full support of ikev1 and ikev2 connection flags
This commit is contained in:
parent
9db4f61476
commit
6d5e617f7d
|
@ -225,21 +225,22 @@ void log_connections(private_local_connection_store_t *this, logger_t *logger, c
|
||||||
logger = this->logger;
|
logger = this->logger;
|
||||||
}
|
}
|
||||||
|
|
||||||
logger->log(logger, CONTROL, "templates:");
|
logger->log(logger, CONTROL, "Templates:");
|
||||||
|
|
||||||
pthread_mutex_lock(&(this->mutex));
|
pthread_mutex_lock(&(this->mutex));
|
||||||
iterator = this->connections->create_iterator(this->connections, TRUE);
|
iterator = this->connections->create_iterator(this->connections, TRUE);
|
||||||
while (iterator->has_next(iterator))
|
while (iterator->has_next(iterator))
|
||||||
{
|
{
|
||||||
iterator->current(iterator, (void**)¤t);
|
iterator->current(iterator, (void**)¤t);
|
||||||
if (!name || strcmp(name, current->get_name(current)) == 0)
|
if (current->is_ikev2(current) && ( name == NULL || streq(name, current->get_name(current))))
|
||||||
{
|
{
|
||||||
host_t *my_host, *other_host;
|
host_t *my_host = current->get_my_host(current);
|
||||||
my_host = current->get_my_host(current);
|
host_t *other_host = current->get_other_host(current);
|
||||||
other_host = current->get_other_host(current);
|
|
||||||
logger->log(logger, CONTROL, " \"%s\": %s...%s",
|
logger->log(logger, CONTROL, " \"%s\": %s...%s",
|
||||||
current->get_name(current),
|
current->get_name(current),
|
||||||
my_host->get_address(my_host), other_host->get_address(other_host));
|
my_host->get_address(my_host),
|
||||||
|
other_host->get_address(other_host));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
iterator->destroy(iterator);
|
iterator->destroy(iterator);
|
||||||
|
|
|
@ -979,7 +979,7 @@ add_connection(const whack_message_t *wm)
|
||||||
struct connection *c = alloc_thing(struct connection, "struct connection");
|
struct connection *c = alloc_thing(struct connection, "struct connection");
|
||||||
|
|
||||||
c->name = wm->name;
|
c->name = wm->name;
|
||||||
|
c->ikev1 = wm->ikev1;
|
||||||
c->policy = wm->policy;
|
c->policy = wm->policy;
|
||||||
|
|
||||||
if ((c->policy & POLICY_COMPRESS) && !can_do_IPcomp)
|
if ((c->policy & POLICY_COMPRESS) && !can_do_IPcomp)
|
||||||
|
@ -1138,6 +1138,8 @@ add_connection(const whack_message_t *wm)
|
||||||
|
|
||||||
unshare_connection_strings(c);
|
unshare_connection_strings(c);
|
||||||
(void)orient(c);
|
(void)orient(c);
|
||||||
|
|
||||||
|
if (c->ikev1)
|
||||||
connect_to_host_pair(c);
|
connect_to_host_pair(c);
|
||||||
|
|
||||||
/* log all about this connection */
|
/* log all about this connection */
|
||||||
|
@ -1824,7 +1826,7 @@ initiate_connection(const char *name, int whackfd)
|
||||||
{
|
{
|
||||||
struct connection *c = con_by_name(name, TRUE);
|
struct connection *c = con_by_name(name, TRUE);
|
||||||
|
|
||||||
if (c != NULL)
|
if (c != NULL && c->ikev1)
|
||||||
{
|
{
|
||||||
set_cur_connection(c);
|
set_cur_connection(c);
|
||||||
if (!oriented(*c))
|
if (!oriented(*c))
|
||||||
|
@ -2983,11 +2985,15 @@ terminate_connection(const char *nm)
|
||||||
/* Loop because more than one may match (master and instances)
|
/* Loop because more than one may match (master and instances)
|
||||||
* But at least one is required (enforced by con_by_name).
|
* But at least one is required (enforced by con_by_name).
