This commit is contained in:
parent
607d174dcb
commit
95806de938
|
@ -1,874 +0,0 @@
|
|||
diff -Naur strongswan-2.7.0/Makefile.inc strongswan-2.7.0-patched/Makefile.inc
|
||||
--- strongswan-2.7.0/Makefile.inc 2006-01-25 18:23:15.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/Makefile.inc 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -84,6 +84,8 @@
|
||||
FINALLIBDIR=$(INC_USRLOCAL)/lib/ipsec
|
||||
LIBDIR=$(DESTDIR)$(FINALLIBDIR)
|
||||
|
||||
+# sharedlibdir is where shared libraries go
|
||||
+SHAREDLIBDIR=$(DESTDIR)$(INC_USRLOCAL)/lib
|
||||
|
||||
# where the appropriate manpage tree is located
|
||||
# location within INC_USRLOCAL
|
||||
@@ -284,6 +286,9 @@
|
||||
# include PKCS11-based smartcard support
|
||||
USE_SMARTCARD?=false
|
||||
|
||||
+# support IKEv2 via charon
|
||||
+USE_IKEV2?=true
|
||||
+
|
||||
# Default PKCS11 library
|
||||
# Uncomment this line if using OpenSC <= 0.9.6
|
||||
PKCS11_DEFAULT_LIB=\"/usr/lib/pkcs11/opensc-pkcs11.so\"
|
||||
diff -Naur strongswan-2.7.0/programs/Makefile strongswan-2.7.0-patched/programs/Makefile
|
||||
--- strongswan-2.7.0/programs/Makefile 2006-04-17 13:04:45.000000000 +0200
|
||||
+++ strongswan-2.7.0-patched/programs/Makefile 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -32,6 +32,10 @@
|
||||
SUBDIRS+=showpolicy
|
||||
endif
|
||||
|
||||
+ifeq ($(USE_IKEV2),true)
|
||||
+SUBDIRS+=charon
|
||||
+endif
|
||||
+
|
||||
def:
|
||||
@echo "Please read doc/intro.html or INSTALL before running make"
|
||||
@false
|
||||
diff -Naur strongswan-2.7.0/programs/ipsec/ipsec.in strongswan-2.7.0-patched/programs/ipsec/ipsec.in
|
||||
--- strongswan-2.7.0/programs/ipsec/ipsec.in 2006-03-09 21:09:33.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/ipsec/ipsec.in 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -26,6 +26,7 @@
|
||||
export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
|
||||
|
||||
IPSEC_STARTER_PID="/var/run/starter.pid"
|
||||
+IPSEC_CHARON_PID="/var/run/charon.pid"
|
||||
|
||||
# standardize PATH, and export it for everything else's benefit
|
||||
PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
|
||||
@@ -123,6 +124,10 @@
|
||||
down)
|
||||
shift
|
||||
$IPSEC_EXECDIR/whack --name "$1" --terminate
|
||||
+ if test -e $IPSEC_CHARON_PID
|
||||
+ then
|
||||
+ $IPSEC_EXECDIR/stroke down "$1"
|
||||
+ fi
|
||||
exit 0
|
||||
;;
|
||||
listalgs|listpubkeys|listcerts|listcacerts|\
|
||||
@@ -134,6 +139,10 @@
|
||||
op="$1"
|
||||
shift
|
||||
$IPSEC_EXECDIR/whack "$@" "--$op"
|
||||
+ if test -e $IPSEC_CHARON_PID
|
||||
+ then
|
||||
+ $IPSEC_EXECDIR/stroke "$op"
|
||||
+ fi
|
||||
exit 0
|
||||
;;
|
||||
ready)
|
||||
@@ -180,8 +189,16 @@
|
||||
if test $# -eq 0
|
||||
then
|
||||
$IPSEC_EXECDIR/whack "--$op"
|
||||
+ if test -e $IPSEC_CHARON_PID
|
||||
+ then
|
||||
+ $IPSEC_EXECDIR/stroke "$op"
|
||||
+ fi
|
||||
else
|
||||
$IPSEC_EXECDIR/whack --name "$1" "--$op"
|
||||
+ if test -e $IPSEC_CHARON_PID
|
||||
+ then
|
||||
+ $IPSEC_EXECDIR/stroke "$op" "$1"
|
||||
+ fi
|
||||
fi
|
||||
exit 0
|
||||
;;
|
||||
@@ -198,6 +215,10 @@
|
||||
up)
|
||||
shift
|
||||
$IPSEC_EXECDIR/whack --name "$1" --initiate
|
||||
+ if test -e $IPSEC_CHARON_PID
|
||||
+ then
|
||||
+ $IPSEC_EXECDIR/stroke up "$1"
|
||||
+ fi
|
||||
exit 0
|
||||
;;
|
||||
update)
|
||||
diff -Naur strongswan-2.7.0/programs/pluto/Makefile strongswan-2.7.0-patched/programs/pluto/Makefile
|
||||
--- strongswan-2.7.0/programs/pluto/Makefile 2006-01-25 18:22:19.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/pluto/Makefile 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -170,6 +170,11 @@
|
||||
LIBSPLUTO+= -ldl
|
||||
endif
|
||||
|
||||
+# enable IKEv2 support
|
||||
+ifeq ($(USE_IKEV2),true)
|
||||
+ DEFINES+= -DIKEV2
|
||||
+endif
|
||||
+
|
||||
# This compile option activates the leak detective
|
||||
ifeq ($(USE_LEAK_DETECTIVE),true)
|
||||
DEFINES+= -DLEAK_DETECTIVE
|
||||
