ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Merge branch 'ike-dscp'

This commit is contained in:
Martin Willi 2013-02-14 17:11:35 +01:00
parent 285668b6e3 88f4cd3988
commit e212033ef2
27 changed files with 242 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
man/ipsec.conf.5.in
View File

@ -452,6 +452,11 @@ suites, the strict flag
exclamation mark) can be used, e.g:
.BR aes256-sha512-modp4096!
.TP
.BR ikedscp " = " 000000 " | <DSCP field>"
Differentiated Services Field Codepoint to set on outgoing IKE packets sent
from this connection. The value is a six digit binary encoded string defining
the Codepoint to set, as defined in RFC 2474.
.TP
.BR ikelifetime " = " 3h " | <time>"
how long the keying channel of a connection (ISAKMP or IKE SA)
should last before being renegotiated. Also see EXPIRY/REKEY below.

3
src/charon-nm/nm/nm_service.c
View File

@ -501,7 +501,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
ike_cfg = ike_cfg_create(IKEV2, TRUE, encap, "0.0.0.0", FALSE,
charon->socket->get_port(charon->socket, FALSE),
(char*)address, FALSE, IKEV2_UDP_PORT,
FRAGMENTATION_NO);
FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(priv->name, ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
@ -718,4 +718,3 @@ NMStrongswanPlugin *nm_strongswan_plugin_new(nm_creds_t *creds,
}
return plugin;
}

2
src/conftest/config.c
View File

@ -107,7 +107,7 @@ static ike_cfg_t *load_ike_config(private_config_t *this,
settings->get_int(settings, "configs.%s.lport", 500, config),
settings->get_str(settings, "configs.%s.rhost", "%any", config), FALSE,
settings->get_int(settings, "configs.%s.rport", 500, config),
FRAGMENTATION_NO);
FRAGMENTATION_NO, 0);
token = settings->get_str(settings, "configs.%s.proposal", NULL, config);
if (token)
{

2
src/frontends/android/jni/libandroidbridge/backend/android_service.c
View File

@ -472,7 +472,7 @@ static job_requeue_t initiate(private_android_service_t *this)
ike_cfg = ike_cfg_create(IKEV2, TRUE, TRUE, "0.0.0.0", FALSE,
charon->socket->get_port(charon->socket, FALSE),
this->gateway, FALSE, IKEV2_UDP_PORT,
FRAGMENTATION_NO);
FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create("android", ike_cfg, CERT_SEND_IF_ASKED,

15
src/libcharon/config/ike_cfg.c
View File

@ -94,6 +94,11 @@ struct private_ike_cfg_t {
*/
fragmentation_t fragmentation;
/**
* DSCP value to use on sent IKE packets
*/
u_int8_t dscp;
/**
* List of proposals to use
*/
@ -156,6 +161,12 @@ METHOD(ike_cfg_t, get_other_port, u_int16_t,
return this->other_port;
}
METHOD(ike_cfg_t, get_dscp, u_int8_t,
private_ike_cfg_t *this)
{
return this->dscp;
}
METHOD(ike_cfg_t, add_proposal, void,
private_ike_cfg_t *this, proposal_t *proposal)
{
@ -312,7 +323,7 @@ METHOD(ike_cfg_t, destroy, void,
ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
char *me, bool my_allow_any, u_int16_t my_port,
char *other, bool other_allow_any, u_int16_t other_port,
fragmentation_t fragmentation)
fragmentation_t fragmentation, u_int8_t dscp)
{
private_ike_cfg_t *this;
@ -326,6 +337,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
.get_other_addr = _get_other_addr,
.get_my_port = _get_my_port,
.get_other_port = _get_other_port,
.get_dscp = _get_dscp,
.add_proposal = _add_proposal,
.get_proposals = _get_proposals,
.select_proposal = _select_proposal,
@ -345,6 +357,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
.other_allow_any = other_allow_any,
.my_port = my_port,
.other_port = other_port,
.dscp = dscp,
.proposals = linked_list_create(),
);