|
||||||
*/
|
*/
|
||||||
struct connection *c, *n;
|
struct connection *c = con_by_name(nm, TRUE);
|
||||||
|
|
||||||
for (c = con_by_name(nm, TRUE); c != NULL; c = n)
|
if (c == NULL || !c->ikev1)
|
||||||
|
return;
|
||||||
|
|
||||||
|
do
|
||||||
{
|
{
|
||||||
n = c->ac_next; /* grab this before c might disappear */
|
struct connection *n = c->ac_next; /* grab this before c might disappear */
|
||||||
|
|
||||||
if (streq(c->name, nm)
|
if (streq(c->name, nm)
|
||||||
&& c->kind >= CK_PERMANENT
|
&& c->kind >= CK_PERMANENT
|
||||||
&& !NEVER_NEGOTIATE(c->policy))
|
&& !NEVER_NEGOTIATE(c->policy))
|
||||||
|
@ -2999,7 +3005,8 @@ terminate_connection(const char *nm)
|
||||||
delete_states_by_connection(c, FALSE);
|
delete_states_by_connection(c, FALSE);
|
||||||
reset_cur_connection();
|
reset_cur_connection();
|
||||||
}
|
}
|
||||||
}
|
c = n;
|
||||||
|
} while (c != NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check nexthop safety
|
/* check nexthop safety
|
||||||
|
@ -4006,7 +4013,7 @@ show_connections_status(bool all, const char *name)
|
||||||
count = 0;
|
count = 0;
|
||||||
for (c = connections; c != NULL; c = c->ac_next)
|
for (c = connections; c != NULL; c = c->ac_next)
|
||||||
{
|
{
|
||||||
if (name == NULL || streq(c->name, name))
|
if (c->ikev1 && (name == NULL || streq(c->name, name)))
|
||||||
count++;
|
count++;
|
||||||
}
|
}
|
||||||
array = alloc_bytes(sizeof(struct connection *)*count, "connection array");
|
array = alloc_bytes(sizeof(struct connection *)*count, "connection array");
|
||||||
|
@ -4014,7 +4021,7 @@ show_connections_status(bool all, const char *name)
|
||||||
count=0;
|
count=0;
|
||||||
for (c = connections; c != NULL; c = c->ac_next)
|
for (c = connections; c != NULL; c = c->ac_next)
|
||||||
{
|
{
|
||||||
if (name == NULL || streq(c->name, name))
|
if (c->ikev1 && (name == NULL || streq(c->name, name)))
|
||||||
array[count++]=c;
|
array[count++]=c;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -172,6 +172,8 @@ struct spd_route {
|
||||||
|
|
||||||
struct connection {
|
struct connection {
|
||||||
char *name;
|
char *name;
|
||||||
|
bool ikev1;
|
||||||
|
|
||||||
lset_t policy;
|
lset_t policy;
|
||||||
time_t sa_ike_life_seconds;
|
time_t sa_ike_life_seconds;
|
||||||
time_t sa_ipsec_life_seconds;
|
time_t sa_ipsec_life_seconds;
|
||||||
|
|
|
@ -569,7 +569,7 @@ whack_handle(int whackctlfd)
|
||||||
{
|
{
|
||||||
struct connection *c = con_by_name(msg.name, TRUE);
|
struct connection *c = con_by_name(msg.name, TRUE);
|
||||||
|
|
||||||
if (c != NULL)
|
if (c != NULL && c->ikev1)
|
||||||
{
|
{
|
||||||
set_cur_connection(c);
|
set_cur_connection(c);
|
||||||
if (!oriented(*c))
|
if (!oriented(*c))
|
||||||
|
@ -595,7 +595,7 @@ whack_handle(int whackctlfd)
|
||||||
{
|
{
|
||||||
struct connection *c = con_by_name(msg.name, TRUE);
|
struct connection *c = con_by_name(msg.name, TRUE);
|
||||||
|
|
||||||
if (c != NULL)
|
if (c != NULL && c->ikev1)
|
||||||
{
|
{
|
||||||
struct spd_route *sr;
|
struct spd_route *sr;
|
||||||
int fail = 0;
|
int fail = 0;
|
||||||
|
|
|
@ -567,14 +567,16 @@ int main (int argc, char **argv)
