ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

- first attempt for connection loading and starting via "stroke" 

- some improvements here and there
This commit is contained in:
Martin Willi 2006-03-14 13:22:48 +00:00
parent 8a49112907
commit b1953ccd05
20 changed files with 465 additions and 266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Source/charon/Makefile
View File

@ -18,7 +18,7 @@ MAIN_DIR= ./
LDFLAGS= -lgmp -lpthread
CFLAGS+= -Wall -I. -g -DLEAK_DETECTIVE
CFLAGS+= -I. -Wall -g -DLEAK_DETECTIVE
# objects is extended by each included Makefile
OBJS=

4
Source/charon/config/Makefile.config
View File

@ -36,6 +36,6 @@ OBJS+= $(BUILD_DIR)static_configuration.o
$(BUILD_DIR)static_configuration.o : $(CONFIG_DIR)static_configuration.c $(CONFIG_DIR)static_configuration.h
$(CC) $(CFLAGS) -c -o $@ $<
OBJS+= $(BUILD_DIR)starter_configuration.o
$(BUILD_DIR)starter_configuration.o : $(CONFIG_DIR)starter_configuration.c $(CONFIG_DIR)starter_configuration.h
OBJS+= $(BUILD_DIR)stroke_configuration.o
$(BUILD_DIR)stroke_configuration.o : $(CONFIG_DIR)stroke_configuration.c $(CONFIG_DIR)stroke_configuration.h
$(CC) $(CFLAGS) -c -o $@ $<

6
Source/charon/config/init_config.c
View File

@ -215,7 +215,7 @@ static void destroy (private_init_config_t *this)
/**
* Described in header.
*/
init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_port, u_int16_t other_port)
init_config_t * init_config_create(host_t *me, host_t *other)
{
private_init_config_t *this = allocator_alloc_thing(private_init_config_t);
@ -232,8 +232,8 @@ init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_po
this->public.destroy = (void(*)(init_config_t*))destroy;
/* private variables */
this->my_host = host_create(AF_INET,my_ip, my_port);
this->other_host = host_create(AF_INET,other_ip, other_port);
this->my_host = me;
this->other_host = other;
this->proposals = linked_list_create();

12
Source/charon/config/init_config.h
View File

@ -148,12 +148,18 @@ struct init_config_t {
};
/**
* @brief Creates a init_config_t object.
* @brief Creates a init_config_t object from two host_t's.
*
* Supplied hosts become owned by init_config, so
* do not modify or destroy them after a call to
* init_config_create_from_hosts().
*
* @param me host_t object representing local address
* @param other host_t object representing remote address
* @return init_config_t object.
*
* @ingroup config
*/
init_config_t * init_config_create(char *my_ip, char *other_ip, u_int16_t my_port, u_int16_t other_port);
init_config_t * init_config_create(host_t *me, host_t *other);
#endif //_INIT_CONFIG_H_
#endif /* _INIT_CONFIG_H_ */

60
Source/charon/config/starter_configuration.h
View File

@ -1,60 +0,0 @@
/**
* @file starter_configuration_t.h
*
* @brief Interface of starter_configuration_t.
*
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef STARTER_CONFIGURATION_H_
#define STARTER_CONFIGURATION_H_
#include <config/configuration.h>
typedef struct starter_configuration_t starter_configuration_t;
/**
* @brief A config backend which uses the ipsec starter
* from pluto, wich parses config files.
*
* This configuration implementation opens a Whack-Socket
* and waits for input from ipsec starter.
*
* @b Constructors:
* - starter_configuration_create()
*
* @ingroup config
*/
struct starter_configuration_t {
/**
* Implements configuration_t interface
*/
configuration_t configuration_interface;
};
/**
* @brief Creates an configuration using ipsec starter as input.
*
* @return starter_configuration_t object
*
* @ingroup config
*/
starter_configuration_t *starter_configuration_create();
#endif /*STARTER_CONFIGURATION_H_*/

10
Source/charon/config/static_configuration.c
View File

@ -297,9 +297,15 @@ static void load_default_config (private_static_configuration_t *this)
proposal_t *proposal;
sa_config_t *sa_config_a, *sa_config_b;
traffic_selector_t *ts;
host_t *alice, *bob, *any;
init_config_a = init_config_create("0.0.0.0","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
init_config_b = init_config_create("0.0.0.0","192.168.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
bob = host_create(AF_INET, "192.168.0.2", IKEV2_UDP_PORT);
any = host_create(AF_INET, "0.0.0.0", IKEV2_UDP_PORT);
init_config_a = init_config_create(any, bob);
alice = host_create(AF_INET, "192.168.0.1", IKEV2_UDP_PORT);
any = host_create(AF_INET, "0.0.0.0", IKEV2_UDP_PORT);
init_config_b = init_config_create(any, alice);
/* IKE proposals for alice */
proposal = proposal_create(1);