10
src/libcharon/config/ike_cfg.h
View File

@ -107,6 +107,13 @@ struct ike_cfg_t {
*/
u_int16_t (*get_other_port)(ike_cfg_t *this);
/**
* Get the DSCP value to use for IKE packets send from connections.
*
* @return DSCP value
*/
u_int8_t (*get_dscp)(ike_cfg_t *this);
/**
* Adds a proposal to the list.
*
@ -205,11 +212,12 @@ struct ike_cfg_t {
* @param other_allow_any allow override of remote address by any address
* @param other_port IKE port to use as dest, 500 uses IKEv2 port floating
* @param fragmentation use IKEv1 fragmentation
* @param dscp DSCP value to send IKE packets with
* @return ike_cfg_t object.
*/
ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
char *me, bool my_allow_any, u_int16_t my_port,
char *other, bool other_allow_any, u_int16_t other_port,
fragmentation_t fragmentation);
fragmentation_t fragmentation, u_int8_t dscp);
#endif /** IKE_CFG_H_ @}*/

4
src/libcharon/plugins/android/android_service.c
View File

@ -266,7 +266,8 @@ static job_requeue_t initiate(private_android_service_t *this)
ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE,
charon->socket->get_port(charon->socket, FALSE),
hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO);
hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO,
0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create("android", ike_cfg, CERT_SEND_IF_ASKED,
@ -386,4 +387,3 @@ android_service_t *android_service_create(android_creds_t *creds)
return &this->public;
}

3
src/libcharon/plugins/ha/ha_tunnel.c
View File

@ -205,7 +205,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
/* create config and backend */
ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, local, FALSE,
charon->socket->get_port(charon->socket, FALSE),
remote, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO);
remote, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND,
UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30,
@ -288,4 +288,3 @@ ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret)
return &this->public;
}

4
src/libcharon/plugins/load_tester/load_tester_config.c
View File

@ -491,7 +491,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
ike_cfg = ike_cfg_create(this->version, TRUE, FALSE,
local, FALSE, this->port + num - 1,
remote, FALSE, IKEV2_NATT_PORT,
FRAGMENTATION_NO);
FRAGMENTATION_NO, 0);
}
else
{
@ -499,7 +499,7 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
local, FALSE,
charon->socket->get_port(charon->socket, FALSE),
remote, FALSE, IKEV2_UDP_PORT,
FRAGMENTATION_NO);
FRAGMENTATION_NO, 0);
}
ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
peer_cfg = peer_cfg_create("load-test", ike_cfg,

4
src/libcharon/plugins/maemo/maemo_service.c
View File

@ -325,7 +325,8 @@ static gboolean initiate_connection(private_maemo_service_t *this,
ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "0.0.0.0", FALSE,
charon->socket->get_port(charon->socket, FALSE),
hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO);
hostname, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO,
0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(this->current, ike_cfg,
@ -524,4 +525,3 @@ maemo_service_t *maemo_service_create()
return &this->public;
}

5
src/libcharon/plugins/medcli/medcli_config.c
View File

@ -105,7 +105,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE,
"0.0.0.0", FALSE,
charon->socket->get_port(charon->socket, FALSE),
address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO);
address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
med_cfg = peer_cfg_create(
"mediation", ike_cfg,
@ -381,7 +381,7 @@ medcli_config_t *medcli_config_create(database_t *db)
"0.0.0.0", FALSE,
charon->socket->get_port(charon->socket, FALSE),
"0.0.0.0", FALSE, IKEV2_UDP_PORT,
FRAGMENTATION_NO),
FRAGMENTATION_NO, 0),
);
this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
@ -389,4 +389,3 @@ medcli_config_t *medcli_config_create(database_t *db)
return &this->public;
}

3
src/libcharon/plugins/medsrv/medsrv_config.c
View File

@ -143,10 +143,9 @@ medsrv_config_t *medsrv_config_create(database_t *db)
"0.0.0.0", FALSE,
charon->socket->get_port(charon->socket, FALSE),
"0.0.0.0", FALSE, IKEV2_UDP_PORT,
FRAGMENTATION_NO),
FRAGMENTATION_NO, 0),
);
this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
return &this->public;
}