diff -Naur strongswan-2.7.0/programs/pluto/demux.c strongswan-2.7.0-patched/programs/pluto/demux.c
|
||||
--- strongswan-2.7.0/programs/pluto/demux.c 2005-02-18 22:08:59.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/pluto/demux.c 2006-04-28 08:56:13.000000000 +0200
|
||||
@@ -1196,6 +1196,21 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifdef IKEV2
|
||||
+#define IKEV2_VERSION_OFFSET 17
|
||||
+#define IKEV2_VERSION 0x20
|
||||
+
|
||||
+ /* ignore IKEv2 packets - they will be handled by charon */
|
||||
+ if (pbs_room(&md->packet_pbs) > IKEV2_VERSION_OFFSET
|
||||
+ && md->packet_pbs.start[IKEV2_VERSION_OFFSET] == IKEV2_VERSION)
|
||||
+ {
|
||||
+ DBG(DBG_CONTROLMORE,
|
||||
+ DBG_log(" ignoring IKEv2 packet")
|
||||
+ )
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+#endif /* IKEV2 */
|
||||
+
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
@@ -1229,6 +1244,7 @@
|
||||
if (md->packet_pbs.roof - md->packet_pbs.cur >= (ptrdiff_t)isakmp_hdr_desc.size)
|
||||
{
|
||||
struct isakmp_hdr *hdr = (struct isakmp_hdr *)md->packet_pbs.cur;
|
||||
+
|
||||
if ((hdr->isa_version >> ISA_MAJ_SHIFT) != ISAKMP_MAJOR_VERSION)
|
||||
{
|
||||
SEND_NOTIFICATION(INVALID_MAJOR_VERSION);
|
||||
diff -Naur strongswan-2.7.0/programs/starter/Makefile strongswan-2.7.0-patched/programs/starter/Makefile
|
||||
--- strongswan-2.7.0/programs/starter/Makefile 2006-02-17 20:34:02.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/starter/Makefile 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -34,6 +34,11 @@
|
||||
DEFINES+= -DLEAK_DETECTIVE
|
||||
endif
|
||||
|
||||
+# Enable charon support
|
||||
+ifeq ($(USE_IKEV2),true)
|
||||
+ DEFINES+= -DIKEV2
|
||||
+endif
|
||||
+
|
||||
INCLUDES=-I${FREESWANDIR}/linux/include
|
||||
CFLAGS=$(DEFINES) $(INCLUDES) -Wall
|
||||
CFLAGS+=-DIPSEC_EXECDIR=\"${FINALLIBEXECDIR}\" -DIPSEC_CONFDDIR=\"${FINALCONFDDIR}\"
|
||||
@@ -46,6 +51,11 @@
|
||||
starterwhack.o klips.o netkey.o interfaces.o exec.o cmp.o confread.o \
|
||||
loglite.o ${PLUTO_OBJS}
|
||||
|
||||
+# Build charon-only objs
|
||||
+ifeq ($(USE_IKEV2),true)
|
||||
+ OBJS+= invokecharon.o starterstroke.o
|
||||
+endif
|
||||
+
|
||||
DISTSRC=$(OBJS:.o=.c)
|
||||
DISTSRC+=cmp.h confread.h confwrite.h exec.h files.h interfaces.h klips.h netkey.h
|
||||
DISTSRC+=parser.h args.h invokepluto.h starterwhack.h keywords.h keywords.txt
|
||||
diff -Naur strongswan-2.7.0/programs/starter/args.c strongswan-2.7.0-patched/programs/starter/args.c
|
||||
--- strongswan-2.7.0/programs/starter/args.c 2006-04-17 12:32:36.000000000 +0200
|
||||
+++ strongswan-2.7.0-patched/programs/starter/args.c 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -86,6 +86,10 @@
|
||||
|
||||
static const char *LST_keyexchange[] = {
|
||||
"ike",
|
||||
+#ifdef IKEV2
|
||||
+ "ikev1",
|
||||
+ "ikev2",
|
||||
+#endif /* IKEV2 */
|
||||
NULL
|
||||
};
|
||||
|
||||
diff -Naur strongswan-2.7.0/programs/starter/files.h strongswan-2.7.0-patched/programs/starter/files.h
|
||||
--- strongswan-2.7.0/programs/starter/files.h 2006-02-04 19:52:58.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/starter/files.h 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -37,8 +37,15 @@
|
||||
#define SECRETS_FILE IPSEC_CONFDIR"/ipsec.secrets"
|
||||
|
||||
#define PLUTO_CMD IPSEC_EXECDIR"/pluto"
|
||||
-#define CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX
|
||||
-#define PID_FILE DEFAULT_CTLBASE PID_SUFFIX
|
||||
+#define PLUTO_CTL_FILE DEFAULT_CTLBASE CTL_SUFFIX
|
||||
+#define PLUTO_PID_FILE DEFAULT_CTLBASE PID_SUFFIX
|
||||
+
|
||||
+#ifdef IKEV2
|
||||
+#define CHARON_CMD IPSEC_EXECDIR"/charon"
|
||||
+#define CHARON_BASE "/var/run/charon"
|
||||
+#define CHARON_CTL_FILE CHARON_BASE CTL_SUFFIX
|
||||
+#define CHARON_PID_FILE CHARON_BASE PID_SUFFIX
|
||||
+#endif /* IKEV2 */
|
||||
|
||||
#define DYNIP_DIR "/var/run/dynip"
|
||||
#define INFO_FILE "/var/run/ipsec.info"
|
||||
