- first attempt for connection loading and starting via "stroke"
- some improvements here and there
This commit is contained in:
parent
8a49112907
commit
b1953ccd05
|
@ -18,7 +18,7 @@ MAIN_DIR= ./
|
|||
|
||||
LDFLAGS= -lgmp -lpthread
|
||||
|
||||
CFLAGS+= -Wall -I. -g -DLEAK_DETECTIVE
|
||||
CFLAGS+= -I. -Wall -g -DLEAK_DETECTIVE
|
||||
|
||||
# objects is extended by each included Makefile
|
||||
OBJS=
|
||||
|
|
|
@ -36,6 +36,6 @@ OBJS+= $(BUILD_DIR)static_configuration.o
|
|||
$(BUILD_DIR)static_configuration.o : $(CONFIG_DIR)static_configuration.c $(CONFIG_DIR)static_configuration.h
|
||||
$(CC) $(CFLAGS) -c -o $@ $<
|
||||
|
||||
OBJS+= $(BUILD_DIR)starter_configuration.o
|
||||
$(BUILD_DIR)starter_configuration.o : $(CONFIG_DIR)starter_configuration.c $(CONFIG_DIR)starter_configuration.h
|
||||
OBJS+= $(BUILD_DIR)stroke_configuration.o
|
||||
$(BUILD_DIR)stroke_configuration.o : $(CONFIG_DIR)stroke_configuration.c $(CONFIG_DIR)stroke_configuration.h
|
||||
$(CC) $(CFLAGS) -c -o $@ $<
|
|
@ -215,7 +215,7 @@ static void destroy (private_init_config_t *this)
|
|||
/**
|
||||
* Described in header.
|
||||
*/
|
||||
init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_port, u_int16_t other_port)
|
||||
init_config_t * init_config_create(host_t *me, host_t *other)
|
||||
{
|
||||
private_init_config_t *this = allocator_alloc_thing(private_init_config_t);
|
||||
|
||||
|
@ -232,8 +232,8 @@ init_config_t * init_config_create(char * my_ip, char *other_ip, u_int16_t my_po
|
|||
this->public.destroy = (void(*)(init_config_t*))destroy;
|
||||
|
||||
/* private variables */
|
||||
this->my_host = host_create(AF_INET,my_ip, my_port);
|
||||
this->other_host = host_create(AF_INET,other_ip, other_port);
|
||||
this->my_host = me;
|
||||
this->other_host = other;
|
||||
|
||||
this->proposals = linked_list_create();
|
||||
|
||||
|
|
|
@ -148,12 +148,18 @@ struct init_config_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* @brief Creates a init_config_t object.
|
||||
* @brief Creates a init_config_t object from two host_t's.
|
||||
*
|
||||
* Supplied hosts become owned by init_config, so
|
||||
* do not modify or destroy them after a call to
|
||||
* init_config_create_from_hosts().
|
||||
*
|
||||
* @param me host_t object representing local address
|
||||
* @param other host_t object representing remote address
|
||||
* @return init_config_t object.
|
||||
*
|
||||
* @ingroup config
|
||||
*/
|
||||
init_config_t * init_config_create(char *my_ip, char *other_ip, u_int16_t my_port, u_int16_t other_port);
|
||||
init_config_t * init_config_create(host_t *me, host_t *other);
|
||||
|
||||
#endif //_INIT_CONFIG_H_
|
||||
#endif /* _INIT_CONFIG_H_ */
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
/**
|
||||
* @file starter_configuration_t.h
|
||||
*
|
||||
* @brief Interface of starter_configuration_t.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2005 Jan Hutter, Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#ifndef STARTER_CONFIGURATION_H_
|
||||
#define STARTER_CONFIGURATION_H_
|
||||
|
||||
#include <config/configuration.h>
|
||||
|
||||
|
||||
typedef struct starter_configuration_t starter_configuration_t;
|
||||
|
||||
/**
|
||||
* @brief A config backend which uses the ipsec starter
|
||||
* from pluto, wich parses config files.
|
||||
*
|
||||
* This configuration implementation opens a Whack-Socket
|
||||
* and waits for input from ipsec starter.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - starter_configuration_create()
|
||||
*
|
||||
* @ingroup config
|
||||
*/
|
||||
struct starter_configuration_t {
|
||||
|
||||
/**
|
||||
* Implements configuration_t interface
|
||||
*/
|
||||
configuration_t configuration_interface;
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief Creates an configuration using ipsec starter as input.
|
||||
*
|
||||
* @return starter_configuration_t object
|
||||
*
|
||||
* @ingroup config
|
||||
*/
|
||||
starter_configuration_t *starter_configuration_create();
|
||||
|
||||
#endif /*STARTER_CONFIGURATION_H_*/
|
|
@ -297,9 +297,15 @@ static void load_default_config (private_static_configuration_t *this)
|
|||
proposal_t *proposal;
|
||||
sa_config_t *sa_config_a, *sa_config_b;
|
||||
traffic_selector_t *ts;
|
||||
host_t *alice, *bob, *any;
|
||||
|
||||
init_config_a = init_config_create("0.0.0.0","192.168.0.2",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
|
||||
init_config_b = init_config_create("0.0.0.0","192.168.0.1",IKEV2_UDP_PORT,IKEV2_UDP_PORT);
|
||||
bob = host_create(AF_INET, "192.168.0.2", IKEV2_UDP_PORT);
|
||||
any = host_create(AF_INET, "0.0.0.0", IKEV2_UDP_PORT);
|
||||
init_config_a = init_config_create(any, bob);
|
||||
|
||||
alice = host_create(AF_INET, "192.168.0.1", IKEV2_UDP_PORT);
|
||||
any = host_create(AF_INET, "0.0.0.0", IKEV2_UDP_PORT);
|
||||
init_config_b = init_config_create(any, alice);
|
||||
|
||||
/* IKE proposals for alice */
|
||||
proposal = proposal_create(1);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**
|
||||
* @file starter_configuration.c
|
||||
* @file stroke_configuration.c
|
||||
*
|
||||
* @brief Implementation of starter_configuration_t.
|
||||
* @brief Implementation of stroke_configuration_t.
|
||||
*
|
||||
*/
|
||||
|
||||
|
@ -30,12 +30,12 @@
|
|||
#include <errno.h>
|
||||
#include <pthread.h>
|
||||
|
||||
#include "starter_configuration.h"
|
||||
#include "stroke_configuration.h"
|
||||
|
||||
#include <types.h>
|
||||
#include <daemon.h>
|
||||
#include <utils/allocator.h>
|
||||
|
||||
#include <queues/jobs/initiate_ike_sa_job.h>
|
||||
|
||||
/**
|
||||
* First retransmit timeout in milliseconds.