136
src/libcharon/plugins/socket_default/socket_default_socket.c
View File

@ -55,6 +55,9 @@
#ifndef SOL_IPV6
#define SOL_IPV6 IPPROTO_IPV6
#endif
#ifndef IPV6_TCLASS
#define IPV6_TCLASS 67
#endif
/* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that
* previously defined IPV6_PKTINFO */
@ -112,6 +115,26 @@ struct private_socket_default_socket_t {
*/
int ipv6_natt;
/**
* DSCP value set on IPv4 socket
*/
u_int8_t dscp4;
/**
* DSCP value set on IPv4 socket for NAT-T (4500 or natt)
*/
u_int8_t dscp4_natt;
/**
* DSCP value set on IPv6 socket (500 or port)
*/
u_int8_t dscp6;
/**
* DSCP value set on IPv6 socket for NAT-T (4500 or natt)
*/
u_int8_t dscp6_natt;
/**
* Maximum packet size to receive
*/
@ -310,6 +333,7 @@ METHOD(socket_t, sender, status_t,
struct msghdr msg;
struct cmsghdr *cmsg;
struct iovec iov;
u_int8_t *dscp;
src = packet->get_source(packet);
dst = packet->get_destination(packet);
@ -322,24 +346,34 @@ METHOD(socket_t, sender, status_t,
family = dst->get_family(dst);
if (sport == 0 || sport == this->port)
{
if (family == AF_INET)
switch (family)
{
skt = this->ipv4;
}
else
{
skt = this->ipv6;
case AF_INET:
skt = this->ipv4;
dscp = &this->dscp4;
break;
case AF_INET6:
skt = this->ipv6;
dscp = &this->dscp6;
break;
default:
return FAILED;
}
}
else if (sport == this->natt)
{
if (family == AF_INET)
switch (family)
{
skt = this->ipv4_natt;
}
else
{
skt = this->ipv6_natt;
case AF_INET:
skt = this->ipv4_natt;
dscp = &this->dscp4_natt;
break;
case AF_INET6:
skt = this->ipv6_natt;
dscp = &this->dscp6_natt;
break;
default:
return FAILED;
}
}
else
@ -348,6 +382,43 @@ METHOD(socket_t, sender, status_t,
return FAILED;
}
/* setting DSCP values per-packet in a cmsg seems not to be supported
* on Linux. We instead setsockopt() before sending it, this should be
* safe as only a single thread calls send(). */
if (*dscp != packet->get_dscp(packet))
{
if (family == AF_INET)
{
u_int8_t ds4;
ds4 = packet->get_dscp(packet) << 2;
if (setsockopt(skt, SOL_IP, IP_TOS, &ds4, sizeof(ds4)) == 0)
{
*dscp = packet->get_dscp(packet);
}
else
{
DBG1(DBG_NET, "unable to set IP_TOS on socket: %s",
strerror(errno));
}
}
else
{
u_int ds6;
ds6 = packet->get_dscp(packet) << 2;
if (setsockopt(skt, SOL_IPV6, IPV6_TCLASS, &ds6, sizeof(ds6)) == 0)
{
*dscp = packet->get_dscp(packet);
}
else
{
DBG1(DBG_NET, "unable to set IPV6_TCLASS on socket: %s",
strerror(errno));
}
}
}
memset(&msg, 0, sizeof(struct msghdr));
msg.msg_name = dst->get_sockaddr(dst);;
msg.msg_namelen = *dst->get_sockaddr_len(dst);
@ -433,22 +504,24 @@ static int open_socket(private_socket_default_socket_t *this,
int family, u_int16_t *port)
{
int on = TRUE;
struct sockaddr_storage addr;
union {
struct sockaddr sockaddr;
struct sockaddr_in sin;
struct sockaddr_in6 sin6;
} addr;
socklen_t addrlen;
u_int sol, pktinfo = 0;
int skt;
memset(&addr, 0, sizeof(addr));
addr.ss_family = family;
addr.sockaddr.sa_family = family;
/* precalculate constants depending on address family */
switch (family)
{
case AF_INET:
{
struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
htoun32(&sin->sin_addr.s_addr, INADDR_ANY);
htoun16(&sin->sin_port, *port);
addrlen = sizeof(struct sockaddr_in);
addr.sin.sin_addr.s_addr = htonl(INADDR_ANY);
addr.sin.sin_port = htons(*port);
addrlen = sizeof(addr.sin);
sol = SOL_IP;
#ifdef IP_PKTINFO
pktinfo = IP_PKTINFO;
@ -456,17 +529,13 @@ static int open_socket(private_socket_default_socket_t *this,
pktinfo = IP_RECVDSTADDR;
#endif
break;
}
case AF_INET6:
{
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any));
htoun16(&sin6->sin6_port, *port);
addrlen = sizeof(struct sockaddr_in6);
memcpy(&addr.sin6.sin6_addr, &in6addr_any, sizeof(in6addr_any));
addr.sin6.sin6_port = htons(*port);
addrlen = sizeof(addr.sin6);
sol = SOL_IPV6;
pktinfo = IPV6_RECVPKTINFO;
break;
}
default:
return 0;
}
@ -485,7 +554,7 @@ static int open_socket(private_socket_default_socket_t *this,
}
/* bind the socket */
if (bind(skt, (struct sockaddr *)&addr, addrlen) < 0)
if (bind(skt, &addr.sockaddr, addrlen) < 0)
{
DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno));
close(skt);
@ -495,7 +564,7 @@ static int open_socket(private_socket_default_socket_t *this,
/* retrieve randomly allocated port if needed */
if (*port == 0)
{
if (getsockname(skt, (struct sockaddr *)&addr, &addrlen) < 0)
if (getsockname(skt, &addr.sockaddr, &addrlen) < 0)
{
DBG1(DBG_NET, "unable to determine port: %s", strerror(errno));
close(skt);
@ -504,17 +573,11 @@ static int open_socket(private_socket_default_socket_t *this,
switch (family)
{
case AF_INET:
{
struct sockaddr_in *sin = (struct sockaddr_in *)&addr;
*port = untoh16(&sin->sin_port);
*port = ntohs(addr.sin.sin_port);
break;
}
case AF_INET6:
{
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr;
*port = untoh16(&sin6->sin6_port);
*port = ntohs(addr.sin6.sin6_port);
break;
}
}
}
@ -642,4 +705,3 @@ socket_default_socket_t *socket_default_socket_create()
return &this->public;
}