diff -Naur strongswan-2.7.0/programs/starter/invokecharon.c strongswan-2.7.0-patched/programs/starter/invokecharon.c
|
||||
--- strongswan-2.7.0/programs/starter/invokecharon.c 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/starter/invokecharon.c 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -0,0 +1,174 @@
|
||||
+/* strongSwan charon launcher
|
||||
+ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
|
||||
+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
|
||||
+ *
|
||||
+ * Ported from invokepluto.c to fit charons needs.
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License as published by the
|
||||
+ * Free Software Foundation; either version 2 of the License, or (at your
|
||||
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
+ *
|
||||
+ * This program is distributed in the hope that it will be useful, but
|
||||
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * for more details.
|
||||
+ *
|
||||
+ * RCSID $Id: invokecharon.c $
|
||||
+ */
|
||||
+
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <unistd.h>
|
||||
+#include <signal.h>
|
||||
+#include <string.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <errno.h>
|
||||
+
|
||||
+#include <freeswan.h>
|
||||
+
|
||||
+#include "../pluto/constants.h"
|
||||
+#include "../pluto/defs.h"
|
||||
+#include "../pluto/log.h"
|
||||
+
|
||||
+#include "confread.h"
|
||||
+#include "invokecharon.h"
|
||||
+#include "files.h"
|
||||
+
|
||||
+static int _charon_pid = 0;
|
||||
+static int _stop_requested;
|
||||
+
|
||||
+pid_t
|
||||
+starter_charon_pid(void)
|
||||
+{
|
||||
+ return _charon_pid;
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+starter_charon_sigchild(pid_t pid)
|
||||
+{
|
||||
+ if (pid == _charon_pid)
|
||||
+ {
|
||||
+ _charon_pid = 0;
|
||||
+ if (!_stop_requested)
|
||||
+ {
|
||||
+ plog("charon has died -- restart scheduled (%dsec)"
|
||||
+ , CHARON_RESTART_DELAY);
|
||||
+ alarm(CHARON_RESTART_DELAY); // restart in 5 sec
|
||||
+ }
|
||||
+ unlink(CHARON_PID_FILE);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+starter_stop_charon (void)
|
||||
+{
|
||||
+ pid_t pid;
|
||||
+ int i;
|
||||
+
|
||||
+ pid = _charon_pid;
|
||||
+ if (pid)
|
||||
+ {
|
||||
+ _stop_requested = 1;
|
||||
+
|
||||
+ /* be more and more aggressive */
|
||||
+ for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
|
||||
+ {
|
||||
+ if (i == 0)
|
||||
+ kill(pid, SIGINT);
|
||||
+ else if (i < 10)
|
||||
+ kill(pid, SIGTERM);
|
||||
+ else
|
||||
+ kill(pid, SIGKILL);
|
||||
+ usleep(20000);
|
||||
+ }
|
||||
+ if (_charon_pid == 0)
|
||||
+ return 0;
|
||||
+ plog("starter_stop_charon(): can't stop charon !!!");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ plog("stater_stop_charon(): charon is not started...");
|
||||
+ }
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int
|
||||
+starter_start_charon (starter_config_t *cfg, bool debug)
|
||||
+{
|
||||
+ int pid, i;
|
||||
+ struct stat stb;
|
||||
+ int argc = 1;
|
||||
+ char *arg[] = {
|
||||
+ CHARON_CMD, NULL, NULL,
|
||||
+ };
|
||||
+
|
||||
+ if (!debug)
|
||||
+ {
|
||||
+ arg[argc++] = "--use-syslog";
|
||||
+ }
|
||||
+
|
||||
+ if (_charon_pid)
|
||||
+ {
|
||||
+ plog("starter_start_charon(): charon already started...");
|
||||
+ return -1;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ unlink(CHARON_CTL_FILE);
|
||||
+ _stop_requested = 0;
|
||||
+
|
||||
+ pid = fork();
|
||||
+ switch (pid)
|
||||
+ {
|
||||
+ case -1:
|
||||
+ plog("can't fork(): %s", strerror(errno));
|
||||
+ return -1;
|
||||
+ case 0:
|
||||
+ /* child */
|
||||
+ setsid();
|
||||
+ sigprocmask(SIG_SETMASK, 0, NULL);
|
||||
+ execv(arg[0], arg);
|
||||
+ plog("can't execv(%s,...): %s", arg[0], strerror(errno));
|
||||
+ exit(1);
|
||||
+ default:
|
||||
+ /* father */
|
||||
+ _charon_pid = pid;
|
||||
+ for (i = 0; i < 50 && _charon_pid; i++)
|
||||
+ {
|
||||
+ /* wait for charon */
|
||||