228
Source/charon/config/starter_configuration.c → Source/charon/config/stroke_configuration.c
View File

@ -1,7 +1,7 @@
/**
* @file starter_configuration.c
* @file stroke_configuration.c
*
* @brief Implementation of starter_configuration_t.
* @brief Implementation of stroke_configuration_t.
*
*/
@ -30,12 +30,12 @@
#include <errno.h>
#include <pthread.h>
#include "starter_configuration.h"
#include "stroke_configuration.h"
#include <types.h>
#include <daemon.h>
#include <utils/allocator.h>
#include <queues/jobs/initiate_ike_sa_job.h>
/**
* First retransmit timeout in milliseconds.
@ -57,7 +57,7 @@
#define MAX_RETRANSMIT_COUNT 0
struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/pluto.ctl"};
struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/charon.ctl"};
typedef struct preshared_secret_entry_t preshared_secret_entry_t;
@ -182,17 +182,17 @@ static configuration_entry_t * configuration_entry_create(char * name, init_conf
return entry;
}
typedef struct private_starter_configuration_t private_starter_configuration_t;
typedef struct private_stroke_configuration_t private_stroke_configuration_t;
/**
* Private data of an starter_configuration_t object.
* Private data of an stroke_configuration_t object.
*/
struct private_starter_configuration_t {
struct private_stroke_configuration_t {
/**
* Public part of starter_configuration_t object.
* Public part of stroke_configuration_t object.
*/
starter_configuration_t public;
stroke_configuration_t public;
/**
* Holding all configurations.
@ -257,7 +257,7 @@ struct private_starter_configuration_t {
* @param init_config init_config_t object
* @param sa_config sa_config_t object
*/
void (*add_new_configuration) (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
void (*add_new_configuration) (private_stroke_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
/**
* Adds a new preshared secret.
@ -267,7 +267,7 @@ struct private_starter_configuration_t {
* @param id_string identification as string
* @param preshared_secret preshared secret as string
*/
void (*add_new_preshared_secret) (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret);
void (*add_new_preshared_secret) (private_stroke_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret);
/**
* Adds a new rsa private key.
@ -278,7 +278,7 @@ struct private_starter_configuration_t {
* @param key_pos location of key
* @param key_len length of key
*/
void (*add_new_rsa_private_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
void (*add_new_rsa_private_key) (private_stroke_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
/**
* Adds a new rsa public key.
@ -289,17 +289,39 @@ struct private_starter_configuration_t {
* @param key_pos location of key
* @param key_len length of key
*/
void (*add_new_rsa_public_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
void (*add_new_rsa_public_key) (private_stroke_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
void (*whack_receive) (private_starter_configuration_t *this);
void (*whack_receive) (private_stroke_configuration_t *this);
};
/**
* Implementation of private_starter_configuration_t.listen.
*/
static void whack_receive(private_starter_configuration_t *this)
extern u_int8_t public_key_1[];
extern u_int8_t private_key_1[];
extern u_int8_t public_key_2[];
extern u_int8_t private_key_2[];
static void fix_string(stroke_msg_t *msg, char **string)
{
u_int8_t buffer[5000];
/* check for sanity of string pointer and string */
if (string < (char**)msg ||
string > (char**)msg + sizeof(stroke_msg_t) ||
*string < (char*)msg->buffer - (u_int)msg ||
*string > (char*)(u_int)msg->length)
{
*string = "(invalid char* in stroke msg)";
}
else
{
*string = (char*)msg + (u_int)*string;
}
}
/**
* Implementation of private_stroke_configuration_t.listen.
*/
static void whack_receive(private_stroke_configuration_t *this)
{
stroke_msg_t *msg;
u_int16_t msg_length;
struct sockaddr_un whackaddr;
int whackaddrlen = sizeof(whackaddr);
ssize_t n;
@ -311,33 +333,121 @@ static void whack_receive(private_starter_configuration_t *this)
if (whackfd < 0)
{
this->logger->log(this->logger, ERROR, "accept() failed in whack_handle()");
this->logger->log(this->logger, ERROR, "accepting stroke connection failed");
continue;
}
if (fcntl(whackfd, F_SETFD, FD_CLOEXEC) < 0)
/* peek the length */
n = recv(whackfd, &msg_length, sizeof(msg_length), MSG_PEEK);
if (n != sizeof(msg_length))
{
this->logger->log(this->logger, ERROR, "failed to set CLOEXEC in whack_handle()");
this->logger->log(this->logger, ERROR, "reading lenght of stroke message failed");
close(whackfd);
continue;
}
n = read(whackfd, &buffer, sizeof(buffer));
if (n == -1)
/* read message */
msg = allocator_alloc(msg_length);
n = recv(whackfd, msg, msg_length, 0);
if (n != msg_length)
{
this->logger->log(this->logger, ERROR, "read() failed in whack_handle()");
this->logger->log(this->logger, ERROR, "reading stroke message failed");
close(whackfd);
continue;
}
this->logger->log_bytes(this->logger, CONTROL, "Whackinput", buffer, n);
this->logger->log_bytes(this->logger, RAW|LEVEL1, "Whackinput", (void*)msg, msg_length);
switch (msg->type)
{
case STR_INITIATE:
{
initiate_ike_sa_job_t *job;