3
src/libcharon/plugins/sql/sql_config.c
View File

@ -262,7 +262,7 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e,
local, FALSE,
charon->socket->get_port(charon->socket, FALSE),
remote, FALSE, IKEV2_UDP_PORT,
FRAGMENTATION_NO);
FRAGMENTATION_NO, 0);
add_ike_proposals(this, ike_cfg, id);
return ike_cfg;
}
@ -620,4 +620,3 @@ sql_config_t *sql_config_create(database_t *db)
return &this->public;
}

3
src/libcharon/plugins/stroke/stroke_config.c
View File

@ -234,7 +234,8 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg
msg->add_conn.other.address,
msg->add_conn.other.allow_any,
msg->add_conn.other.ikeport,
msg->add_conn.fragmentation);
msg->add_conn.fragmentation,
msg->add_conn.ikedscp);
add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
return ike_cfg;
}

5
src/libcharon/plugins/uci/uci_config.c
View File

@ -156,7 +156,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
local_addr, FALSE,
charon->socket->get_port(charon->socket, FALSE),
remote_addr, FALSE, IKEV2_UDP_PORT,
FRAGMENTATION_NO);
FRAGMENTATION_NO, 0);
ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
this->peer_cfg = peer_cfg_create(
name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
@ -255,7 +255,7 @@ METHOD(enumerator_t, ike_enumerator_enumerate, bool,
local_addr, FALSE,
charon->socket->get_port(charon->socket, FALSE),
remote_addr, FALSE, IKEV2_UDP_PORT,
FRAGMENTATION_NO);
FRAGMENTATION_NO, 0);
this->ike_cfg->add_proposal(this->ike_cfg,
create_proposal(ike_proposal, PROTO_IKE));
@ -343,4 +343,3 @@ uci_config_t *uci_config_create(uci_parser_t *parser)
return &this->public;
}