+ usleep(20000);
|
||||
+ if (stat(CHARON_PID_FILE, &stb) == 0)
|
||||
+ {
|
||||
+ DBG(DBG_CONTROL,
|
||||
+ DBG_log("charon (%d) started", _charon_pid)
|
||||
+ )
|
||||
+ return 0;
|
||||
+ }
|
||||
+ }
|
||||
+ if (_charon_pid)
|
||||
+ {
|
||||
+ /* If charon is started but with no ctl file, stop it */
|
||||
+ plog("charon too long to start... - kill kill");
|
||||
+ for (i = 0; i < 20 && (pid = _charon_pid) != 0; i++)
|
||||
+ {
|
||||
+ if (i == 0)
|
||||
+ kill(pid, SIGINT);
|
||||
+ else if (i < 10)
|
||||
+ kill(pid, SIGTERM);
|
||||
+ else
|
||||
+ kill(pid, SIGKILL);
|
||||
+ usleep(20000);
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ plog("charon refused to be started");
|
||||
+ }
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+ return -1;
|
||||
+}
|
||||
diff -Naur strongswan-2.7.0/programs/starter/invokecharon.h strongswan-2.7.0-patched/programs/starter/invokecharon.h
|
||||
--- strongswan-2.7.0/programs/starter/invokecharon.h 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/starter/invokecharon.h 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -0,0 +1,31 @@
|
||||
+/* strongSwan charon launcher
|
||||
+ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
|
||||
+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
|
||||
+ *
|
||||
+ * Ported from invokepluto.h to fit charons needs.
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License as published by the
|
||||
+ * Free Software Foundation; either version 2 of the License, or (at your
|
||||
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
+ *
|
||||
+ * This program is distributed in the hope that it will be useful, but
|
||||
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * for more details.
|
||||
+ *
|
||||
+ * RCSID $Id: invokecharon.h $
|
||||
+ */
|
||||
+
|
||||
+#ifndef _STARTER_CHARON_H_
|
||||
+#define _STARTER_CHARON_H_
|
||||
+
|
||||
+#define CHARON_RESTART_DELAY 5
|
||||
+
|
||||
+extern void starter_charon_sigchild (pid_t pid);
|
||||
+extern pid_t starter_charon_pid (void);
|
||||
+extern int starter_stop_charon (void);
|
||||
+extern int starter_start_charon(struct starter_config *cfg, bool debug);
|
||||
+
|
||||
+#endif /* _STARTER_CHARON_H_ */
|
||||
+
|
||||
diff -Naur strongswan-2.7.0/programs/starter/invokepluto.c strongswan-2.7.0-patched/programs/starter/invokepluto.c
|
||||
--- strongswan-2.7.0/programs/starter/invokepluto.c 2006-02-17 22:41:50.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/starter/invokepluto.c 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -54,7 +54,7 @@
|
||||
, PLUTO_RESTART_DELAY);
|
||||
alarm(PLUTO_RESTART_DELAY); // restart in 5 sec
|
||||
}
|
||||
- unlink(PID_FILE);
|
||||
+ unlink(PLUTO_PID_FILE);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -203,7 +203,7 @@
|
||||
}
|
||||
else
|
||||
{
|
||||
- unlink(CTL_FILE);
|
||||
+ unlink(PLUTO_CTL_FILE);
|
||||
_stop_requested = 0;
|
||||
|
||||
if (cfg->setup.prepluto)
|
||||
@@ -252,7 +252,7 @@
|
||||
{
|
||||
/* wait for pluto */
|
||||
usleep(20000);
|
||||
- if (stat(CTL_FILE, &stb) == 0)
|
||||
+ if (stat(PLUTO_CTL_FILE, &stb) == 0)
|
||||
{
|
||||
DBG(DBG_CONTROL,
|
||||
DBG_log("pluto (%d) started", _pluto_pid)
|
||||
diff -Naur strongswan-2.7.0/programs/starter/starter.c strongswan-2.7.0-patched/programs/starter/starter.c
|
||||
--- strongswan-2.7.0/programs/starter/starter.c 2006-02-15 19:37:46.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/starter/starter.c 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -37,6 +37,7 @@
|
||||
#include "files.h"
|
||||
#include "starterwhack.h"
|
||||
#include "invokepluto.h"
|
||||
+#include "invokecharon.h"
|
||||
#include "klips.h"
|
||||
#include "netkey.h"
|
||||
#include "cmp.h"
|
||||
@@ -47,6 +48,9 @@
|
||||
#define FLAG_ACTION_RELOAD 0x04
|
||||
#define FLAG_ACTION_QUIT 0x08
|
||||
#define FLAG_ACTION_LISTEN 0x10
|
||||
+#ifdef IKEV2
|
||||
+#define FLAG_ACTION_START_CHARON 0x20
