¤t);
|
||||
if (!name || strcmp(name, current->get_name(current)) == 0)
|
||||
if (current->is_ikev2(current) && ( name == NULL || streq(name, current->get_name(current))))
|
||||
{
|
||||
host_t *my_host, *other_host;
|
||||
my_host = current->get_my_host(current);
|
||||
other_host = current->get_other_host(current);
|
||||
host_t *my_host = current->get_my_host(current);
|
||||
host_t *other_host = current->get_other_host(current);
|
||||
|
||||
logger->log(logger, CONTROL, " \"%s\": %s...%s",
|
||||
current->get_name(current),
|
||||
my_host->get_address(my_host), other_host->get_address(other_host));
|
||||
my_host->get_address(my_host),
|
||||
other_host->get_address(other_host));
|
||||
}
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
|
|
|
|||
|
|
@ -350,7 +350,7 @@ delete_connection(struct connection *c, bool relations)
|
|||
free_ietfAttrList(c->spd.that.groups);
|
||||
free_generalNames(c->requested_ca, TRUE);
|
||||
gw_delref(&c->gw_info);
|
||||
|
||||
|
||||
lock_certs_and_keys("delete_connection");
|
||||
release_cert(c->spd.this.cert);
|
||||
scx_release(c->spd.this.sc);
|
||||
|
|
@ -360,7 +360,7 @@ delete_connection(struct connection *c, bool relations)
|
|||
|
||||
alg_info_delref((struct alg_info **)&c->alg_info_esp);
|
||||
alg_info_delref((struct alg_info **)&c->alg_info_ike);
|
||||
|
||||
|
||||
pfree(c);
|
||||
}
|
||||
|
||||
|
|
@ -978,8 +978,8 @@ add_connection(const whack_message_t *wm)
|
|||
bool same_rightca, same_leftca;
|
||||
struct connection *c = alloc_thing(struct connection, "struct connection");
|
||||
|
||||
c->name = wm->name;
|
||||
|
||||
c->name = wm->name;
|
||||
c->ikev1 = wm->ikev1;
|
||||
c->policy = wm->policy;
|
||||
|
||||
if ((c->policy & POLICY_COMPRESS) && !can_do_IPcomp)
|
||||
|
|
@ -1138,7 +1138,9 @@ add_connection(const whack_message_t *wm)
|
|||
|
||||
unshare_connection_strings(c);
|
||||
(void)orient(c);
|
||||
connect_to_host_pair(c);
|
||||
|
||||
if (c->ikev1)
|
||||
connect_to_host_pair(c);
|
||||
|
||||
/* log all about this connection */
|
||||
plog("added connection description \"%s\"", c->name);
|
||||
|
|
@ -1824,7 +1826,7 @@ initiate_connection(const char *name, int whackfd)
|
|||
{
|
||||
struct connection *c = con_by_name(name, TRUE);
|
||||
|
||||
if (c != NULL)
|
||||
if (c != NULL && c->ikev1)
|
||||
{
|
||||
set_cur_connection(c);
|
||||
if (!oriented(*c))
|
||||
|
|
@ -2983,11 +2985,15 @@ terminate_connection(const char *nm)
|
|||
/* Loop because more than one may match (master and instances)
|
||||
* But at least one is required (enforced by con_by_name).
