ike-cfg: Add setting for childless IKE_SAs
This commit is contained in:
Tobias Brunner
parent
9486a2e5b0
commit
ddb083c164
|
|
@ -101,10 +101,15 @@ struct private_ike_cfg_t {
|
|||
bool force_encap;
|
||||
|
||||
/**
|
||||
* use IKEv1 fragmentation
|
||||
* use IKE fragmentation
|
||||
*/
|
||||
fragmentation_t fragmentation;
|
||||
|
||||
/**
|
||||
* childless IKE_SAs
|
||||
*/
|
||||
childless_t childless;
|
||||
|
||||
/**
|
||||
* DSCP value to use on sent IKE packets
|
||||
*/
|
||||
|
|
@ -140,6 +145,12 @@ METHOD(ike_cfg_t, fragmentation, fragmentation_t,
|
|||
return this->fragmentation;
|
||||
}
|
||||
|
||||
METHOD(ike_cfg_t, childless, childless_t,
|
||||
private_ike_cfg_t *this)
|
||||
{
|
||||
return this->childless;
|
||||
}
|
||||
|
||||
/**
|
||||
* Common function for resolve_me/other
|
||||
*/
|
||||
|
|
@ -424,6 +435,7 @@ METHOD(ike_cfg_t, equals, bool,
|
|||
this->certreq == other->certreq &&
|
||||
this->force_encap == other->force_encap &&
|
||||
this->fragmentation == other->fragmentation &&
|
||||
this->childless == other->childless &&
|
||||
streq(this->me, other->me) &&
|
||||
streq(this->other, other->other) &&
|
||||
this->my_port == other->my_port &&
|
||||
|
|
@ -622,6 +634,7 @@ ike_cfg_t *ike_cfg_create(ike_cfg_create_t *data)
|
|||
.send_certreq = _send_certreq,
|
||||
.force_encap = _force_encap_,
|
||||
.fragmentation = _fragmentation,
|
||||
.childless = _childless,
|
||||
.resolve_me = _resolve_me,
|
||||
.resolve_other = _resolve_other,
|
||||
.match_me = _match_me,
|
||||
|
|
@ -645,6 +658,7 @@ ike_cfg_t *ike_cfg_create(ike_cfg_create_t *data)
|
|||
.certreq = !data->no_certreq,
|
||||
.force_encap = data->force_encap,
|
||||
.fragmentation = data->fragmentation,
|
||||
.childless = data->childless,
|
||||
.me = strdup(data->local),
|
||||
.my_ranges = linked_list_create(),
|
||||
.my_hosts = linked_list_create(),
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@
|
|||
|
||||
typedef enum ike_version_t ike_version_t;
|
||||
typedef enum fragmentation_t fragmentation_t;
|
||||
typedef enum childless_t childless_t;
|
||||
typedef struct ike_cfg_t ike_cfg_t;
|
||||
typedef struct ike_cfg_create_t ike_cfg_create_t;
|
||||
|
||||
|
|
@ -61,6 +62,18 @@ enum fragmentation_t {
|
|||
FRAGMENTATION_FORCE,
|
||||
};
|
||||
|
||||
/**
|
||||
* Childless IKE_SAs (RFC 6023)
|
||||
*/
|
||||
enum childless_t {
|
||||
/** Allow childless IKE_SAs as responder, but initiate regular IKE_SAs */
|
||||
CHILDLESS_ALLOW,
|
||||
/** Don't accept childless IKE_SAs as responder, don't initiate them */
|
||||
CHILDLESS_NEVER,
|
||||
/** Only accept the creation of childless IKE_SAs (also as responder) */
|
||||
CHILDLESS_FORCE,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum strings for ike_version_t
|
||||
*/
|
||||
|
|
@ -204,12 +217,19 @@ struct ike_cfg_t {
|
|||
bool (*force_encap) (ike_cfg_t *this);
|
||||
|
||||
/**
|
||||
* Use proprietary IKEv1 fragmentation
|
||||
* Use IKE fragmentation
|
||||
*
|
||||
* @return TRUE to use fragmentation
|
||||
*/
|
||||
fragmentation_t (*fragmentation) (ike_cfg_t *this);
|
||||
|
||||
/**
|
||||
* Whether to initiate/accept childless IKE_SAs
|
||||
*
|
||||
* @return initiate/accept childless IKE_SAs
|
||||
*/
|
||||
childless_t (*childless)(ike_cfg_t *this);
|
||||
|
||||
/**
|
||||
* Get the DH group to use for IKE_SA setup.
|
||||
*
|
||||
|
|
@ -266,6 +286,8 @@ struct ike_cfg_create_t {
|
|||
bool force_encap;
|
||||
/** Use IKE fragmentation */
|
||||
fragmentation_t fragmentation;
|
||||
/** Childless IKE_SA configuration */
|
||||
childless_t childless;
|
||||
/** DSCP value to send IKE packets with */
|
||||
uint8_t dscp;
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in New Issue