|
||||
+#endif /* IKEV2 */
|
||||
|
||||
static unsigned int _action_ = 0;
|
||||
|
||||
@@ -65,6 +69,10 @@
|
||||
{
|
||||
if (pid == starter_pluto_pid())
|
||||
name = " (Pluto)";
|
||||
+#ifdef IKEV2
|
||||
+ if (pid == starter_charon_pid())
|
||||
+ name = " (Charon)";
|
||||
+#endif /* IKEV2 */
|
||||
if (WIFSIGNALED(status))
|
||||
DBG(DBG_CONTROL,
|
||||
DBG_log("child %d%s has been killed by sig %d\n",
|
||||
@@ -87,6 +95,10 @@
|
||||
|
||||
if (pid == starter_pluto_pid())
|
||||
starter_pluto_sigchild(pid);
|
||||
+#ifdef IKEV2
|
||||
+ if (pid == starter_charon_pid())
|
||||
+ starter_charon_sigchild(pid);
|
||||
+#endif /* IKEV2 */
|
||||
}
|
||||
}
|
||||
break;
|
||||
@@ -97,6 +109,9 @@
|
||||
|
||||
case SIGALRM:
|
||||
_action_ |= FLAG_ACTION_START_PLUTO;
|
||||
+#ifdef IKEV2
|
||||
+ _action_ |= FLAG_ACTION_START_CHARON;
|
||||
+#endif /* IKEV2 */
|
||||
break;
|
||||
|
||||
case SIGHUP:
|
||||
@@ -193,6 +208,9 @@
|
||||
signal(SIGQUIT, fsig);
|
||||
signal(SIGALRM, fsig);
|
||||
signal(SIGUSR1, fsig);
|
||||
+
|
||||
+
|
||||
+ plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
|
||||
|
||||
/* verify that we can start */
|
||||
if (getuid() != 0)
|
||||
@@ -201,12 +219,24 @@
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- if (stat(PID_FILE, &stb) == 0)
|
||||
+ if (stat(PLUTO_PID_FILE, &stb) == 0)
|
||||
{
|
||||
- plog("pluto is already running (%s exists) -- aborting", PID_FILE);
|
||||
- exit(1);
|
||||
+ plog("pluto is already running (%s exists) -- skipping pluto start", PLUTO_PID_FILE);
|
||||
}
|
||||
-
|
||||
+ else
|
||||
+ {
|
||||
+ _action_ |= FLAG_ACTION_START_PLUTO;
|
||||
+ }
|
||||
+#ifdef IKEV2
|
||||
+ if (stat(CHARON_PID_FILE, &stb) == 0)
|
||||
+ {
|
||||
+ plog("charon is already running (%s exists) -- skipping charon start", CHARON_PID_FILE);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ _action_ |= FLAG_ACTION_START_CHARON;
|
||||
+ }
|
||||
+#endif /* IKEV2 */
|
||||
if (stat(DEV_RANDOM, &stb) != 0)
|
||||
{
|
||||
plog("unable to start strongSwan IPsec -- no %s!", DEV_RANDOM);
|
||||
@@ -247,7 +277,11 @@
|
||||
|
||||
last_reload = time(NULL);
|
||||
|
||||
- plog("Starting strongSwan IPsec %s [starter]...", ipsec_version_code());
|
||||
+ if (stat(MY_PID_FILE, &stb) == 0)
|
||||
+ {
|
||||
+ plog("starter is already running (%s exists) -- no fork done", MY_PID_FILE);
|
||||
+ exit(0);
|
||||
+ }
|
||||
|
||||
/* fork if we're not debugging stuff */
|
||||
if (!no_fork)
|
||||
@@ -296,17 +330,19 @@
|
||||
, &cfg->defaultroute);
|
||||
}
|
||||
|
||||
- _action_ = FLAG_ACTION_START_PLUTO;
|
||||
-
|
||||
for (;;)
|
||||
{
|
||||
/*
|
||||
- * Stop pluto (if started) and exit
|
||||
- */
|
||||
+ * Stop pluto/charon (if started) and exit
|
||||
+ */
|
||||
if (_action_ & FLAG_ACTION_QUIT)
|
||||
{
|
||||
if (starter_pluto_pid())
|
||||
starter_stop_pluto();
|
||||
+#ifdef IKEV2
|
||||
+ if (starter_charon_pid())
|
||||
+ starter_stop_charon();
|
||||
+#endif IKEV2
|
||||
if (has_netkey)
|
||||
starter_netkey_cleanup();
|
||||
else
|
||||
@@ -337,6 +373,9 @@
|
||||
if (conn->state == STATE_ADDED)
|
||||
{
|
||||
starter_whack_del_conn(conn);
|
||||
+#ifdef IKEV2
|
||||
+ starter_stroke_del_conn(conn);
|
||||
+#endif /* IKEV2 */
|
||||
conn->state = STATE_TO_ADD;
|
||||
}
|
||||
}
|
||||
@@ -427,6 +466,9 @@
|
||||
{
|
||||
if (conn->state == STATE_ADDED)
|
||||
starter_whack_del_conn(conn);
|
||||
+#ifdef IKEV2
|
||||
+ starter_stroke_del_conn(conn);
|
||||
+#endif /* IKEV2 */
|
||||
}
|
||||
|
||||
/* Look for new ca sections that are already loaded */
|
||||
@@ -502,6 +544,27 @@
|
||||
conn->state = STATE_TO_ADD;
|
||||
}
|
||||
}
|
||||
+
|
||||
+#ifdef IKEV2
|
||||
+ /*
|
||||
+ * Start charon
|
||||
+ */
|
||||
+ if (_action_ & FLAG_ACTION_START_CHARON)
|
||||
+ {
|
||||
+ if (starter_charon_pid() == 0)
|
||||
+ {
|
||||
+ DBG(DBG_CONTROL,
|
||||
+ DBG_log("Attempting to start charon...")