|
||||
|
@ -57,7 +57,7 @@
|
|||
#define MAX_RETRANSMIT_COUNT 0
|
||||
|
||||
|
||||
struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/pluto.ctl"};
|
||||
struct sockaddr_un socket_addr = { AF_UNIX, "/var/run/charon.ctl"};
|
||||
|
||||
|
||||
typedef struct preshared_secret_entry_t preshared_secret_entry_t;
|
||||
|
@ -182,17 +182,17 @@ static configuration_entry_t * configuration_entry_create(char * name, init_conf
|
|||
return entry;
|
||||
}
|
||||
|
||||
typedef struct private_starter_configuration_t private_starter_configuration_t;
|
||||
typedef struct private_stroke_configuration_t private_stroke_configuration_t;
|
||||
|
||||
/**
|
||||
* Private data of an starter_configuration_t object.
|
||||
* Private data of an stroke_configuration_t object.
|
||||
*/
|
||||
struct private_starter_configuration_t {
|
||||
struct private_stroke_configuration_t {
|
||||
|
||||
/**
|
||||
* Public part of starter_configuration_t object.
|
||||
* Public part of stroke_configuration_t object.
|
||||
*/
|
||||
starter_configuration_t public;
|
||||
stroke_configuration_t public;
|
||||
|
||||
/**
|
||||
* Holding all configurations.
|
||||
|
@ -257,7 +257,7 @@ struct private_starter_configuration_t {
|
|||
* @param init_config init_config_t object
|
||||
* @param sa_config sa_config_t object
|
||||
*/
|
||||
void (*add_new_configuration) (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
|
||||
void (*add_new_configuration) (private_stroke_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config);
|
||||
|
||||
/**
|
||||
* Adds a new preshared secret.
|
||||
|
@ -267,7 +267,7 @@ struct private_starter_configuration_t {
|
|||
* @param id_string identification as string
|
||||
* @param preshared_secret preshared secret as string
|
||||
*/
|
||||
void (*add_new_preshared_secret) (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret);
|
||||
void (*add_new_preshared_secret) (private_stroke_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret);
|
||||
|
||||
/**
|
||||
* Adds a new rsa private key.
|
||||
|
@ -278,7 +278,7 @@ struct private_starter_configuration_t {
|
|||
* @param key_pos location of key
|
||||
* @param key_len length of key
|
||||
*/
|
||||
void (*add_new_rsa_private_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
|
||||
void (*add_new_rsa_private_key) (private_stroke_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
|
||||
|
||||
/**
|
||||
* Adds a new rsa public key.
|
||||
|
@ -289,17 +289,39 @@ struct private_starter_configuration_t {
|
|||
* @param key_pos location of key
|
||||
* @param key_len length of key
|
||||
*/
|
||||
void (*add_new_rsa_public_key) (private_starter_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
|
||||
void (*add_new_rsa_public_key) (private_stroke_configuration_t *this,id_type_t type, char *id_string, u_int8_t *key_pos, size_t key_len);
|
||||
|
||||
void (*whack_receive) (private_starter_configuration_t *this);
|
||||
void (*whack_receive) (private_stroke_configuration_t *this);
|
||||
};
|
||||
|
||||
/**
|
||||
* Implementation of private_starter_configuration_t.listen.
|
||||
*/
|
||||
static void whack_receive(private_starter_configuration_t *this)
|
||||
extern u_int8_t public_key_1[];
|
||||
extern u_int8_t private_key_1[];
|
||||
extern u_int8_t public_key_2[];
|
||||
extern u_int8_t private_key_2[];
|
||||
|
||||
static void fix_string(stroke_msg_t *msg, char **string)
|
||||
{
|
||||
u_int8_t buffer[5000];
|
||||
/* check for sanity of string pointer and string */
|
||||
if (string < (char**)msg ||
|
||||
string > (char**)msg + sizeof(stroke_msg_t) ||
|
||||
*string < (char*)msg->buffer - (u_int)msg ||
|
||||
*string > (char*)(u_int)msg->length)
|
||||
{
|
||||
*string = "(invalid char* in stroke msg)";
|
||||
}
|
||||
else
|
||||
{
|
||||
*string = (char*)msg + (u_int)*string;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_stroke_configuration_t.listen.
|
||||
*/
|
||||
static void whack_receive(private_stroke_configuration_t *this)
|
||||
{
|
||||
stroke_msg_t *msg;
|
||||
u_int16_t msg_length;
|
||||
struct sockaddr_un whackaddr;
|
||||
int whackaddrlen = sizeof(whackaddr);
|
||||
ssize_t n;
|
||||
|
@ -311,33 +333,121 @@ static void whack_receive(private_starter_configuration_t *this)
|
|||
|
||||
if (whackfd < 0)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "accept() failed in whack_handle()");
|
||||
this->logger->log(this->logger, ERROR, "accepting stroke connection failed");
|
||||
continue;
|
||||
}
|
||||
if (fcntl(whackfd, F_SETFD, FD_CLOEXEC) < 0)
|
||||
|
||||
/* peek the length */
|
||||
n = recv(whackfd, &msg_length, sizeof(msg_length), MSG_PEEK);
|
||||
if (n != sizeof(msg_length))
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "failed to set CLOEXEC in whack_handle()");
|
||||
this->logger->log(this->logger, ERROR, "reading lenght of stroke message failed");
|
||||
close(whackfd);
|
||||
continue;
|
||||
}
|
||||
|
||||
n = read(whackfd, &buffer, sizeof(buffer));
|
||||
|
||||
if (n == -1)
|
||||
|
||||
/* read message */
|
||||
msg = allocator_alloc(msg_length);
|
||||
n = recv(whackfd, msg, msg_length, 0);
|
||||
if (n != msg_length)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "read() failed in whack_handle()");
|
||||
this->logger->log(this->logger, ERROR, "reading stroke message failed");
|
||||
close(whackfd);
|
||||
continue;
|
||||
}
|
||||
this->logger->log_bytes(this->logger, CONTROL, "Whackinput", buffer, n);
|
||||
|
||||
this->logger->log_bytes(this->logger, RAW|LEVEL1, "Whackinput", (void*)msg, msg_length);
|
||||
|
||||
switch (msg->type)
|
||||
{
|
||||
case STR_INITIATE:
|
||||
{
|
||||
initiate_ike_sa_job_t *job;
|
||||
fix_string(msg, &(msg->initiate.name));
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: initiate \"%s\"", msg->initiate.name);
|
||||
job = initiate_ike_sa_job_create(msg->initiate.name);
|
||||
charon->job_queue->add(charon->job_queue, (job_t*)job);
|
||||
break;
|
||||
}
|
||||
case STR_INSTALL:
|
||||
{
|
||||
fix_string(msg, &(msg->install.name));
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: install \"%s\"", msg->install.name);
|
||||
break;
|
||||
}
|
||||
case STR_ADD_CONN:
|
||||
{
|
||||
sa_config_t *sa_config;
|
||||
init_config_t *init_config;
|
||||
host_t *me, *other;
|
||||
proposal_t *proposal;
|
||||
traffic_selector_t *ts;
|
||||