fix_string(msg, &(msg->initiate.name));
this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: initiate \"%s\"", msg->initiate.name);
job = initiate_ike_sa_job_create(msg->initiate.name);
charon->job_queue->add(charon->job_queue, (job_t*)job);
break;
}
case STR_INSTALL:
{
fix_string(msg, &(msg->install.name));
this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: install \"%s\"", msg->install.name);
break;
}
case STR_ADD_CONN:
{
sa_config_t *sa_config;
init_config_t *init_config;
host_t *me, *other;
proposal_t *proposal;
traffic_selector_t *ts;
this->logger->log(this->logger, CONTROL|LEVEL1, "my id is: \"%p\"", msg->add_conn.me.id);
this->logger->log(this->logger, CONTROL|LEVEL1, "other id is: \"%p\"", msg->add_conn.other.id);
fix_string(msg, &msg->add_conn.name);
fix_string(msg, &msg->add_conn.me.id);
fix_string(msg, &msg->add_conn.other.id);
this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: add connection \"%s\"", msg->add_conn.name);
msg->add_conn.me.address.v4.sin_port = htons(500);
msg->add_conn.other.address.v4.sin_port = htons(500);
me = host_create_from_sockaddr(&msg->add_conn.me.address.saddr);
other = host_create_from_sockaddr(&msg->add_conn.other.address.saddr);
init_config = init_config_create(me, other);
proposal = proposal_create(1);
proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0);
proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
init_config->add_proposal(init_config, proposal);
this->logger->log(this->logger, CONTROL|LEVEL1, "my id is: \"%s\"", msg->add_conn.me.id);
this->logger->log(this->logger, CONTROL|LEVEL1, "other id is: \"%s\"", msg->add_conn.other.id);
sa_config = sa_config_create(ID_IPV4_ADDR, msg->add_conn.me.id,
ID_IPV4_ADDR, msg->add_conn.other.id,
SHARED_KEY_MESSAGE_INTEGRITY_CODE, 30000);
this->add_new_preshared_secret(this, ID_IPV4_ADDR, "192.168.0.1","verschluesselt");
this->add_new_preshared_secret(this, ID_IPV4_ADDR, "192.168.0.2","verschluesselt");
proposal = proposal_create(1);
proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
sa_config->add_proposal(sa_config, proposal);
me = host_create_from_sockaddr(&msg->add_conn.me.subnet.saddr);
ts = traffic_selector_create_from_subnet(me, msg->add_conn.me.subnet_netbits);
sa_config->add_my_traffic_selector(sa_config,ts);
chunk_t chunk = ts->get_to_address(ts);
this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "my toaddr", &chunk);
other = host_create_from_sockaddr(&msg->add_conn.other.subnet.saddr);
ts = traffic_selector_create_from_subnet(other, msg->add_conn.other.subnet_netbits);
sa_config->add_other_traffic_selector(sa_config,ts);
chunk = ts->get_to_address(ts);
this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "other toaddr", &chunk);
this->add_new_configuration(this, msg->add_conn.name, init_config, sa_config);
this->logger->log(this->logger, CONTROL|LEVEL1, "connection added \"%s\"", msg->add_conn.name);
break;
}
case STR_DEL_CONN:
default:
this->logger->log(this->logger, ERROR, "received invalid stroke");
}
allocator_free(msg);
}
}
/**
* Implementation of starter_configuration_t.get_init_config_for_host.
* Implementation of stroke_configuration_t.get_init_config_for_host.
*/
static status_t get_init_config_for_host (private_starter_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
static status_t get_init_config_for_host (private_stroke_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
{
iterator_t *iterator;
status_t status = NOT_FOUND;
@ -407,9 +517,9 @@ static status_t get_init_config_for_host (private_starter_configuration_t *this,
}
/**
* Implementation of starter_configuration_t.get_init_config_for_name.
* Implementation of stroke_configuration_t.get_init_config_for_name.
*/
static status_t get_init_config_for_name (private_starter_configuration_t *this, char *name, init_config_t **init_config)
static status_t get_init_config_for_name (private_stroke_configuration_t *this, char *name, init_config_t **init_config)
{
iterator_t *iterator;
status_t status = NOT_FOUND;
@ -437,9 +547,9 @@ static status_t get_init_config_for_name (private_starter_configuration_t *this,
}
/**
* Implementation of starter_configuration_t.get_sa_config_for_name.
* Implementation of stroke_configuration_t.get_sa_config_for_name.
*/
static status_t get_sa_config_for_name (private_starter_configuration_t *this, char *name, sa_config_t **sa_config)
static status_t get_sa_config_for_name (private_stroke_configuration_t *this, char *name, sa_config_t **sa_config)
{
iterator_t *iterator;
status_t status = NOT_FOUND;
@ -466,9 +576,9 @@ static status_t get_sa_config_for_name (private_starter_configuration_t *this, c
}
/**
* Implementation of starter_configuration_t.get_sa_config_for_init_config_and_id.
* Implementation of stroke_configuration_t.get_sa_config_for_init_config_and_id.
*/
static status_t get_sa_config_for_init_config_and_id (private_starter_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
static status_t get_sa_config_for_init_config_and_id (private_stroke_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
{
iterator_t *iterator;
status_t status = NOT_FOUND;
@ -517,9 +627,9 @@ static status_t get_sa_config_for_init_config_and_id (private_starter_configurat
