Adapted the config backends to the new lifetime configuration.
This commit is contained in:
Tobias Brunner
parent
caf87c7dcb
commit
e0a8a8c3ec
|
|
@ -178,6 +178,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
|
|||
{
|
||||
ike_cfg_t *ike_cfg;
|
||||
child_cfg_t *child_cfg;
|
||||
lifetime_cfg_t *lifetime;
|
||||
peer_cfg_t *peer_cfg;
|
||||
traffic_selector_t *ts;
|
||||
proposal_t *proposal;
|
||||
|
|
@ -201,8 +202,11 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
|
|||
generate_auth_cfg(this, this->responder_auth, peer_cfg, TRUE, num);
|
||||
generate_auth_cfg(this, this->initiator_auth, peer_cfg, FALSE, num);
|
||||
}
|
||||
child_cfg = child_cfg_create("load-test", this->child_rekey * 2,
|
||||
this->child_rekey, 0, NULL, TRUE,
|
||||
|
||||
lifetime = lifetime_cfg_create_time(this->child_rekey * 2,
|
||||
this->child_rekey, 0);
|
||||
|
||||
child_cfg = child_cfg_create("load-test", lifetime, NULL, TRUE,
|
||||
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
|
||||
proposal = proposal_create_from_string(PROTO_ESP, "aes128-sha1");
|
||||
child_cfg->add_proposal(child_cfg, proposal);
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
|
|||
ike_cfg_t *ike_cfg;
|
||||
child_cfg_t *child_cfg;
|
||||
chunk_t me, other;
|
||||
lifetime_cfg_t *lifetime;
|
||||
char *address, *local_net, *remote_net;
|
||||
|
||||
/* query mediation server config:
|
||||
|
|
@ -173,8 +174,10 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
|
|||
identification_create_from_encoding(ID_KEY_ID, other));
|
||||
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
|
||||
|
||||
child_cfg = child_cfg_create(name, this->rekey*60 + this->rekey,
|
||||
this->rekey*60, this->rekey, NULL, TRUE,
|
||||
lifetime = lifetime_cfg_create_time(this->rekey * 60 + this->rekey,
|
||||
this->rekey, this->rekey);
|
||||
|
||||
child_cfg = child_cfg_create(name, lifetime, NULL, TRUE,
|
||||
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
|
||||
|
|
@ -217,6 +220,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
|
|||
chunk_t me, other;
|
||||
child_cfg_t *child_cfg;
|
||||
auth_cfg_t *auth;
|
||||
lifetime_cfg_t *lifetime;
|
||||
|
||||
DESTROY_IF(this->current);
|
||||
if (!this->inner->enumerate(this->inner, &name, &me, &other,
|
||||
|
|
@ -245,10 +249,11 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
|
|||
identification_create_from_encoding(ID_KEY_ID, other));
|
||||
this->current->add_auth_cfg(this->current, auth, FALSE);
|
||||
|
||||
child_cfg = child_cfg_create(
|
||||
name, this->rekey*60 + this->rekey,
|
||||
this->rekey*60, this->rekey, NULL, TRUE,
|
||||
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
|
||||
lifetime = lifetime_cfg_create_time(this->rekey * 60 + this->rekey,
|
||||
this->rekey, this->rekey);
|
||||
|
||||
child_cfg = child_cfg_create(name, lifetime, NULL, TRUE, MODE_TUNNEL,
|
||||
ACTION_NONE, ACTION_NONE, FALSE);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
|
||||
|
|
|
|||
|
|
@ -218,6 +218,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
|||
ike_cfg_t *ike_cfg;
|
||||
peer_cfg_t *peer_cfg;
|
||||
child_cfg_t *child_cfg;
|
||||
lifetime_cfg_t *lifetime;
|
||||
traffic_selector_t *ts;
|
||||
ike_sa_t *ike_sa;
|
||||
auth_cfg_t *auth;
|
||||
|
|
@ -426,9 +427,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
|||
auth->add(auth, AUTH_RULE_IDENTITY, gateway);
|
||||
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
|
||||
|
||||
child_cfg = child_cfg_create(priv->name,
|
||||
10800, 10200, /* lifetime 3h, rekey 2h50min */
|
||||
300, /* jitter 5min */
|
||||
lifetime = lifetime_cfg_create_time(10800 /* 3h */, 10200 /* 2h50min */,
|
||||
300 /* 5min */);
|
||||
|
||||
child_cfg = child_cfg_create(priv->name, lifetime,
|
||||
NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */
|
||||
ACTION_NONE, ACTION_NONE, ipcomp);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
|
|
|
|||
|
|
@ -130,8 +130,10 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e)
|
|||
if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter,
|
||||
&updown, &hostaccess, &mode, &dpd, &close, &ipcomp))
|
||||
{
|
||||
child_cfg = child_cfg_create(name, lifetime, rekeytime, jitter,
|
||||
updown, hostaccess, mode, dpd, close, ipcomp);
|
||||
lifetime_cfg_t *lft = lifetime_cfg_create_time(lifetime, rekeytime,
|
||||
jitter);
|
||||
child_cfg = child_cfg_create(name, lft, updown, hostaccess, mode,
|
||||
dpd, close, ipcomp);
|
||||
/* TODO: read proposal from db */
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
add_traffic_selectors(this, child_cfg, id);
|
||||
|
|
|
|||
|
|
@ -752,6 +752,7 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
|
|||
stroke_msg_t *msg)
|
||||
{
|
||||
child_cfg_t *child_cfg;
|
||||
lifetime_cfg_t *lifetime;
|
||||
action_t dpd;
|
||||
|
||||
switch (msg->add_conn.dpd.action)
|
||||
|
|
@ -766,10 +767,14 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
|
|||
dpd = ACTION_NONE;
|
||||
break;
|
||||
}
|
||||
child_cfg = child_cfg_create(
|
||||
msg->add_conn.name, msg->add_conn.rekey.ipsec_lifetime,
|
||||
|
||||
lifetime = lifetime_cfg_create_time(
|
||||
msg->add_conn.rekey.ipsec_lifetime,
|
||||
msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin,
|
||||
msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100,
|
||||
msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100);
|
||||
|
||||
child_cfg = child_cfg_create(
|
||||
msg->add_conn.name, lifetime,
|
||||
msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
|
||||
msg->add_conn.mode, dpd, dpd, msg->add_conn.ipcomp);
|
||||
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
|
||||
|
|
|
|||
|
|
@ -142,6 +142,7 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
|
|||
char *local_id, *local_addr, *local_net;
|
||||
char *remote_id, *remote_addr, *remote_net;
|
||||
child_cfg_t *child_cfg;
|
||||
lifetime_cfg_t *lifetime;
|
||||
ike_cfg_t *ike_cfg;
|
||||
auth_cfg_t *auth;
|
||||
|
||||
|
|
@ -186,9 +187,10 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg)
|
|||
identification_create_from_string(remote_id));
|
||||
}
|
||||
this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
|
||||
child_cfg = child_cfg_create(name,
|
||||
create_rekey(esp_rekey) + 300, create_rekey(ike_rekey), 300,
|
||||
NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
|
||||
lifetime = lifetime_cfg_create_time(create_rekey(esp_rekey) + 300,
|
||||
create_rekey(esp_rekey), 300);
|
||||
child_cfg = child_cfg_create(name, lifetime, NULL, TRUE, MODE_TUNNEL,
|
||||
ACTION_NONE, ACTION_NONE, FALSE);
|
||||
child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net));
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net));
|
||||
|
|
|
|||
Loading…
Reference in New Issue