27
src/libcharon/sa/ike_sa.c
View File

@ -939,14 +939,38 @@ METHOD(ike_sa_t, update_hosts, void,
}
}
/**
* Set configured DSCP value on packet
*/
static void set_dscp(private_ike_sa_t *this, packet_t *packet)
{
ike_cfg_t *ike_cfg;
/* prefer IKE config on peer_cfg, as its selection is more accurate
* then the initial IKE config */
if (this->peer_cfg)
{
ike_cfg = this->peer_cfg->get_ike_cfg(this->peer_cfg);
}
else
{
ike_cfg = this->ike_cfg;
}
if (ike_cfg)
{
packet->set_dscp(packet, ike_cfg->get_dscp(ike_cfg));
}
}
METHOD(ike_sa_t, generate_message, status_t,
private_ike_sa_t *this, message_t *message, packet_t **packet)
{
status_t status;
if (message->is_encoded(message))
{ /* already done */
{ /* already encoded in task, but set DSCP value */
*packet = message->get_packet(message);
set_dscp(this, *packet);
return SUCCESS;
}
this->stats[STAT_OUTBOUND] = time_monotonic(NULL);
@ -955,6 +979,7 @@ METHOD(ike_sa_t, generate_message, status_t,
status = message->generate(message, this->keymat, packet);
if (status == SUCCESS)
{
set_dscp(this, *packet);
charon->bus->message(charon->bus, message, FALSE, FALSE);
}
return status;

14
src/libipsec/esp_packet.c
View File

@ -97,6 +97,18 @@ METHOD(packet_t, set_data, void,
return this->packet->set_data(this->packet, data);
}
METHOD(packet_t, get_dscp, u_int8_t,
private_esp_packet_t *this)
{
return this->packet->get_dscp(this->packet);
}
METHOD(packet_t, set_dscp, void,
private_esp_packet_t *this, u_int8_t value)
{
this->packet->set_dscp(this->packet, value);
}
METHOD(packet_t, skip_bytes, void,
private_esp_packet_t *this, size_t bytes)
{
@ -411,6 +423,8 @@ static private_esp_packet_t *esp_packet_create_internal(packet_t *packet)
.get_destination = _get_destination,
.get_data = _get_data,
.set_data = _set_data,
.get_dscp = _get_dscp,
.set_dscp = _set_dscp,
.skip_bytes = _skip_bytes,
.clone = _clone,
.destroy = _destroy,

19
src/libstrongswan/networking/packet.c
View File

@ -39,6 +39,11 @@ struct private_packet_t {
*/
host_t *destination;
/**
* DSCP value on packet
*/
u_int8_t dscp;
/**
* message data
*/
@ -89,6 +94,17 @@ METHOD(packet_t, set_data, void,
this->adjusted_data = this->data = data;
}
METHOD(packet_t, get_dscp, u_int8_t,
private_packet_t *this)
{
return this->dscp;
}
METHOD(packet_t, set_dscp, void,
private_packet_t *this, u_int8_t value)
{
this->dscp = value;
}
METHOD(packet_t, skip_bytes, void,
private_packet_t *this, size_t bytes)
{
@ -123,6 +139,7 @@ METHOD(packet_t, clone_, packet_t*,
{
other->set_data(other, chunk_clone(this->adjusted_data));
}
other->set_dscp(other, this->dscp);
return other;
}
@ -141,6 +158,8 @@ packet_t *packet_create_from_data(host_t *src, host_t *dst, chunk_t data)
.get_source = _get_source,
.set_destination = _set_destination,
.get_destination = _get_destination,
.get_dscp = _get_dscp,
.set_dscp = _set_dscp,
.skip_bytes = _skip_bytes,
.clone = _clone_,
.destroy = _destroy,

14
src/libstrongswan/networking/packet.h
View File

@ -75,6 +75,20 @@ struct packet_t {
*/
void (*set_data)(packet_t *packet, chunk_t data);
/**
* Get the DiffServ Code Point set on this packet.
*
* @return DSCP value
*/
u_int8_t (*get_dscp)(packet_t *this);
/**
* Set the DiffServ Code Point to use on this packet.
*
* @param value DSCP value
*/
void (*set_dscp)(packet_t *this, u_int8_t value);
/**
* Increase the offset where the actual packet data starts.
*

4
src/libstrongswan/networking/tun_device.c
View File

@ -88,7 +88,6 @@ static void set_netmask(struct ifreq *ifr, int family, u_int8_t netmask)
case AF_INET:
{
struct sockaddr_in *addr = (struct sockaddr_in*)&ifr->ifr_addr;
addr->sin_family = AF_INET;
target = (char*)&addr->sin_addr;
len = 4;
break;
@ -96,7 +95,6 @@ static void set_netmask(struct ifreq *ifr, int family, u_int8_t netmask)
case AF_INET6:
{
struct sockaddr_in6 *addr = (struct sockaddr_in6*)&ifr->ifr_addr;
addr->sin6_family = AF_INET6;
target = (char*)&addr->sin6_addr;
len = 16;
break;
@ -105,6 +103,8 @@ static void set_netmask(struct ifreq *ifr, int family, u_int8_t netmask)
return;
}
ifr->ifr_addr.sa_family = family;
bytes = (netmask + 7) / 8;
bits = (bytes * 8) - netmask;