}
/**
* Implementation of private_starter_configuration_t.add_new_configuration.
* Implementation of private_stroke_configuration_t.add_new_configuration.
*/
static void add_new_configuration (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
static void add_new_configuration (private_stroke_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
{
iterator_t *iterator;
bool found;
@ -564,9 +674,9 @@ static void add_new_configuration (private_starter_configuration_t *this, char *
}
/**
* Implementation of private_starter_configuration_t.add_new_preshared_secret.
* Implementation of private_stroke_configuration_t.add_new_preshared_secret.
*/
static void add_new_preshared_secret (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret)
static void add_new_preshared_secret (private_stroke_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret)
{
preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t);
@ -579,9 +689,9 @@ static void add_new_preshared_secret (private_starter_configuration_t *this,id_t
}
/**
* Implementation of private_starter_configuration_t.add_new_preshared_secret.
* Implementation of private_stroke_configuration_t.add_new_preshared_secret.
*/
static void add_new_rsa_public_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
static void add_new_rsa_public_key (private_stroke_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
{
chunk_t key;
key.ptr = key_pos;
@ -597,9 +707,9 @@ static void add_new_rsa_public_key (private_starter_configuration_t *this, id_ty
}
/**
* Implementation of private_starter_configuration_t.add_new_preshared_secret.
* Implementation of private_stroke_configuration_t.add_new_preshared_secret.
*/
static void add_new_rsa_private_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
static void add_new_rsa_private_key (private_stroke_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
{
chunk_t key;
key.ptr = key_pos;
@ -615,9 +725,9 @@ static void add_new_rsa_private_key (private_starter_configuration_t *this, id_t
}
/**
* Implementation of starter_configuration_t.get_shared_secret.
* Implementation of stroke_configuration_t.get_shared_secret.
*/
static status_t get_shared_secret(private_starter_configuration_t *this, identification_t *identification, chunk_t *preshared_secret)
static status_t get_shared_secret(private_stroke_configuration_t *this, identification_t *identification, chunk_t *preshared_secret)
{
iterator_t *iterator;
@ -638,9 +748,9 @@ static status_t get_shared_secret(private_starter_configuration_t *this, identif
}
/**
* Implementation of starter_configuration_t.get_shared_secret.
* Implementation of stroke_configuration_t.get_shared_secret.
*/
static status_t get_rsa_public_key(private_starter_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key)
static status_t get_rsa_public_key(private_stroke_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key)
{
iterator_t *iterator;
@ -661,9 +771,9 @@ static status_t get_rsa_public_key(private_starter_configuration_t *this, identi
}
/**
* Implementation of starter_configuration_t.get_shared_secret.
* Implementation of stroke_configuration_t.get_shared_secret.
*/
static status_t get_rsa_private_key(private_starter_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key)
static status_t get_rsa_private_key(private_stroke_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key)
{
iterator_t *iterator;
@ -684,9 +794,9 @@ static status_t get_rsa_private_key(private_starter_configuration_t *this, ident
}
/**
* Implementation of starter_configuration_t.get_retransmit_timeout.
* Implementation of stroke_configuration_t.get_retransmit_timeout.
*/
static status_t get_retransmit_timeout (private_starter_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
static status_t get_retransmit_timeout (private_stroke_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
{
int new_timeout = this->first_retransmit_timeout, i;
if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0))
@ -706,17 +816,17 @@ static status_t get_retransmit_timeout (private_starter_configuration_t *this, u
}
/**
* Implementation of starter_configuration_t.get_half_open_ike_sa_timeout.
* Implementation of stroke_configuration_t.get_half_open_ike_sa_timeout.
*/
static u_int32_t get_half_open_ike_sa_timeout (private_starter_configuration_t *this)
static u_int32_t get_half_open_ike_sa_timeout (private_stroke_configuration_t *this)
{
return this->half_open_ike_sa_timeout;
}
/**
* Implementation of starter_configuration_t.destroy.
* Implementation of stroke_configuration_t.destroy.
*/
static void destroy(private_starter_configuration_t *this)
static void destroy(private_stroke_configuration_t *this)
{
this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend ");
@ -790,9 +900,9 @@ static void destroy(private_starter_configuration_t *this)
/*
* Described in header-file
*/
starter_configuration_t *starter_configuration_create()
stroke_configuration_t *stroke_configuration_create()
{
private_starter_configuration_t *this = allocator_alloc_thing(private_starter_configuration_t);
private_stroke_configuration_t *this = allocator_alloc_thing(private_stroke_configuration_t);
mode_t old;
bool on = TRUE;