|
||||
+ )
|
||||
+ if (starter_start_charon(cfg, no_fork) != 0)
|
||||
+ {
|
||||
+ /* schedule next try */
|
||||
+ alarm(PLUTO_RESTART_DELAY);
|
||||
+ }
|
||||
+ }
|
||||
+ _action_ &= ~FLAG_ACTION_START_CHARON;
|
||||
+ }
|
||||
+#endif /* IKEV2 */
|
||||
|
||||
/*
|
||||
* Tell pluto to reread its interfaces
|
||||
@@ -536,11 +599,36 @@
|
||||
conn->id = id++;
|
||||
}
|
||||
starter_whack_add_conn(conn);
|
||||
+#ifdef IKEV2
|
||||
+ starter_stroke_add_conn(conn);
|
||||
+#endif /* IKEV2 */
|
||||
conn->state = STATE_ADDED;
|
||||
if (conn->startup == STARTUP_START)
|
||||
- starter_whack_initiate_conn(conn);
|
||||
+ {
|
||||
+#ifdef IKEV2
|
||||
+ if (conn->keyexchange == 2)
|
||||
+ {
|
||||
+ starter_stroke_initiate_conn(conn);
|
||||
+ }
|
||||
+ else
|
||||
+#endif /* IKEV2 */
|
||||
+ {
|
||||
+ starter_whack_initiate_conn(conn);
|
||||
+ }
|
||||
+ }
|
||||
else if (conn->startup == STARTUP_ROUTE)
|
||||
- starter_whack_route_conn(conn);
|
||||
+ {
|
||||
+#ifdef IKEV2
|
||||
+ if (conn->keyexchange == 2)
|
||||
+ {
|
||||
+ starter_stroke_route_conn(conn);
|
||||
+ }
|
||||
+ else
|
||||
+#endif /* IKEV2 */
|
||||
+ {
|
||||
+ starter_whack_route_conn(conn);
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
||||
diff -Naur strongswan-2.7.0/programs/starter/starterstroke.c strongswan-2.7.0-patched/programs/starter/starterstroke.c
|
||||
--- strongswan-2.7.0/programs/starter/starterstroke.c 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/starter/starterstroke.c 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -0,0 +1,161 @@
|
||||
+/* Stroke for charon is the counterpart to whack from pluto
|
||||
+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License as published by the
|
||||
+ * Free Software Foundation; either version 2 of the License, or (at your
|
||||
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
+ *
|
||||
+ * This program is distributed in the hope that it will be useful, but
|
||||
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * for more details.