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "my id is: \"%p\"", msg->add_conn.me.id);
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "other id is: \"%p\"", msg->add_conn.other.id);
|
||||
fix_string(msg, &msg->add_conn.name);
|
||||
fix_string(msg, &msg->add_conn.me.id);
|
||||
fix_string(msg, &msg->add_conn.other.id);
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "received stroke: add connection \"%s\"", msg->add_conn.name);
|
||||
|
||||
msg->add_conn.me.address.v4.sin_port = htons(500);
|
||||
msg->add_conn.other.address.v4.sin_port = htons(500);
|
||||
me = host_create_from_sockaddr(&msg->add_conn.me.address.saddr);
|
||||
other = host_create_from_sockaddr(&msg->add_conn.other.address.saddr);
|
||||
|
||||
init_config = init_config_create(me, other);
|
||||
proposal = proposal_create(1);
|
||||
proposal->add_algorithm(proposal, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal->add_algorithm(proposal, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
||||
proposal->add_algorithm(proposal, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0);
|
||||
proposal->add_algorithm(proposal, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
init_config->add_proposal(init_config, proposal);
|
||||
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "my id is: \"%s\"", msg->add_conn.me.id);
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "other id is: \"%s\"", msg->add_conn.other.id);
|
||||
|
||||
sa_config = sa_config_create(ID_IPV4_ADDR, msg->add_conn.me.id,
|
||||
ID_IPV4_ADDR, msg->add_conn.other.id,
|
||||
SHARED_KEY_MESSAGE_INTEGRITY_CODE, 30000);
|
||||
|
||||
this->add_new_preshared_secret(this, ID_IPV4_ADDR, "192.168.0.1","verschluesselt");
|
||||
this->add_new_preshared_secret(this, ID_IPV4_ADDR, "192.168.0.2","verschluesselt");
|
||||
|
||||
proposal = proposal_create(1);
|
||||
proposal->add_algorithm(proposal, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal->add_algorithm(proposal, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
||||
sa_config->add_proposal(sa_config, proposal);
|
||||
|
||||
me = host_create_from_sockaddr(&msg->add_conn.me.subnet.saddr);
|
||||
ts = traffic_selector_create_from_subnet(me, msg->add_conn.me.subnet_netbits);
|
||||
sa_config->add_my_traffic_selector(sa_config,ts);
|
||||
chunk_t chunk = ts->get_to_address(ts);
|
||||
this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "my toaddr", &chunk);
|
||||
other = host_create_from_sockaddr(&msg->add_conn.other.subnet.saddr);
|
||||
ts = traffic_selector_create_from_subnet(other, msg->add_conn.other.subnet_netbits);
|
||||
sa_config->add_other_traffic_selector(sa_config,ts);
|
||||
chunk = ts->get_to_address(ts);
|
||||
this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "other toaddr", &chunk);
|
||||
|
||||
this->add_new_configuration(this, msg->add_conn.name, init_config, sa_config);
|
||||
this->logger->log(this->logger, CONTROL|LEVEL1, "connection added \"%s\"", msg->add_conn.name);
|
||||
|
||||
break;
|
||||
}
|
||||
case STR_DEL_CONN:
|
||||
default:
|
||||
this->logger->log(this->logger, ERROR, "received invalid stroke");
|
||||
}
|
||||
|
||||
allocator_free(msg);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_init_config_for_host.
|
||||
* Implementation of stroke_configuration_t.get_init_config_for_host.
|
||||
*/
|
||||
static status_t get_init_config_for_host (private_starter_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
|
||||
static status_t get_init_config_for_host (private_stroke_configuration_t *this, host_t *my_host, host_t *other_host,init_config_t **init_config)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
status_t status = NOT_FOUND;
|
||||
|
@ -407,9 +517,9 @@ static status_t get_init_config_for_host (private_starter_configuration_t *this,
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_init_config_for_name.
|
||||
* Implementation of stroke_configuration_t.get_init_config_for_name.
|
||||
*/
|
||||
static status_t get_init_config_for_name (private_starter_configuration_t *this, char *name, init_config_t **init_config)
|
||||
static status_t get_init_config_for_name (private_stroke_configuration_t *this, char *name, init_config_t **init_config)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
status_t status = NOT_FOUND;
|
||||
|
@ -437,9 +547,9 @@ static status_t get_init_config_for_name (private_starter_configuration_t *this,
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_sa_config_for_name.
|
||||
* Implementation of stroke_configuration_t.get_sa_config_for_name.
|
||||
*/
|
||||
static status_t get_sa_config_for_name (private_starter_configuration_t *this, char *name, sa_config_t **sa_config)
|
||||
static status_t get_sa_config_for_name (private_stroke_configuration_t *this, char *name, sa_config_t **sa_config)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
status_t status = NOT_FOUND;
|
||||
|
@ -466,9 +576,9 @@ static status_t get_sa_config_for_name (private_starter_configuration_t *this, c
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_sa_config_for_init_config_and_id.
|
||||
* Implementation of stroke_configuration_t.get_sa_config_for_init_config_and_id.
|
||||
*/
|
||||
static status_t get_sa_config_for_init_config_and_id (private_starter_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
|
||||
static status_t get_sa_config_for_init_config_and_id (private_stroke_configuration_t *this, init_config_t *init_config, identification_t *other_id, identification_t *my_id,sa_config_t **sa_config)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
status_t status = NOT_FOUND;
|
||||
|
@ -517,9 +627,9 @@ static status_t get_sa_config_for_init_config_and_id (private_starter_configurat
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_starter_configuration_t.add_new_configuration.
|
||||
* Implementation of private_stroke_configuration_t.add_new_configuration.
|
||||
*/
|
||||
static void add_new_configuration (private_starter_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
|
||||
static void add_new_configuration (private_stroke_configuration_t *this, char *name, init_config_t *init_config, sa_config_t *sa_config)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
bool found;
|
||||
|
@ -564,9 +674,9 @@ static void add_new_configuration (private_starter_configuration_t *this, char *
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_starter_configuration_t.add_new_preshared_secret.