111
Source/charon/config/stroke_configuration.h Normal file
View File

@ -0,0 +1,111 @@
/**
* @file stroke_configuration_t.h
*
* @brief Interface of stroke_configuration_t.
*
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef STROKE_CONFIGURATION_H
#define STROKE_CONFIGURATION_H
#include <config/configuration.h>
/**
* @brief A message sent over the unix socket.
*
*/
typedef struct stroke_msg_t stroke_msg_t;
struct stroke_msg_t {
/* length of this message with all strings */
u_int16_t length;
/* type of the message */
enum {
/* initiate a connection */
STR_INITIATE,
/* install SPD entries for a connection */
STR_INSTALL,
/* add a connection */
STR_ADD_CONN,
/* delete a connection */
STR_DEL_CONN,
/* more to come */
} type;
union {
/* data for STR_INITIATE, STR_INSTALL */
struct {
char *name;
} initiate, install;
/* data for STR_ADD_CONN */
struct {
char *name;
struct {
union {
u_int16_t family;
struct sockaddr saddr;
struct sockaddr_in v4;
struct sockaddr_in6 v6;
} address;
char *id;
union {
u_int16_t family;
struct sockaddr saddr;
struct sockaddr_in v4;
struct sockaddr_in6 v6;
} subnet;
u_int8_t subnet_netbits;
} me, other;
} add_conn;
};
u_int8_t buffer[];
};
typedef struct stroke_configuration_t stroke_configuration_t;
/**
* @brief A config backend which uses a unix socket.
*
* Allows config manipulation (as whack in pluto). This config
* is used by the ipsec_starter utility. This configuration
* implementation opens a socket at /var/run/charon.ctl and
* waits for input from ipsec starter.
*
* @b Constructors:
* - stroke_configuration_create()
*
* @ingroup config
*/
struct stroke_configuration_t {
/**
* Implements configuration_t interface
*/
configuration_t configuration_interface;
};
/**
* @brief Creates an configuration with a unix socket interface.
*
* @return stroke_configuration_t object
*
* @ingroup config
*/
stroke_configuration_t *stroke_configuration_create();
#endif /*STROKE_CONFIGURATION_H*/

69
Source/charon/config/traffic_selector.c
View File

@ -50,14 +50,14 @@ struct private_traffic_selector_t {
u_int8_t protocol;
/**
* begin of address range
* begin of address range, host order
*/
union {
u_int32_t from_addr_ipv4;
};
/**
* end of address range
* end of address range, host order
*/
union {
u_int32_t to_addr_ipv4;
@ -75,7 +75,7 @@ struct private_traffic_selector_t {
};
/**
* internal generic constructor
* internal generic constructor
*/
static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port);
@ -206,6 +206,36 @@ static u_int8_t get_protocol(private_traffic_selector_t *this)
return this->protocol;
}
/**
* Implements traffic_selector_t.get_netmask.
*/
static u_int8_t get_netmask(private_traffic_selector_t *this)
{
switch (this->type)
{
case TS_IPV4_ADDR_RANGE:
{
u_int32_t from, to, bit;
from = htonl(this->from_addr_ipv4);
to = htonl(this->to_addr_ipv4);
printf("%x - %x\n", from, to);
for (bit = 0; bit < 32; bit++)
{
if ((1<<bit & from) != (1<<bit & to))
{
return bit;
}
}
return 0;
}
case TS_IPV6_ADDR_RANGE:
default:
{
return 0;
}
}
}
/**
* Implements traffic_selector_t.clone.
*/
@ -270,9 +300,38 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ
return (&this->public);
}
/*
* see header
*/
traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits)
{
private_traffic_selector_t *this = traffic_selector_create(0, 0, 0, 65535);
switch (net->get_family(net))
{
case AF_INET:
{
chunk_t from;
this->type = TS_IPV4_ADDR_RANGE;
from = net->get_address_as_chunk(net);
this->from_addr_ipv4 = ntohl(*((u_int32_t*)from.ptr));
this->to_addr_ipv4 = this->from_addr_ipv4 | ((1 << (32 - netbits)) - 1);
allocator_free_chunk(&from);
break;
}
case AF_INET6:
default:
{
allocator_free(this);
return NULL;
}
}
return (&this->public);
}
/*
* Described in header-file
* see header
*/
traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_type_t type, char *from_addr, u_int16_t from_port, char *to_addr, u_int16_t to_port)
{
@ -327,6 +386,7 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port;
this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;
this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
this->public.get_netmask = (u_int8_t(*)(traffic_selector_t*))get_netmask;
this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone;
this->public.destroy = (void(*)(traffic_selector_t*))destroy;
@ -337,4 +397,3 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
return this;
}