|
||||
+ *
|
||||
+ * RCSID $Id: starterstroke.c $
|
||||
+ */
|
||||
+
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/socket.h>
|
||||
+#include <sys/un.h>
|
||||
+#include <linux/stddef.h>
|
||||
+#include <unistd.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <errno.h>
|
||||
+#include <netinet/in.h>
|
||||
+#include <arpa/inet.h>
|
||||
+
|
||||
+#include <freeswan.h>
|
||||
+
|
||||
+#include "../pluto/constants.h"
|
||||
+#include "../pluto/defs.h"
|
||||
+#include "../pluto/log.h"
|
||||
+
|
||||
+#include "../charon/stroke/stroke.h"
|
||||
+
|
||||
+#include "starterstroke.h"
|
||||
+#include "confread.h"
|
||||
+#include "files.h"
|
||||
+
|
||||
+static char* push_string(stroke_msg_t **strm, char *string)
|
||||
+{
|
||||
+ stroke_msg_t *stroke_msg;
|
||||
+ size_t string_length;
|
||||
+
|
||||
+ if (string == NULL)
|
||||
+ {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ stroke_msg = *strm;
|
||||
+ string_length = strlen(string) + 1;
|
||||
+ stroke_msg->length += string_length;
|
||||
+
|
||||
+ stroke_msg = realloc(stroke_msg, stroke_msg->length);
|
||||
+ strcpy((char*)stroke_msg + stroke_msg->length - string_length, string);
|
||||
+
|
||||
+ *strm = stroke_msg;
|
||||
+ return (char*)(u_int)stroke_msg->length - string_length;
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+send_stroke_msg (stroke_msg_t *msg)
|
||||
+{
|
||||
+ struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
|
||||
+ int sock;
|
||||
+
|
||||
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
+ if (sock < 0)
|
||||
+ {
|
||||
+ plog("socket() failed: %s", strerror(errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (connect(sock, (struct sockaddr *)&ctl_addr,
|
||||
+ offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
|
||||
+ {
|
||||
+ plog("connect(charon_ctl) failed: %s", strerror(errno));
|
||||
+ close(sock);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* send message */
|
||||
+ if (write(sock, msg, msg->length) != msg->length)
|
||||
+ {
|
||||
+ plog("write(charon_ctl) failed: %s", strerror(errno));
|
||||
+ close(sock);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ close(sock);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static char *
|
||||
+connection_name(starter_conn_t *conn)
|
||||
+{
|
||||
+ /* if connection name is '%auto', create a new name like conn_xxxxx */
|
||||
+ static char buf[32];
|
||||
+
|
||||
+ if (streq(conn->name, "%auto"))
|
||||
+ {
|
||||
+ sprintf(buf, "conn_%ld", conn->id);
|
||||
+ return buf;
|
||||
+ }
|
||||
+ return conn->name;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int starter_stroke_add_conn(starter_conn_t *conn)
|
||||
+{
|
||||
+ stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
|
||||
+ int res;
|
||||
+
|
||||
+ msg->length = sizeof(stroke_msg_t);
|
||||
+ msg->type = STR_ADD_CONN;
|
||||
+
|
||||
+ msg->add_conn.name = push_string(&msg, connection_name(conn));
|
||||
+
|
||||
+ msg->add_conn.me.id = push_string(&msg, conn->left.id);
|
||||
+ msg->add_conn.me.cert = push_string(&msg, conn->left.cert);
|
||||
+ msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr));
|
||||
+ msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr));
|
||||
+ msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits;
|
||||
+
|
||||
+ msg->add_conn.other.id = push_string(&msg, conn->right.id);
|
||||
+ msg->add_conn.other.cert = push_string(&msg, conn->right.cert);
|
||||
+ msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr));
|
||||
+ msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr));
|
||||
+ msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits;
|
||||
+
|
||||
+ res = send_stroke_msg(msg);
|
||||
+ free(msg);
|
||||
+ return res;
|
||||
+}
|
||||
+
|
||||
+int starter_stroke_del_conn(starter_conn_t *conn)
|
||||
+{
|
||||
+ return 0;
|
||||
+}
|
||||
+int starter_stroke_route_conn(starter_conn_t *conn)
|
||||
+{
|
||||
+ stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
|
||||
+ int res;
|
||||
+
|
||||
+ msg->length = sizeof(stroke_msg_t);
|
||||
+ msg->type = STR_INSTALL;
|
||||
+ msg->install.name = push_string(&msg, connection_name(conn));
|
||||
+ res = send_stroke_msg(msg);
|
||||
+ free(msg);
|
||||
+ return res;
|
||||
+}
|
||||
+
|
||||
+int starter_stroke_initiate_conn(starter_conn_t *conn)
|
||||
+{
|
||||
+ stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
|
||||
+ int res;
|
||||
+
|
||||
+ msg->length = sizeof(stroke_msg_t);
|
||||
+ msg->type = STR_INITIATE;
|
||||
+ msg->initiate.name = push_string(&msg, connection_name(conn));
|
||||
+ res = send_stroke_msg(msg);
|
||||
+ free(msg);
|
||||
+ return res;
|
||||
+}
|
||||
diff -Naur strongswan-2.7.0/programs/starter/starterstroke.h strongswan-2.7.0-patched/programs/starter/starterstroke.h
|
||||
--- strongswan-2.7.0/programs/starter/starterstroke.h 1970-01-01 01:00:00.000000000 +0100
|
||||
+++ strongswan-2.7.0-patched/programs/starter/starterstroke.h 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -0,0 +1,27 @@
|
||||
+/* Stroke for charon is the counterpart to whack from pluto
|
||||
+ * Copyright (C) 2006 Martin Willi - Hochschule fuer Technik Rapperswil
|
||||
+ *
|
||||
+ * This program is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License as published by the
|
||||
+ * Free Software Foundation; either version 2 of the License, or (at your
|
||||
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
+ *
|
||||
+ * This program is distributed in the hope that it will be useful, but
|
||||
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * for more details.