17
src/starter/args.c
View File

@ -33,6 +33,7 @@ typedef enum {
ARG_TIME,
ARG_ULNG,
ARG_ULLI,
ARG_UBIN,
ARG_PCNT,
ARG_STR,
ARG_LST,
@ -146,6 +147,7 @@ static const token_info_t token_info[] =
{ ARG_MISC, 0, NULL /* KW_MOBIKE */ },
{ ARG_MISC, 0, NULL /* KW_FORCEENCAPS */ },
{ ARG_ENUM, offsetof(starter_conn_t, fragmentation), LST_fragmentation },
{ ARG_UBIN, offsetof(starter_conn_t, ikedscp), NULL },
{ ARG_TIME, offsetof(starter_conn_t, sa_ike_life_seconds), NULL },
{ ARG_TIME, offsetof(starter_conn_t, sa_ipsec_life_seconds), NULL },
{ ARG_TIME, offsetof(starter_conn_t, sa_rekey_margin), NULL },
@ -399,6 +401,21 @@ bool assign_arg(kw_token_t token, kw_token_t first, kw_list_t *kw, char *base,
}
}
break;
case ARG_UBIN:
{
char *endptr;
u_int *u = (u_int *)p;
*u = strtoul(kw->value, &endptr, 2);
if (*endptr != '\0')
{
DBG1(DBG_APP, "# bad binary value: %s=%s", kw->entry->name,
kw->value);
return FALSE;
}
}
break;
case ARG_TIME:
{
char *endptr;

2
src/starter/confread.h
View File

@ -148,6 +148,7 @@ struct starter_conn {
ipsec_mode_t mode;
bool proxy_mode;
fragmentation_t fragmentation;
u_int ikedscp;
sa_option_t options;
time_t sa_ike_life_seconds;
time_t sa_ipsec_life_seconds;
@ -246,4 +247,3 @@ extern starter_config_t *confread_load(const char *file);
extern void confread_free(starter_config_t *cfg);
#endif /* _IPSEC_CONFREAD_H_ */

2
src/starter/keywords.h
View File

@ -43,6 +43,7 @@ typedef enum {
KW_MOBIKE,
KW_FORCEENCAPS,
KW_FRAGMENTATION,
KW_IKEDSCP,
KW_IKELIFETIME,
KW_KEYLIFE,
KW_REKEYMARGIN,
@ -186,4 +187,3 @@ typedef enum {
} kw_token_t;
#endif /* _KEYWORDS_H_ */

1
src/starter/keywords.txt
View File

@ -41,6 +41,7 @@ aaa_identity, KW_AAA_IDENTITY
mobike, KW_MOBIKE
forceencaps, KW_FORCEENCAPS
fragmentation, KW_FRAGMENTATION
ikedscp, KW_IKEDSCP,
ikelifetime, KW_IKELIFETIME
lifetime, KW_KEYLIFE
keylife, KW_KEYLIFE

2
src/starter/starterstroke.c
View File

@ -181,6 +181,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
msg.add_conn.mobike = conn->options & SA_OPTION_MOBIKE;
msg.add_conn.force_encap = conn->options & SA_OPTION_FORCE_ENCAP;
msg.add_conn.fragmentation = conn->fragmentation;
msg.add_conn.ikedscp = conn->ikedscp;
msg.add_conn.ipcomp = conn->options & SA_OPTION_COMPRESS;
msg.add_conn.install_policy = conn->install_policy;
msg.add_conn.aggressive = conn->aggressive;
@ -330,4 +331,3 @@ int starter_stroke_configure(starter_config_t *cfg)
}
return 0;
}

1
src/stroke/stroke_msg.h
View File

@ -262,6 +262,7 @@ struct stroke_msg_t {
int close_action;
u_int32_t reqid;
u_int32_t tfc;
u_int8_t ikedscp;
crl_policy_t crl_policy;
int unique;