18
Source/charon/config/traffic_selector.h
View File

@ -66,12 +66,14 @@ typedef struct traffic_selector_t traffic_selector_t;
* @brief Object representing a traffic selector entry.
*
* A traffic selector defines an range of addresses
* and a range of ports.
* and a range of ports. IPv6 is not fully supported yet.
*
* @b Constructors:
* - traffic_selector_create_from_bytes()
* - traffic_selector_create_from_string()
*
* @todo Add IPv6 support
*
* @ingroup config
*/
struct traffic_selector_t {
@ -161,6 +163,18 @@ struct traffic_selector_t {
* @return protocol id
*/
u_int8_t (*get_protocol) (traffic_selector_t *this);
/**
* @brief Get the netmask of the address range.
*
* Returns the number of bits associated to the subnet.
* (As the "24" in "192.168.0.0/24"). This is approximated
* if the address range is not a complete subnet!
*
* @param this calling obect
* @return netmask as "bits for subnet"
*/
u_int8_t (*get_netmask) (traffic_selector_t *this);
/**
* @brief Destroys the ts object
@ -208,4 +222,6 @@ traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_ty
*/
traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_type_t type, chunk_t from_address, int16_t from_port, chunk_t to_address, u_int16_t to_port);
traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits);
#endif //_TRAFFIC_SELECTOR_H_

32
Source/charon/daemon.c
View File

@ -23,6 +23,9 @@
#include <stdio.h>
#include <signal.h>
#include <pthread.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include "daemon.h"
@ -30,7 +33,7 @@
#include <utils/allocator.h>
#include <queues/jobs/initiate_ike_sa_job.h>
#include <config/static_configuration.h>
#include <config/starter_configuration.h>
#include <config/stroke_configuration.h>
typedef struct private_daemon_t private_daemon_t;
@ -145,6 +148,7 @@ static void kill_daemon(private_daemon_t *this, char *reason)
{
/* initialization failed, terminate daemon */
this->destroy(this);
unlink(PID_FILE);
exit(-1);
}
else
@ -184,7 +188,7 @@ static void initialize(private_daemon_t *this)
this->public.job_queue = job_queue_create();
this->public.event_queue = event_queue_create();
this->public.send_queue = send_queue_create();
this->public.configuration = (configuration_t*)static_configuration_create();
this->public.configuration = (configuration_t*)stroke_configuration_create();
this->public.sender = sender_create();
this->public.receiver = receiver_create();
@ -300,24 +304,40 @@ private_daemon_t *daemon_create()
int main(int argc, char *argv[])
{
private_daemon_t *private_charon;
FILE *pid_file;
struct stat stb;
/* allocation needs initialization, before any allocs are done */
allocator_init();
private_charon = daemon_create();
charon = (daemon_t*)private_charon;
/* check/setup PID file */
if (stat(PID_FILE, &stb) == 0)
{
private_charon->logger->log(private_charon->logger, ERROR,
"charon already running (\""PID_FILE"\" exists)");
private_charon->destroy(private_charon);
exit(-1);
}
pid_file = fopen(PID_FILE, "w");
if (pid_file)
{
fprintf(pid_file, "%d\n", getpid());
fclose(pid_file);
}
/* initialize and run daemon*/
private_charon->initialize(private_charon);
if (argc == 2)
{
private_charon->build_test_job(private_charon,argv[1]);
}
private_charon->run(private_charon);
/* normal termination, cleanup and exit */
private_charon->destroy(private_charon);
unlink(PID_FILE);
#ifdef LEAK_DETECTIVE
report_memory_leaks(void);

10
Source/charon/daemon.h
View File

@ -54,6 +54,16 @@
*/
#define IKEV2_UDP_PORT 500
/**
* PID file, in which charon stores its process id
*/
#define PID_FILE "/var/run/charon.pid"
/**
* Output of log, use NULL for syslog
*/
#define LOG_OUTPUT NULL
/**
* @brief Default loglevel for every logger context.
*

36
Source/charon/sa/child_sa.c
View File

@ -368,32 +368,6 @@ static status_t update(private_child_sa_t *this, proposal_t *proposal, prf_plus_
return SUCCESS;
}
static u_int8_t get_mask(chunk_t start, chunk_t end)
{
int byte, bit, mask = 0;
if (start.len != end.len)
{
return 0;
}
for (byte = 0; byte < start.len; byte++)
{
for (bit = 7; bit >= 0; bit--)
{
if ((*(start.ptr + byte) | (1<<bit)) ==
(*(end.ptr + byte) | (1<<bit)))
{
mask++;
}
else
{
return mask;
}
}
}
return start.len * 8;
}
static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list, linked_list_t *other_ts_list)
{
iterator_t *my_iter, *other_iter;
@ -410,7 +384,7 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
{
/* set up policies for every entry in my_ts_list to every entry in other_ts_list */
int family;
chunk_t from_addr, to_addr;
chunk_t from_addr;
u_int16_t from_port, to_port;
policy_t *policy;
status_t status;
@ -428,26 +402,22 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
/* calculate net and ports for local side */
family = my_ts->get_type(my_ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
from_addr = my_ts->get_from_address(my_ts);
to_addr = my_ts->get_to_address(my_ts);
from_port = my_ts->get_from_port(my_ts);
to_port = my_ts->get_to_port(my_ts);
from_port = (from_port != to_port) ? 0 : from_port;
policy->my_net = host_create_from_chunk(family, from_addr, from_port);
policy->my_net_mask = get_mask(from_addr, to_addr);
policy->my_net_mask = my_ts->get_netmask(my_ts);
allocator_free_chunk(&from_addr);
allocator_free_chunk(&to_addr);
/* calculate net and ports for remote side */
family = other_ts->get_type(other_ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
from_addr = other_ts->get_from_address(other_ts);
to_addr = other_ts->get_to_address(other_ts);
from_port = other_ts->get_from_port(other_ts);
to_port = other_ts->get_to_port(other_ts);
from_port = (from_port != to_port) ? 0 : from_port;
policy->other_net = host_create_from_chunk(family, from_addr, from_port);
policy->other_net_mask = get_mask(from_addr, to_addr);
policy->other_net_mask = other_ts->get_netmask(other_ts);
allocator_free_chunk(&from_addr);
allocator_free_chunk(&to_addr);
/* install 3 policies: out, in and forward */
status = charon->kernel_interface->add_policy(charon->kernel_interface,