|
||||||
conn->state = STATE_ADDED;
|
conn->state = STATE_ADDED;
|
||||||
|
|
||||||
if (conn->startup == STARTUP_START)
|
if (conn->startup == STARTUP_START)
|
||||||
|
{
|
||||||
|
if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
|
||||||
{
|
{
|
||||||
if (starter_charon_pid())
|
if (starter_charon_pid())
|
||||||
{
|
{
|
||||||
starter_stroke_initiate_conn(conn);
|
starter_stroke_initiate_conn(conn);
|
||||||
}
|
}
|
||||||
if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
/* currently not initiated, until pluto handles the keyexchange flag */
|
|
||||||
if (starter_pluto_pid())
|
if (starter_pluto_pid())
|
||||||
{
|
{
|
||||||
starter_whack_initiate_conn(conn);
|
starter_whack_initiate_conn(conn);
|
||||||
|
@ -582,14 +584,16 @@ int main (int argc, char **argv)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (conn->startup == STARTUP_ROUTE)
|
else if (conn->startup == STARTUP_ROUTE)
|
||||||
|
{
|
||||||
|
if (conn->keyexchange == KEY_EXCHANGE_IKEV2)
|
||||||
{
|
{
|
||||||
if (starter_charon_pid())
|
if (starter_charon_pid())
|
||||||
{
|
{
|
||||||
starter_stroke_route_conn(conn);
|
starter_stroke_route_conn(conn);
|
||||||
}
|
}
|
||||||
if (conn->keyexchange != KEY_EXCHANGE_IKEV2)
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
/* currently not routed, until pluto handles the keyexchange flag */
|
|
||||||
if (starter_pluto_pid())
|
if (starter_pluto_pid())
|
||||||
{
|
{
|
||||||
starter_whack_route_conn(conn);
|
starter_whack_route_conn(conn);
|
||||||
|
|
|
@ -234,6 +234,7 @@ starter_whack_add_conn(starter_conn_t *conn)
|
||||||
msg.whack_connection = TRUE;
|
msg.whack_connection = TRUE;
|
||||||
msg.name = connection_name(conn);
|
msg.name = connection_name(conn);
|
||||||
|
|
||||||
|
msg.ikev1 = conn->keyexchange != KEY_EXCHANGE_IKEV2;
|
||||||
msg.addr_family = conn->addr_family;
|
msg.addr_family = conn->addr_family;
|
||||||
msg.tunnel_addr_family = conn->tunnel_addr_family;
|
msg.tunnel_addr_family = conn->tunnel_addr_family;
|
||||||
msg.sa_ike_life_seconds = conn->sa_ike_life_seconds;
|
msg.sa_ike_life_seconds = conn->sa_ike_life_seconds;
|
||||||
|
|
|
@ -846,6 +846,9 @@ main(int argc, char **argv)
|
||||||
msg.ike = NULL;
|
msg.ike = NULL;
|
||||||
msg.pfsgroup = NULL;
|
msg.pfsgroup = NULL;
|
||||||
|
|
||||||
|
/* if a connection is added via whack then we assume IKEv1 */
|
||||||
|
msg.ikev1 = TRUE;
|
||||||
|
|
||||||
msg.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT;
|
msg.sa_ike_life_seconds = OAKLEY_ISAKMP_SA_LIFETIME_DEFAULT;
|
||||||
msg.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT;
|
msg.sa_ipsec_life_seconds = PLUTO_SA_LIFE_DURATION_DEFAULT;
|
||||||
msg.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT;
|
msg.sa_rekey_margin = SA_REPLACEMENT_MARGIN_DEFAULT;
|
||||||
|
|
|
@ -103,6 +103,7 @@ struct whack_message {
|
||||||
|
|
||||||
bool whack_connection;
|
bool whack_connection;
|
||||||
bool whack_async;
|
bool whack_async;
|
||||||
|
bool ikev1;
|
||||||
|
|
||||||
lset_t policy;
|
lset_t policy;
|
||||||
time_t sa_ike_life_seconds;
|
time_t sa_ike_life_seconds;
|
||||||
|
|
Loading…
Reference in New Issue