|
||||
* Implementation of private_stroke_configuration_t.add_new_preshared_secret.
|
||||
*/
|
||||
static void add_new_preshared_secret (private_starter_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret)
|
||||
static void add_new_preshared_secret (private_stroke_configuration_t *this,id_type_t type, char *id_string, char *preshared_secret)
|
||||
{
|
||||
preshared_secret_entry_t *entry = allocator_alloc_thing(preshared_secret_entry_t);
|
||||
|
||||
|
@ -579,9 +689,9 @@ static void add_new_preshared_secret (private_starter_configuration_t *this,id_t
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_starter_configuration_t.add_new_preshared_secret.
|
||||
* Implementation of private_stroke_configuration_t.add_new_preshared_secret.
|
||||
*/
|
||||
static void add_new_rsa_public_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
|
||||
static void add_new_rsa_public_key (private_stroke_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
|
||||
{
|
||||
chunk_t key;
|
||||
key.ptr = key_pos;
|
||||
|
@ -597,9 +707,9 @@ static void add_new_rsa_public_key (private_starter_configuration_t *this, id_ty
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_starter_configuration_t.add_new_preshared_secret.
|
||||
* Implementation of private_stroke_configuration_t.add_new_preshared_secret.
|
||||
*/
|
||||
static void add_new_rsa_private_key (private_starter_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
|
||||
static void add_new_rsa_private_key (private_stroke_configuration_t *this, id_type_t type, char *id_string, u_int8_t* key_pos, size_t key_len)
|
||||
{
|
||||
chunk_t key;
|
||||
key.ptr = key_pos;
|
||||
|
@ -615,9 +725,9 @@ static void add_new_rsa_private_key (private_starter_configuration_t *this, id_t
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_shared_secret.
|
||||
* Implementation of stroke_configuration_t.get_shared_secret.
|
||||
*/
|
||||
static status_t get_shared_secret(private_starter_configuration_t *this, identification_t *identification, chunk_t *preshared_secret)
|
||||
static status_t get_shared_secret(private_stroke_configuration_t *this, identification_t *identification, chunk_t *preshared_secret)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
|
||||
|
@ -638,9 +748,9 @@ static status_t get_shared_secret(private_starter_configuration_t *this, identif
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_shared_secret.
|
||||
* Implementation of stroke_configuration_t.get_shared_secret.
|
||||
*/
|
||||
static status_t get_rsa_public_key(private_starter_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key)
|
||||
static status_t get_rsa_public_key(private_stroke_configuration_t *this, identification_t *identification, rsa_public_key_t **public_key)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
|
||||
|
@ -661,9 +771,9 @@ static status_t get_rsa_public_key(private_starter_configuration_t *this, identi
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_shared_secret.
|
||||
* Implementation of stroke_configuration_t.get_shared_secret.
|
||||
*/
|
||||
static status_t get_rsa_private_key(private_starter_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key)
|
||||
static status_t get_rsa_private_key(private_stroke_configuration_t *this, identification_t *identification, rsa_private_key_t **private_key)
|
||||
{
|
||||
iterator_t *iterator;
|
||||
|
||||
|
@ -684,9 +794,9 @@ static status_t get_rsa_private_key(private_starter_configuration_t *this, ident
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_retransmit_timeout.
|
||||
* Implementation of stroke_configuration_t.get_retransmit_timeout.
|
||||
*/
|
||||
static status_t get_retransmit_timeout (private_starter_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
|
||||
static status_t get_retransmit_timeout (private_stroke_configuration_t *this, u_int32_t retransmit_count, u_int32_t *timeout)
|
||||
{
|
||||
int new_timeout = this->first_retransmit_timeout, i;
|
||||
if ((retransmit_count > this->max_retransmit_count) && (this->max_retransmit_count != 0))
|
||||
|
@ -706,17 +816,17 @@ static status_t get_retransmit_timeout (private_starter_configuration_t *this, u
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.get_half_open_ike_sa_timeout.
|
||||
* Implementation of stroke_configuration_t.get_half_open_ike_sa_timeout.
|
||||
*/
|
||||
static u_int32_t get_half_open_ike_sa_timeout (private_starter_configuration_t *this)
|
||||
static u_int32_t get_half_open_ike_sa_timeout (private_stroke_configuration_t *this)
|
||||
{
|
||||
return this->half_open_ike_sa_timeout;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of starter_configuration_t.destroy.
|
||||
* Implementation of stroke_configuration_t.destroy.
|
||||
*/
|
||||
static void destroy(private_starter_configuration_t *this)
|
||||
static void destroy(private_stroke_configuration_t *this)
|
||||
{
|
||||
this->logger->log(this->logger,CONTROL | LEVEL1, "Going to destroy configuration backend ");
|
||||
|
||||
|
@ -790,9 +900,9 @@ static void destroy(private_starter_configuration_t *this)
|
|||
/*
|
||||
* Described in header-file
|
||||
*/
|
||||
starter_configuration_t *starter_configuration_create()
|
||||
stroke_configuration_t *stroke_configuration_create()
|
||||
{
|
||||
private_starter_configuration_t *this = allocator_alloc_thing(private_starter_configuration_t);
|
||||
private_stroke_configuration_t *this = allocator_alloc_thing(private_stroke_configuration_t);
|
||||
mode_t old;
|
||||
bool on = TRUE;
|
||||
|
|
@ -0,0 +1,111 @@
|
|||
/**
|
||||
* @file stroke_configuration_t.h
|
||||
*
|
||||
* @brief Interface of stroke_configuration_t.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2005 Jan Hutter, Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#ifndef STROKE_CONFIGURATION_H
|
||||
#define STROKE_CONFIGURATION_H
|
||||
|
||||
#include <config/configuration.h>
|
||||
|
||||
/**
|
||||
* @brief A message sent over the unix socket.