35
Source/charon/sa/ike_sa.c
View File

@ -1031,45 +1031,36 @@ static void destroy (private_ike_sa_t *this)
this->ike_sa_id->get_responder_spi(this->ike_sa_id),
this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
/* destroy child sa's */
/* inform other peer of delete */
send_delete_ike_sa_request(this);
while (this->child_sas->remove_last(this->child_sas, (void**)&child_sa) == SUCCESS)
{
child_sa->destroy(child_sa);
}
this->child_sas->destroy(this->child_sas);
if (this->crypter_initiator != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator crypter_t object");
this->crypter_initiator->destroy(this->crypter_initiator);
}
if (this->crypter_responder != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder crypter_t object");
this->crypter_responder->destroy(this->crypter_responder);
}
if (this->signer_initiator != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator signer_t object");
this->signer_initiator->destroy(this->signer_initiator);
}
if (this->signer_responder != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder signer_t object");
this->signer_responder->destroy(this->signer_responder);
}
if (this->prf != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy prf_t object");
this->prf->destroy(this->prf);
}
if (this->child_prf != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy child_prf object");
this->child_prf->destroy(this->child_prf);
}
if (this->prf_auth_i != NULL)
@ -1080,45 +1071,25 @@ static void destroy (private_ike_sa_t *this)
{
this->prf_auth_r->destroy(this->prf_auth_r);
}
/* destroy ike_sa_id */
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy ike_sa_id object");
this->ike_sa_id->destroy(this->ike_sa_id);
/* destroy stored requested message */
if (this->last_requested_message != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last requested message");
this->last_requested_message->destroy(this->last_requested_message);
}
/* destroy stored responded messages */
if (this->last_responded_message != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last responded message");
this->last_responded_message->destroy(this->last_responded_message);
}
/* destroy stored host_t objects */
if (this->me.host != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy my host_t object");
this->me.host->destroy(this->me.host);
}
/* destroy stored host_t objects */
if (this->other.host != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy other host_t object");
this->other.host->destroy(this->other.host);
}
this->randomizer->destroy(this->randomizer);
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy current state object");
this->current_state->destroy(this->current_state);
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy logger of IKE_SA");
charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
allocator_free(this);

43
Source/charon/sa/states/ike_sa_established.c
View File

@ -47,15 +47,6 @@ struct private_ike_sa_established_t {
*/
logger_t *logger;
/**
* Process received DELETE payload and build DELETE payload for INFORMATIONAL response.
*
* @param this calling object
* @param request DELETE payload received in INFORMATIONAL request
* @param response The created DELETE payload is added to this message_t object
*/
status_t (*build_delete_payload) (private_ike_sa_established_t *this, delete_payload_t *request, message_t *response);
/**
* Process a notify payload
*
@ -145,6 +136,7 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m
case DELETE:
{
delete_request = (delete_payload_t *) payload;
break;
}
default:
{
@ -158,16 +150,21 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m
payloads->destroy(payloads);
if (delete_request)
{
status = this->build_delete_payload(this, delete_request, response);
if (status == DELETE_ME)
{
if (delete_request->get_protocol_id(delete_request) == IKE)
{
this->logger->log(this->logger, AUDIT, "DELETE request for IKE_SA received");
response->destroy(response);
return status;
return DELETE_ME;
}
else
{
this->logger->log(this->logger, AUDIT, "DELETE request for CHILD_SA received. Ignored");
response->destroy(response);
return SUCCESS;
}
}
status = this->ike_sa->send_response(this->ike_sa, response);
/* message can now be sent (must not be destroyed) */
if (status != SUCCESS)
@ -180,23 +177,6 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m
return SUCCESS;
}
/**
* Implementation of private_ike_sa_established_t.build_sa_payload;
*/
static status_t build_delete_payload (private_ike_sa_established_t *this, delete_payload_t *request, message_t *response_message)
{
if (request->get_protocol_id(request) == IKE)
{
this->logger->log(this->logger, AUDIT, "DELETE request for IKE_SA received. Don't reply.");
/* IKE_SA has to get deleted */
return DELETE_ME;
}
this->logger->log(this->logger, AUDIT, "DELETE payload for CHILD_SAs not supported and handled.");
return SUCCESS;
}
/**
* Implementation of private_ike_sa_established_t.process_notify_payload;
*/
@ -250,7 +230,6 @@ ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa)
/* private functions */
this->process_notify_payload = process_notify_payload;
this->build_delete_payload = build_delete_payload;
/* private data */
this->ike_sa = ike_sa;

