ike: Add an additional but separate AEAD proposal to CHILD config
This currently has no effect: We don't include AEAD algorithms in the default ESP proposal, as we don't know if it is supported by the backend. But as we hopefully get an algorithm query mechanism on kernel interfaces some day, we add the appropriate functionality nonetheless.
This commit is contained in:
Martin Willi
parent
879e3d12ca
commit
8d74ec9e80
|
|
@ -358,6 +358,8 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this,
|
|||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg,
|
||||
proposal_create_default_aead(PROTO_ESP));
|
||||
}
|
||||
while (this->local_ts->remove_first(this->local_ts, (void**)&ts) == SUCCESS)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -566,6 +566,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
|||
ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp,
|
||||
0, 0, NULL, NULL, 0);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
|
||||
|
|
|
|||
|
|
@ -181,6 +181,8 @@ static child_cfg_t *load_child_config(private_config_t *this,
|
|||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg,
|
||||
proposal_create_default_aead(PROTO_ESP));
|
||||
}
|
||||
|
||||
token = settings->get_str(settings, "configs.%s.%s.lts", NULL, config, child);
|
||||
|
|
|
|||
|
|
@ -141,6 +141,7 @@ static child_cfg_t* create_child_cfg(char *name)
|
|||
"aes128gcm8-aes128gcm12-aes128gcm16-"
|
||||
"aes256gcm8-aes256gcm12-aes256gcm16"));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
|
||||
|
|
|
|||
|
|
@ -236,6 +236,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
|
|||
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||
|
||||
this->backend.cfg = peer_cfg;
|
||||
|
|
|
|||
|
|
@ -352,6 +352,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
|
|||
TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE,
|
||||
ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0",
|
||||
|
|
|
|||
|
|
@ -169,6 +169,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
|
|||
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
|
||||
0, 0, NULL, NULL, 0);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
|
||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||
|
|
@ -243,6 +244,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
|
|||
ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE,
|
||||
0, 0, NULL, NULL, 0);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
|
||||
this->current->add_child_cfg(this->current, child_cfg);
|
||||
|
|
|
|||
|
|
@ -153,6 +153,7 @@ static void add_esp_proposals(private_sql_config_t *this,
|
|||
if (use_default)
|
||||
{
|
||||
child->add_proposal(child, proposal_create_default(PROTO_ESP));
|
||||
child->add_proposal(child, proposal_create_default_aead(PROTO_ESP));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -179,6 +179,7 @@ static void add_proposals(private_stroke_config_t *this, char *string,
|
|||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(proto));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(proto));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1350,8 +1350,16 @@ CALLBACK(children_sn, bool,
|
|||
}
|
||||
if (child.proposals->get_count(child.proposals) == 0)
|
||||
{
|
||||
child.proposals->insert_last(child.proposals,
|
||||
proposal_create_default(PROTO_ESP));
|
||||
proposal = proposal_create_default(PROTO_ESP);
|
||||
if (proposal)
|
||||
{
|
||||
child.proposals->insert_last(child.proposals, proposal);
|
||||
}
|
||||
proposal = proposal_create_default_aead(PROTO_ESP);
|
||||
if (proposal)
|
||||
{
|
||||
child.proposals->insert_last(child.proposals, proposal);
|
||||
}
|
||||
}
|
||||
|
||||
/* if no hard lifetime specified, add one at soft lifetime + 10% */
|
||||
|
|
|
|||
Loading…
Reference in New Issue