|
||||
+ *
|
||||
+ * RCSID $Id: starterstroke.h $
|
||||
+ */
|
||||
+
|
||||
+#ifndef _STARTER_STROKE_H_
|
||||
+#define _STARTER_STROKE_H_
|
||||
+
|
||||
+#include "confread.h"
|
||||
+
|
||||
+extern int starter_stroke_add_conn(starter_conn_t *conn);
|
||||
+extern int starter_stroke_del_conn(starter_conn_t *conn);
|
||||
+extern int starter_stroke_route_conn(starter_conn_t *conn);
|
||||
+extern int starter_stroke_initiate_conn(starter_conn_t *conn);
|
||||
+
|
||||
+#endif /* _STARTER_STROKE_H_ */
|
||||
diff -Naur strongswan-2.7.0/programs/starter/starterwhack.c strongswan-2.7.0-patched/programs/starter/starterwhack.c
|
||||
--- strongswan-2.7.0/programs/starter/starterwhack.c 2006-04-17 12:32:36.000000000 +0200
|
||||
+++ strongswan-2.7.0-patched/programs/starter/starterwhack.c 2006-04-28 08:56:38.000000000 +0200
|
||||
@@ -54,7 +54,7 @@
|
||||
static int
|
||||
send_whack_msg (whack_message_t *msg)
|
||||
{
|
||||
- struct sockaddr_un ctl_addr = { AF_UNIX, CTL_FILE };
|
||||
+ struct sockaddr_un ctl_addr = { AF_UNIX, PLUTO_CTL_FILE };
|
||||
int sock;
|
||||
ssize_t len;
|
||||
char *str_next, *str_roof;
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,13 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
while [ 1 ]
|
||||
do
|
||||
ip x p f
|
||||
ip x s f
|
||||
rm /var/run/charon.*
|
||||
make
|
||||
bin/charon
|
||||
echo ""
|
||||
echo "----------------------------"
|
||||
echo ""
|
||||
done
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
FILES=`find . -name '*.[ch]'`
|
||||
for FILE in $FILES
|
||||
do
|
||||
TMP=${FILE}_tmp
|
||||
sed "/$1/d" < $FILE > $TMP
|
||||
mv $TMP $FILE
|
||||
done
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
FILES=`find . -name '*.[ch]'`
|
||||
for FILE in $FILES
|
||||
do
|
||||
TMP=${FILE}_tmp
|
||||
sed "s/$1/$2/g" < $FILE > $TMP
|
||||
mv $TMP $FILE
|
||||
done
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# enable ip forwarding for gateway
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
|
||||
# add connection to alice
|
||||
MY_ADDR=192.168.0.2 # Address of local peer
|
||||
OTHER_ADDR=192.168.0.1 # Address of remote peer
|
||||
MY_ID="C=CH, O=Linux strongSwan, CN=bob" # ID of local peer
|
||||
OTHER_ID="C=CH, O=Linux strongSwan, CN=alice" # ID of remote peer
|
||||
MY_NET=10.2.0.0 # protected local subnet
|
||||
OTHER_NET=10.1.0.0 # protected remote subnet
|
||||
MY_BITS=16 # size of subnet
|
||||
OTHER_BITS=16 # size of subnet
|
||||
CONN_NAME=to-alice # connection name
|
||||
|
||||
bin/stroke add $CONN_NAME "$MY_ID" "$OTHER_ID" $MY_ADDR $OTHER_ADDR $MY_NET $OTHER_NET $MY_BITS $OTHER_BITS
|
||||
|
||||
# initiate
|
||||
i=0
|
||||
LIMIT=1
|
||||
|
||||
while [ "$i" -lt "$LIMIT" ]
|
||||
do
|
||||
bin/stroke up $CONN_NAME
|
||||
let "i += 1"
|
||||
done
|
|
@ -1,27 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# enable ip forwarding for gateway
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
|
||||
# add connection to bob
|
||||
MY_ADDR=192.168.0.1 # Address of local peer
|
||||
OTHER_ADDR=192.168.0.2 # Address of remote peer
|
||||
MY_ID="C=CH, O=Linux strongSwan, CN=alice" # ID of local peer
|
||||
OTHER_ID="C=CH, O=Linux strongSwan, CN=bob" # ID of remote peer
|
||||
MY_NET=10.1.0.0 # protected local subnet
|
||||
OTHER_NET=10.2.0.0 # protected remote subnet
|
||||
MY_BITS=16 # size of subnet
|
||||
OTHER_BITS=16 # size of subnet
|
||||
CONN_NAME=to-bob # connection name
|
||||
|
||||
bin/stroke add $CONN_NAME "$MY_ID" "$OTHER_ID" $MY_ADDR $OTHER_ADDR $MY_NET $OTHER_NET $MY_BITS $OTHER_BITS
|
||||
|
||||
# initiate
|
||||
i=0
|
||||
LIMIT=0
|
||||
|
||||
while [ "$i" -lt "$LIMIT" ]
|
||||
do
|
||||
bin/stroke up $CONN_NAME
|
||||
let "i += 1"
|
||||
done
|
Loading…
Reference in New Issue