5
Source/charon/sa/states/initiator_init.c
View File

@ -159,7 +159,6 @@ status_t retry_initiate_connection (private_initiator_init_t *this, diffie_hellm
if (dh_group == MODP_UNDEFINED)
{
this->logger->log(this->logger, AUDIT, "No DH group acceptable for initialization, Aborting");
message->destroy(message);
return DELETE_ME;
}
@ -280,7 +279,7 @@ static void build_nonce_payload(private_initiator_init_t *this, message_t *reque
*/
static status_t process_message(private_initiator_init_t *this, message_t *message)
{
this->logger->log(this->logger, ERROR, "In state INITIATOR_INIT no message is processed");
this->logger->log(this->logger, ERROR, "In state INITIATOR_INIT, no message is processed");
return FAILED;
}
@ -302,12 +301,10 @@ static void destroy(private_initiator_init_t *this)
/* destroy diffie hellman object */
if (this->diffie_hellman != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy diffie_hellman_t object");
this->diffie_hellman->destroy(this->diffie_hellman);
}
if (this->sent_nonce.ptr != NULL)
{
this->logger->log(this->logger, CONTROL | LEVEL3, "Free memory of sent nonce");
allocator_free(this->sent_nonce.ptr);
}
allocator_free(this);

4
Source/charon/testcases/init_config_test.c
View File

@ -31,7 +31,9 @@
*/
void test_init_config(protected_tester_t *tester)
{
init_config_t *init_config = init_config_create("192.168.0.1","192.168.0.2",500,500);
host_t *alice = host_create(AF_INET, "192.168.0.1", 500);
host_t *bob = host_create(AF_INET, "192.168.0.2", 500);
init_config_t *init_config = init_config_create(alice, bob);
proposal_t *prop1, *prop2, *prop3, *prop4;//, *selected_one;
linked_list_t *list;
//status_t status;

33
Source/charon/threads/thread_pool.c
View File

@ -233,26 +233,22 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa
if ((message->get_major_version(message) != IKE_MAJOR_VERSION) ||
(message->get_minor_version(message) != IKE_MINOR_VERSION))
{
this->worker_logger->log(this->worker_logger, ERROR | LEVEL2, "IKE version %d.%d not supported",
message->get_major_version(message),
message->get_minor_version(message));
message->get_major_version(message),
message->get_minor_version(message));
/*
* TODO send notify reply of type INVALID_MAJOR_VERSION for requests of type IKE_SA_INIT.
*
* This check is not handled in state_t object of IKE_SA to increase speed.
*/
if ((message->get_exchange_type(message) == IKE_SA_INIT) && (message->get_request(message)))
{
message_t *response;
message->get_ike_sa_id(message, &ike_sa_id);
ike_sa_id->switch_initiator(ike_sa_id);
response = message_create_notify_reply(message->get_destination(message),
message->get_source(message),
IKE_SA_INIT,
FALSE,ike_sa_id,INVALID_MAJOR_VERSION);
if ((message->get_exchange_type(message) == IKE_SA_INIT) && (message->get_request(message)))
{
message_t *response;
message->get_ike_sa_id(message, &ike_sa_id);
ike_sa_id->switch_initiator(ike_sa_id);
response = message_create_notify_reply(message->get_destination(message),
message->get_source(message),
IKE_SA_INIT,
FALSE,ike_sa_id,INVALID_MAJOR_VERSION);
message->destroy(message);
ike_sa_id->destroy(ike_sa_id);
status = response->generate(response, NULL, NULL, &packet);
@ -266,10 +262,9 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa
charon->send_queue->add(charon->send_queue, packet);
response->destroy(response);
return;
}
message->destroy(message);
return;
}
message->destroy(message);
return;
}
message->get_ike_sa_id(message, &ike_sa_id);

7
Source/charon/utils/logger_manager.c
View File

@ -22,7 +22,8 @@
#include "logger_manager.h"
#include <daemon.h>
#include <definitions.h>
#include <utils/allocator.h>
#include <utils/linked_list.h>
@ -160,11 +161,11 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
context_name = mapping_find(logger_context_t_mappings,context);
/* output to stdout, since we are debugging all days */
output = stdout;
output = LOG_OUTPUT;
/* defaults */
log_thread_ids = FALSE;
logger_level = this->public.get_logger_level(&(this->public),context);;
logger_level = this->public.get_logger_level(&(this->public),context);
switch(context)
{

6
Source/charon/utils/logger_manager.h
View File

@ -69,6 +69,12 @@ typedef struct logger_manager_t logger_manager_t;
*
* @see logger_t
*
* @todo We currently give out a new instance for every logger requested.
* This is unnecessary. One logger for each class would be sufficient.
*
* @todo We could remove logger naming (additional to classes), since we have
* never used it (and probably never will).
*
* @ingroup utils
*/
struct logger_manager_t {