|
||||
*
|
||||
*/
|
||||
typedef struct stroke_msg_t stroke_msg_t;
|
||||
|
||||
struct stroke_msg_t {
|
||||
/* length of this message with all strings */
|
||||
u_int16_t length;
|
||||
/* type of the message */
|
||||
enum {
|
||||
/* initiate a connection */
|
||||
STR_INITIATE,
|
||||
/* install SPD entries for a connection */
|
||||
STR_INSTALL,
|
||||
/* add a connection */
|
||||
STR_ADD_CONN,
|
||||
/* delete a connection */
|
||||
STR_DEL_CONN,
|
||||
/* more to come */
|
||||
} type;
|
||||
union {
|
||||
/* data for STR_INITIATE, STR_INSTALL */
|
||||
struct {
|
||||
char *name;
|
||||
} initiate, install;
|
||||
/* data for STR_ADD_CONN */
|
||||
struct {
|
||||
char *name;
|
||||
struct {
|
||||
union {
|
||||
u_int16_t family;
|
||||
struct sockaddr saddr;
|
||||
struct sockaddr_in v4;
|
||||
struct sockaddr_in6 v6;
|
||||
} address;
|
||||
char *id;
|
||||
union {
|
||||
u_int16_t family;
|
||||
struct sockaddr saddr;
|
||||
struct sockaddr_in v4;
|
||||
struct sockaddr_in6 v6;
|
||||
} subnet;
|
||||
u_int8_t subnet_netbits;
|
||||
} me, other;
|
||||
} add_conn;
|
||||
};
|
||||
u_int8_t buffer[];
|
||||
};
|
||||
|
||||
|
||||
typedef struct stroke_configuration_t stroke_configuration_t;
|
||||
|
||||
/**
|
||||
* @brief A config backend which uses a unix socket.
|
||||
*
|
||||
* Allows config manipulation (as whack in pluto). This config
|
||||
* is used by the ipsec_starter utility. This configuration
|
||||
* implementation opens a socket at /var/run/charon.ctl and
|
||||
* waits for input from ipsec starter.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - stroke_configuration_create()
|
||||
*
|
||||
* @ingroup config
|
||||
*/
|
||||
struct stroke_configuration_t {
|
||||
|
||||
/**
|
||||
* Implements configuration_t interface
|
||||
*/
|
||||
configuration_t configuration_interface;
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief Creates an configuration with a unix socket interface.
|
||||
*
|
||||
* @return stroke_configuration_t object
|
||||
*
|
||||
* @ingroup config
|
||||
*/
|
||||
stroke_configuration_t *stroke_configuration_create();
|
||||
|
||||
#endif /*STROKE_CONFIGURATION_H*/
|
|
@ -50,14 +50,14 @@ struct private_traffic_selector_t {
|
|||
u_int8_t protocol;
|
||||
|
||||
/**
|
||||
* begin of address range
|
||||
* begin of address range, host order
|
||||
*/
|
||||
union {
|
||||
u_int32_t from_addr_ipv4;
|
||||
};
|
||||
|
||||
/**
|
||||
* end of address range
|
||||
* end of address range, host order
|
||||
*/
|
||||
union {
|
||||
u_int32_t to_addr_ipv4;
|
||||
|
@ -75,7 +75,7 @@ struct private_traffic_selector_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* internal generic constructor
|
||||
* internal generic constructor
|
||||
*/
|
||||
static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port);
|
||||
|
||||
|
@ -206,6 +206,36 @@ static u_int8_t get_protocol(private_traffic_selector_t *this)
|
|||
return this->protocol;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements traffic_selector_t.get_netmask.
|
||||
*/
|
||||
static u_int8_t get_netmask(private_traffic_selector_t *this)
|
||||
{
|
||||
switch (this->type)
|
||||
{
|
||||
case TS_IPV4_ADDR_RANGE:
|
||||
{
|
||||
u_int32_t from, to, bit;
|
||||
from = htonl(this->from_addr_ipv4);
|
||||
to = htonl(this->to_addr_ipv4);
|
||||
printf("%x - %x\n", from, to);
|
||||
for (bit = 0; bit < 32; bit++)
|
||||
{
|
||||
if ((1<<bit & from) != (1<<bit & to))
|
||||
{
|
||||
return bit;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
case TS_IPV6_ADDR_RANGE:
|
||||
default:
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Implements traffic_selector_t.clone.
|
||||
*/
|
||||
|
@ -270,9 +300,38 @@ traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_typ
|
|||
return (&this->public);
|
||||
}
|
||||
|
||||
/*
|
||||
* see header
|
||||
*/
|
||||
traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits)
|
||||
{
|
||||
private_traffic_selector_t *this = traffic_selector_create(0, 0, 0, 65535);
|
||||
|
||||
switch (net->get_family(net))
|
||||
{
|
||||
case AF_INET:
|
||||
{
|
||||
chunk_t from;
|
||||
|
||||
this->type = TS_IPV4_ADDR_RANGE;
|
||||
from = net->get_address_as_chunk(net);
|
||||
this->from_addr_ipv4 = ntohl(*((u_int32_t*)from.ptr));
|
||||
this->to_addr_ipv4 = this->from_addr_ipv4 | ((1 << (32 - netbits)) - 1);
|
||||
allocator_free_chunk(&from);
|
||||
break;
|
||||
}
|
||||
case AF_INET6:
|
||||
default:
|
||||
{
|
||||
allocator_free(this);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
return (&this->public);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header-file
|
||||
* see header
|
||||
*/
|
||||
traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_type_t type, char *from_addr, u_int16_t from_port, char *to_addr, u_int16_t to_port)
|
||||
{
|
||||
|
@ -327,6 +386,7 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
|
|||
this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port;
|
||||
this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type;
|
||||
this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol;
|
||||
this->public.get_netmask = (u_int8_t(*)(traffic_selector_t*))get_netmask;
|
||||
this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone;
|
||||
this->public.destroy = (void(*)(traffic_selector_t*))destroy;
|
||||
|
||||
|
@ -337,4 +397,3 @@ static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts
|
|||
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
|
@ -66,12 +66,14 @@ typedef struct traffic_selector_t traffic_selector_t;
|
|||
* @brief Object representing a traffic selector entry.
|
||||
*
|
||||
* A traffic selector defines an range of addresses
|
||||
* and a range of ports.
|
||||
* and a range of ports. IPv6 is not fully supported yet.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - traffic_selector_create_from_bytes()
|
||||
* - traffic_selector_create_from_string()
|
||||
*
|
||||
* @todo Add IPv6 support
|
||||
*
|
||||
* @ingroup config
|
||||
*/
|
||||
struct traffic_selector_t {
|
||||
|
@ -161,6 +163,18 @@ struct traffic_selector_t {
|
|||
* @return protocol id
|
||||
*/
|
||||
u_int8_t (*get_protocol) (traffic_selector_t *this);
|
||||
|
||||
/**
|
||||
* @brief Get the netmask of the address range.
|
||||
*
|
||||
* Returns the number of bits associated to the subnet.
|
||||
* (As the "24" in "192.168.0.0/24"). This is approximated
|
||||
* if the address range is not a complete subnet!