|
||||
*/
|
||||
struct connection *c, *n;
|
||||
struct connection *c = con_by_name(nm, TRUE);
|
||||
|
||||
for (c = con_by_name(nm, TRUE); c != NULL; c = n)
|
||||
if (c == NULL || !c->ikev1)
|
||||
return;
|
||||
|
||||
do
|
||||
{
|
||||
n = c->ac_next; /* grab this before c might disappear */
|
||||
struct connection *n = c->ac_next; /* grab this before c might disappear */
|
||||
|
||||
if (streq(c->name, nm)
|
||||
&& c->kind >= CK_PERMANENT
|
||||
&& !NEVER_NEGOTIATE(c->policy))
|
||||
|
|
@ -2999,7 +3005,8 @@ terminate_connection(const char *nm)
|
|||
delete_states_by_connection(c, FALSE);
|
||||
reset_cur_connection();
|
||||
}
|
||||
}
|
||||
c = n;
|
||||
} while (c != NULL);
|
||||
}
|
||||
|
||||
/* check nexthop safety
|
||||
|
|
@ -4006,7 +4013,7 @@ show_connections_status(bool all, const char *name)
|
|||
count = 0;
|
||||
for (c = connections; c != NULL; c = c->ac_next)
|
||||
{
|
||||
if (name == NULL || streq(c->name, name))
|
||||
if (c->ikev1 && (name == NULL || streq(c->name, name)))
|
||||
count++;
|
||||
}
|
||||
array = alloc_bytes(sizeof(struct connection *)*count, "connection array");
|
||||
|
|
@ -4014,7 +4021,7 @@ show_connections_status(bool all, const char *name)
|
|||
count=0;
|
||||
for (c = connections; c != NULL; c = c->ac_next)
|
||||
{
|
||||
if (name == NULL || streq(c->name, name))
|
||||
if (c->ikev1 && (name == NULL || streq(c->name, name)))
|
||||
array[count++]=c;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -172,6 +172,8 @@ struct spd_route {
|
|||
|
||||
struct connection {
|
||||
char *name;
|
||||
bool ikev1;
|
||||
|
||||
lset_t policy;
|
||||
time_t sa_ike_life_seconds;
|
||||
time_t sa_ipsec_life_seconds;
|
||||
|
|
|
|||
|
|
@ -569,7 +569,7 @@ whack_handle(int whackctlfd)
|
|||
{
|
||||
struct connection *c = con_by_name(msg.name, TRUE);
|
||||
|
||||
if (c != NULL)
|
||||
if (c != NULL && c->ikev1)
|
||||
{
|
||||
set_cur_connection(c);
|
||||
if (!oriented(*c))
|
||||
|
|
@ -595,7 +595,7 @@ whack_handle(int whackctlfd)
|
|||
{
|
||||
struct connection *c = con_by_name(msg.name, TRUE);
|
||||
|
||||
if (c != NULL)
|
||||
if (c != NULL && c->ikev1)
|
||||
{
|
||||
struct spd_route *sr;
|
||||
int fail = 0;
|
||||
|
|
|
|||
|
|
@ -568,13 +568,15 @@ int main (int argc, char **argv)
|
|||
|
||||
if (conn->startup == STARTUP_START)
|
||||
{
|
||||
if (starter_charon_pid())
|
||||
if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
|
||||
{
|
||||
starter_stroke_initiate_conn(conn);
|
||||
if (starter_charon_pid())
|
||||
{
|
||||
starter_stroke_initiate_conn(conn);
|
||||
}
|
||||
}
|
||||
if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
|
||||
else
|
||||
{
|
||||
/* currently not initiated, until pluto handles the keyexchange flag */
|
||||
if (starter_pluto_pid())
|
||||
{
|
||||
starter_whack_initiate_conn(conn);
|
||||
|
|
@ -583,13 +585,15 @@ int main (int argc, char **argv)
|
|||
}
|
||||
else if (conn->startup == STARTUP_ROUTE)
|
||||
{
|
||||
if (starter_charon_pid())
|
||||
if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
|
||||
{
|
||||
starter_stroke_route_conn(conn);
|
||||
if (starter_charon_pid())
|
||||
{
|
||||
starter_stroke_route_conn(conn);
|
||||
}
|
||||
}
|
||||
if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
|
||||
else
|
||||
{
|
||||
/* currently not routed, until pluto handles the keyexchange flag */
|
||||
if (starter_pluto_pid())
|
||||
{
|
||||
starter_whack_route_conn(conn);
|
||||
|
|
|
|||
|
|
@ -234,6 +234,7 @@ starter_whack_add_conn(starter_conn_t *conn)
|
|||
msg.whack_connection = TRUE;
|
||||
msg.name = connection_name(conn);
|
||||
|
||||
msg.ikev1 = conn->keyexchange != KEY_EXCHANGE_IKEV2;
|
||||
msg.addr_family = conn->addr_family;
|
||||
msg.tunnel_addr_family = conn->tunnel_addr_family;
|
||||
msg.sa_ike_life_seconds = conn->sa_ike_life_seconds;
|
||||
|
|
|
|||
|
|
@ -846,6 +846,9 @@ main(int argc, char **argv)
|
|||
msg.ike = NULL;
|
||||
msg.pfsgroup = NULL;
|
||||
|
||||
/* if a connection is added via whack then we assume IKEv1 */
|
||||
msg.ikev1 = TRUE;
|
||||
|
||||
msg.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT;
|
||||
msg.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT;
|
||||
msg.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT;
|
||||
|
|
|
|||
|
|
@ -103,6 +103,7 @@ struct whack_message {
|
|||
|
||||
bool whack_connection;
|
||||
bool whack_async;
|
||||
bool ikev1;
|
||||
|
||||
lset_t policy;
|
||||
time_t sa_ike_life_seconds;
|
||||
|
|
|
|||
Loading…
Reference in New Issue