|
||||
*
|
||||
* @param this calling obect
|
||||
* @return netmask as "bits for subnet"
|
||||
*/
|
||||
u_int8_t (*get_netmask) (traffic_selector_t *this);
|
||||
|
||||
/**
|
||||
* @brief Destroys the ts object
|
||||
|
@ -208,4 +222,6 @@ traffic_selector_t *traffic_selector_create_from_string(u_int8_t protocol, ts_ty
|
|||
*/
|
||||
traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, ts_type_t type, chunk_t from_address, int16_t from_port, chunk_t to_address, u_int16_t to_port);
|
||||
|
||||
traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, u_int8_t netbits);
|
||||
|
||||
#endif //_TRAFFIC_SELECTOR_H_
|
||||
|
|
|
@ -23,6 +23,9 @@
|
|||
#include <stdio.h>
|
||||
#include <signal.h>
|
||||
#include <pthread.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "daemon.h"
|
||||
|
||||
|
@ -30,7 +33,7 @@
|
|||
#include <utils/allocator.h>
|
||||
#include <queues/jobs/initiate_ike_sa_job.h>
|
||||
#include <config/static_configuration.h>
|
||||
#include <config/starter_configuration.h>
|
||||
#include <config/stroke_configuration.h>
|
||||
|
||||
|
||||
typedef struct private_daemon_t private_daemon_t;
|
||||
|
@ -145,6 +148,7 @@ static void kill_daemon(private_daemon_t *this, char *reason)
|
|||
{
|
||||
/* initialization failed, terminate daemon */
|
||||
this->destroy(this);
|
||||
unlink(PID_FILE);
|
||||
exit(-1);
|
||||
}
|
||||
else
|
||||
|
@ -184,7 +188,7 @@ static void initialize(private_daemon_t *this)
|
|||
this->public.job_queue = job_queue_create();
|
||||
this->public.event_queue = event_queue_create();
|
||||
this->public.send_queue = send_queue_create();
|
||||
this->public.configuration = (configuration_t*)static_configuration_create();
|
||||
this->public.configuration = (configuration_t*)stroke_configuration_create();
|
||||
|
||||
this->public.sender = sender_create();
|
||||
this->public.receiver = receiver_create();
|
||||
|
@ -300,24 +304,40 @@ private_daemon_t *daemon_create()
|
|||
int main(int argc, char *argv[])
|
||||
{
|
||||
private_daemon_t *private_charon;
|
||||
FILE *pid_file;
|
||||
struct stat stb;
|
||||
|
||||
/* allocation needs initialization, before any allocs are done */
|
||||
allocator_init();
|
||||
|
||||
private_charon = daemon_create();
|
||||
charon = (daemon_t*)private_charon;
|
||||
|
||||
/* check/setup PID file */
|
||||
if (stat(PID_FILE, &stb) == 0)
|
||||
{
|
||||
private_charon->logger->log(private_charon->logger, ERROR,
|
||||
"charon already running (\""PID_FILE"\" exists)");
|
||||
private_charon->destroy(private_charon);
|
||||
exit(-1);
|
||||
}
|
||||
pid_file = fopen(PID_FILE, "w");
|
||||
if (pid_file)
|
||||
{
|
||||
fprintf(pid_file, "%d\n", getpid());
|
||||
fclose(pid_file);
|
||||
}
|
||||
|
||||
/* initialize and run daemon*/
|
||||
private_charon->initialize(private_charon);
|
||||
|
||||
if (argc == 2)
|
||||
{
|
||||
private_charon->build_test_job(private_charon,argv[1]);
|
||||
}
|
||||
|
||||
|
||||
private_charon->run(private_charon);
|
||||
|
||||
/* normal termination, cleanup and exit */
|
||||
private_charon->destroy(private_charon);
|
||||
unlink(PID_FILE);
|
||||
|
||||
#ifdef LEAK_DETECTIVE
|
||||
report_memory_leaks(void);
|
||||
|
|
|
@ -54,6 +54,16 @@
|
|||
*/
|
||||
#define IKEV2_UDP_PORT 500
|
||||
|
||||
/**
|
||||
* PID file, in which charon stores its process id
|
||||
*/
|
||||
#define PID_FILE "/var/run/charon.pid"
|
||||
|
||||
/**
|
||||
* Output of log, use NULL for syslog
|
||||
*/
|
||||
#define LOG_OUTPUT NULL
|
||||
|
||||
/**
|
||||
* @brief Default loglevel for every logger context.
|
||||
*
|
||||
|
|
|
@ -368,32 +368,6 @@ static status_t update(private_child_sa_t *this, proposal_t *proposal, prf_plus_
|
|||
return SUCCESS;
|
||||
}
|
||||
|
||||
static u_int8_t get_mask(chunk_t start, chunk_t end)
|
||||
{
|
||||
int byte, bit, mask = 0;
|
||||
|
||||
if (start.len != end.len)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
for (byte = 0; byte < start.len; byte++)
|
||||
{
|
||||
for (bit = 7; bit >= 0; bit--)
|
||||
{
|
||||
if ((*(start.ptr + byte) | (1<<bit)) ==
|
||||
(*(end.ptr + byte) | (1<<bit)))
|
||||
{
|
||||
mask++;
|
||||
}
|
||||
else
|
||||
{
|
||||
return mask;
|
||||
}
|
||||
}
|
||||
}
|
||||
return start.len * 8;
|
||||
}
|
||||
|
||||
static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list, linked_list_t *other_ts_list)
|
||||
{
|
||||
iterator_t *my_iter, *other_iter;
|
||||
|
@ -410,7 +384,7 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
|
|||
{
|
||||
/* set up policies for every entry in my_ts_list to every entry in other_ts_list */
|
||||
int family;
|
||||
chunk_t from_addr, to_addr;
|
||||
chunk_t from_addr;
|
||||
u_int16_t from_port, to_port;
|
||||
policy_t *policy;
|
||||
status_t status;
|
||||
|
@ -428,26 +402,22 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
|
|||
/* calculate net and ports for local side */
|
||||
family = my_ts->get_type(my_ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
|
||||
from_addr = my_ts->get_from_address(my_ts);
|
||||
to_addr = my_ts->get_to_address(my_ts);
|
||||
from_port = my_ts->get_from_port(my_ts);
|
||||
to_port = my_ts->get_to_port(my_ts);
|
||||
from_port = (from_port != to_port) ? 0 : from_port;
|
||||
policy->my_net = host_create_from_chunk(family, from_addr, from_port);
|
||||
policy->my_net_mask = get_mask(from_addr, to_addr);
|
||||
policy->my_net_mask = my_ts->get_netmask(my_ts);
|
||||
allocator_free_chunk(&from_addr);
|
||||
allocator_free_chunk(&to_addr);
|
||||
|
||||
/* calculate net and ports for remote side */
|
||||
family = other_ts->get_type(other_ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6;
|
||||
from_addr = other_ts->get_from_address(other_ts);
|
||||
to_addr = other_ts->get_to_address(other_ts);
|
||||
from_port = other_ts->get_from_port(other_ts);
|
||||
to_port = other_ts->get_to_port(other_ts);
|
||||
from_port = (from_port != to_port) ? 0 : from_port;
|
||||
policy->other_net = host_create_from_chunk(family, from_addr, from_port);
|
||||
policy->other_net_mask = get_mask(from_addr, to_addr);
|
||||
policy->other_net_mask = other_ts->get_netmask(other_ts);
|
||||
allocator_free_chunk(&from_addr);
|
||||
allocator_free_chunk(&to_addr);
|
||||
|
||||
/* install 3 policies: out, in and forward */
|
||||
status = charon->kernel_interface->add_policy(charon->kernel_interface,
|
||||
|
|
|
@ -1031,45 +1031,36 @@ static void destroy (private_ike_sa_t *this)
|
|||
this->ike_sa_id->get_responder_spi(this->ike_sa_id),
|
||||
this->ike_sa_id->is_initiator(this->ike_sa_id) ? "initiator" : "responder");
|
||||
|
||||
/* destroy child sa's */
|
||||
/* inform other peer of delete */
|
||||
send_delete_ike_sa_request(this);
|
||||
|
||||
while (this->child_sas->remove_last(this->child_sas, (void**)&child_sa) == SUCCESS)
|
||||
{
|
||||
child_sa->destroy(child_sa);
|
||||
}
|
||||
this->child_sas->destroy(this->child_sas);
|
||||
|
||||
if (this->crypter_initiator != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator crypter_t object");
|
||||
this->crypter_initiator->destroy(this->crypter_initiator);
|
||||
}
|
||||
|
||||
if (this->crypter_responder != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder crypter_t object");
|
||||
this->crypter_responder->destroy(this->crypter_responder);
|
||||
}
|
||||
|
||||
if (this->signer_initiator != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy initiator signer_t object");
|
||||
this->signer_initiator->destroy(this->signer_initiator);
|
||||
}
|
||||
|
||||
if (this->signer_responder != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy responder signer_t object");
|
||||
this->signer_responder->destroy(this->signer_responder);
|
||||
}
|
||||
|
||||
if (this->prf != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy prf_t object");
|
||||
this->prf->destroy(this->prf);
|
||||
}
|
||||
if (this->child_prf != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy child_prf object");
|
||||
this->child_prf->destroy(this->child_prf);
|
||||
}
|
||||
if (this->prf_auth_i != NULL)
|
||||
|
@ -1080,45 +1071,25 @@ static void destroy (private_ike_sa_t *this)
|
|||
{
|
||||
this->prf_auth_r->destroy(this->prf_auth_r);
|
||||
}
|
||||
|
||||
/* destroy ike_sa_id */
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy ike_sa_id object");
|
||||
this->ike_sa_id->destroy(this->ike_sa_id);
|
||||
|
||||
/* destroy stored requested message */
|
||||
if (this->last_requested_message != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last requested message");
|
||||
this->last_requested_message->destroy(this->last_requested_message);
|
||||
}
|
||||
|
||||
/* destroy stored responded messages */
|
||||
if (this->last_responded_message != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy last responded message");
|
||||
this->last_responded_message->destroy(this->last_responded_message);
|
||||
}
|
||||
|
||||
/* destroy stored host_t objects */
|
||||
if (this->me.host != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy my host_t object");
|
||||
this->me.host->destroy(this->me.host);
|
||||
}
|
||||
|
||||
/* destroy stored host_t objects */
|
||||
if (this->other.host != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy other host_t object");
|
||||
this->other.host->destroy(this->other.host);
|
||||
}
|
||||
|
||||
this->randomizer->destroy(this->randomizer);
|
||||
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy current state object");
|
||||
this->current_state->destroy(this->current_state);
|
||||
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy logger of IKE_SA");
|
||||
charon->logger_manager->destroy_logger(charon->logger_manager, this->logger);
|
||||
|
||||
allocator_free(this);
|
||||
|
|
|
@ -47,15 +47,6 @@ struct private_ike_sa_established_t {
|
|||
*/
|
||||
logger_t *logger;
|
||||
|
||||
/**
|
||||
* Process received DELETE payload and build DELETE payload for INFORMATIONAL response.
|
||||
*
|
||||
* @param this calling object
|
||||
* @param request DELETE payload received in INFORMATIONAL request
|
||||
* @param response The created DELETE payload is added to this message_t object
|
||||
*/
|
||||
status_t (*build_delete_payload) (private_ike_sa_established_t *this, delete_payload_t *request, message_t *response);
|
||||
|
||||
/**
|
||||
* Process a notify payload
|
||||
*
|
||||
|
@ -145,6 +136,7 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m
|
|||
case DELETE:
|
||||
{
|
||||
delete_request = (delete_payload_t *) payload;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
|
@ -158,16 +150,21 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m
|
|||
payloads->destroy(payloads);
|
||||
|
||||
if (delete_request)
|
||||
{
|
||||
status = this->build_delete_payload(this, delete_request, response);
|
||||
if (status == DELETE_ME)
|
||||
{
|
||||
if (delete_request->get_protocol_id(delete_request) == IKE)
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "DELETE request for IKE_SA received");
|
||||
response->destroy(response);
|
||||
return status;
|
||||
return DELETE_ME;
|
||||
}
|
||||
else
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "DELETE request for CHILD_SA received. Ignored");
|
||||
response->destroy(response);
|
||||
return SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
status = this->ike_sa->send_response(this->ike_sa, response);
|
||||
/* message can now be sent (must not be destroyed) */
|
||||
if (status != SUCCESS)
|
||||
|
@ -180,23 +177,6 @@ static status_t process_message(private_ike_sa_established_t *this, message_t *m
|
|||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_ike_sa_established_t.build_sa_payload;
|
||||
*/
|
||||
static status_t build_delete_payload (private_ike_sa_established_t *this, delete_payload_t *request, message_t *response_message)
|
||||
{
|
||||
if (request->get_protocol_id(request) == IKE)
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "DELETE request for IKE_SA received. Don't reply.");
|
||||
/* IKE_SA has to get deleted */
|
||||
return DELETE_ME;
|
||||
}
|
||||
|
||||
this->logger->log(this->logger, AUDIT, "DELETE payload for CHILD_SAs not supported and handled.");
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_ike_sa_established_t.process_notify_payload;
|
||||
*/
|
||||
|
@ -250,7 +230,6 @@ ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa)
|
|||
|
||||
/* private functions */
|
||||
this->process_notify_payload = process_notify_payload;
|
||||
this->build_delete_payload = build_delete_payload;
|
||||
|
||||
/* private data */
|
||||
this->ike_sa = ike_sa;
|
||||
|
|
|
@ -159,7 +159,6 @@ status_t retry_initiate_connection (private_initiator_init_t *this, diffie_hellm
|
|||
if (dh_group == MODP_UNDEFINED)
|
||||
{
|
||||
this->logger->log(this->logger, AUDIT, "No DH group acceptable for initialization, Aborting");
|
||||
message->destroy(message);
|
||||
return DELETE_ME;
|
||||
}
|
||||
|
||||
|
@ -280,7 +279,7 @@ static void build_nonce_payload(private_initiator_init_t *this, message_t *reque
|
|||
*/
|
||||
static status_t process_message(private_initiator_init_t *this, message_t *message)
|
||||
{
|
||||
this->logger->log(this->logger, ERROR, "In state INITIATOR_INIT no message is processed");
|
||||
this->logger->log(this->logger, ERROR, "In state INITIATOR_INIT, no message is processed");
|
||||
return FAILED;
|
||||
}
|
||||
|
||||
|
@ -302,12 +301,10 @@ static void destroy(private_initiator_init_t *this)
|
|||
/* destroy diffie hellman object */
|
||||
if (this->diffie_hellman != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Destroy diffie_hellman_t object");
|
||||
this->diffie_hellman->destroy(this->diffie_hellman);
|
||||
}
|
||||
if (this->sent_nonce.ptr != NULL)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL | LEVEL3, "Free memory of sent nonce");
|
||||
allocator_free(this->sent_nonce.ptr);
|
||||
}
|
||||
allocator_free(this);
|
||||
|
|
|
@ -31,7 +31,9 @@
|
|||
*/
|
||||
void test_init_config(protected_tester_t *tester)
|
||||
{
|
||||
init_config_t *init_config = init_config_create("192.168.0.1","192.168.0.2",500,500);
|
||||
host_t *alice = host_create(AF_INET, "192.168.0.1", 500);
|
||||
host_t *bob = host_create(AF_INET, "192.168.0.2", 500);
|
||||
init_config_t *init_config = init_config_create(alice, bob);
|
||||
proposal_t *prop1, *prop2, *prop3, *prop4;//, *selected_one;
|
||||
linked_list_t *list;
|
||||
//status_t status;
|
||||
|
|
|
@ -233,26 +233,22 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa
|
|||
|
||||
if ((message->get_major_version(message) != IKE_MAJOR_VERSION) ||
|
||||
(message->get_minor_version(message) != IKE_MINOR_VERSION))
|
||||
|
||||
{
|
||||
this->worker_logger->log(this->worker_logger, ERROR | LEVEL2, "IKE version %d.%d not supported",
|
||||
message->get_major_version(message),
|
||||
message->get_minor_version(message));
|
||||
message->get_major_version(message),
|
||||
message->get_minor_version(message));
|
||||
/*
|
||||
* TODO send notify reply of type INVALID_MAJOR_VERSION for requests of type IKE_SA_INIT.
|
||||
*
|
||||
* This check is not handled in state_t object of IKE_SA to increase speed.
|
||||
*/
|
||||
if ((message->get_exchange_type(message) == IKE_SA_INIT) && (message->get_request(message)))
|
||||
{
|
||||
message_t *response;
|
||||
message->get_ike_sa_id(message, &ike_sa_id);
|
||||
ike_sa_id->switch_initiator(ike_sa_id);
|
||||
response = message_create_notify_reply(message->get_destination(message),
|
||||
message->get_source(message),
|
||||
IKE_SA_INIT,
|
||||
FALSE,ike_sa_id,INVALID_MAJOR_VERSION);
|
||||
|
||||
if ((message->get_exchange_type(message) == IKE_SA_INIT) && (message->get_request(message)))
|
||||
{
|
||||
message_t *response;
|
||||
message->get_ike_sa_id(message, &ike_sa_id);
|
||||
ike_sa_id->switch_initiator(ike_sa_id);
|
||||
response = message_create_notify_reply(message->get_destination(message),
|
||||
message->get_source(message),
|
||||
IKE_SA_INIT,
|
||||
FALSE,ike_sa_id,INVALID_MAJOR_VERSION);
|
||||
message->destroy(message);
|
||||
ike_sa_id->destroy(ike_sa_id);
|
||||
status = response->generate(response, NULL, NULL, &packet);
|
||||
|
@ -266,10 +262,9 @@ static void process_incoming_packet_job(private_thread_pool_t *this, incoming_pa
|
|||
charon->send_queue->add(charon->send_queue, packet);
|
||||
response->destroy(response);
|
||||
return;
|
||||
}
|
||||
message->destroy(message);
|
||||
|
||||
return;
|
||||
}
|
||||
message->destroy(message);
|
||||
return;
|
||||
}
|
||||
|
||||
message->get_ike_sa_id(message, &ike_sa_id);
|
||||
|
|
|
@ -22,7 +22,8 @@
|
|||
|
||||
|
||||
#include "logger_manager.h"
|
||||
|
||||
|
||||
#include <daemon.h>
|
||||
#include <definitions.h>
|
||||
#include <utils/allocator.h>
|
||||
#include <utils/linked_list.h>
|
||||
|
@ -160,11 +161,11 @@ static logger_t *create_logger(private_logger_manager_t *this, logger_context_t
|
|||
context_name = mapping_find(logger_context_t_mappings,context);
|
||||
|
||||
/* output to stdout, since we are debugging all days */
|
||||
output = stdout;
|
||||
output = LOG_OUTPUT;
|
||||
|
||||
/* defaults */
|
||||
log_thread_ids = FALSE;
|
||||
logger_level = this->public.get_logger_level(&(this->public),context);;
|
||||
logger_level = this->public.get_logger_level(&(this->public),context);
|
||||
|
||||
switch(context)
|
||||
{
|
||||
|
|
|
@ -69,6 +69,12 @@ typedef struct logger_manager_t logger_manager_t;
|
|||
*
|
||||
* @see logger_t
|
||||
*
|
||||
* @todo We currently give out a new instance for every logger requested.
|
||||
* This is unnecessary. One logger for each class would be sufficient.
|
||||
*
|
||||
* @todo We could remove logger naming (additional to classes), since we have
|
||||
* never used it (and probably never will).
|
||||
*
|
||||
* @ingroup utils
|
||||
*/
|
||||
struct logger_manager_t {
|
||||
|
|
Loading…
Reference in New Issue