Add a closeaction ipsec.conf keyword to configure close action
This commit is contained in:
parent
0eb23d7be2
commit
f34ebc845b
|
@ -774,6 +774,22 @@ static void add_ts(private_stroke_config_t *this,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* map starter magic values to our action type
|
||||||
|
*/
|
||||||
|
static action_t map_action(int starter_action)
|
||||||
|
{
|
||||||
|
switch (starter_action)
|
||||||
|
{
|
||||||
|
case 2: /* =hold */
|
||||||
|
return ACTION_ROUTE;
|
||||||
|
case 3: /* =restart */
|
||||||
|
return ACTION_RESTART;
|
||||||
|
default:
|
||||||
|
return ACTION_NONE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* build a child config from the stroke message
|
* build a child config from the stroke message
|
||||||
*/
|
*/
|
||||||
|
@ -781,7 +797,6 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
|
||||||
stroke_msg_t *msg)
|
stroke_msg_t *msg)
|
||||||
{
|
{
|
||||||
child_cfg_t *child_cfg;
|
child_cfg_t *child_cfg;
|
||||||
action_t dpd;
|
|
||||||
lifetime_cfg_t lifetime = {
|
lifetime_cfg_t lifetime = {
|
||||||
.time = {
|
.time = {
|
||||||
.life = msg->add_conn.rekey.ipsec_lifetime,
|
.life = msg->add_conn.rekey.ipsec_lifetime,
|
||||||
|
@ -808,23 +823,11 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this,
|
||||||
.mask = msg->add_conn.mark_out.mask
|
.mask = msg->add_conn.mark_out.mask
|
||||||
};
|
};
|
||||||
|
|
||||||
switch (msg->add_conn.dpd.action)
|
|
||||||
{ /* map startes magic values to our action type */
|
|
||||||
case 2: /* =hold */
|
|
||||||
dpd = ACTION_ROUTE;
|
|
||||||
break;
|
|
||||||
case 3: /* =restart */
|
|
||||||
dpd = ACTION_RESTART;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
dpd = ACTION_NONE;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
child_cfg = child_cfg_create(
|
child_cfg = child_cfg_create(
|
||||||
msg->add_conn.name, &lifetime,
|
msg->add_conn.name, &lifetime, msg->add_conn.me.updown,
|
||||||
msg->add_conn.me.updown, msg->add_conn.me.hostaccess,
|
msg->add_conn.me.hostaccess, msg->add_conn.mode, ACTION_NONE,
|
||||||
msg->add_conn.mode, ACTION_NONE, dpd, dpd, msg->add_conn.ipcomp,
|
map_action(msg->add_conn.dpd.action),
|
||||||
|
map_action(msg->add_conn.close_action), msg->add_conn.ipcomp,
|
||||||
msg->add_conn.inactivity, msg->add_conn.reqid,
|
msg->add_conn.inactivity, msg->add_conn.reqid,
|
||||||
&mark_in, &mark_out, msg->add_conn.tfc);
|
&mark_in, &mark_out, msg->add_conn.tfc);
|
||||||
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
|
child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode,
|
||||||
|
|
|
@ -190,6 +190,9 @@ static void stroke_add_conn(private_stroke_socket_t *this, stroke_msg_t *msg)
|
||||||
DBG2(DBG_CFG, " aaa_identity=%s", msg->add_conn.aaa_identity);
|
DBG2(DBG_CFG, " aaa_identity=%s", msg->add_conn.aaa_identity);
|
||||||
DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike);
|
DBG2(DBG_CFG, " ike=%s", msg->add_conn.algorithms.ike);
|
||||||
DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp);
|
DBG2(DBG_CFG, " esp=%s", msg->add_conn.algorithms.esp);
|
||||||
|
DBG2(DBG_CFG, " dpddelay=%d", msg->add_conn.dpd.delay);
|
||||||
|
DBG2(DBG_CFG, " dpdaction=%d", msg->add_conn.dpd.action);
|
||||||
|
DBG2(DBG_CFG, " closeaction=%d", msg->add_conn.close_action);
|
||||||
DBG2(DBG_CFG, " mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no");
|
DBG2(DBG_CFG, " mediation=%s", msg->add_conn.ikeme.mediation ? "yes" : "no");
|
||||||
DBG2(DBG_CFG, " mediated_by=%s", msg->add_conn.ikeme.mediated_by);
|
DBG2(DBG_CFG, " mediated_by=%s", msg->add_conn.ikeme.mediated_by);
|
||||||
DBG2(DBG_CFG, " me_peerid=%s", msg->add_conn.ikeme.peerid);
|
DBG2(DBG_CFG, " me_peerid=%s", msg->add_conn.ikeme.peerid);
|
||||||
|
|
|
@ -228,6 +228,7 @@ static const token_info_t token_info[] =
|
||||||
{ ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL },
|
{ ARG_TIME, offsetof(starter_conn_t, dpd_delay), NULL },
|
||||||
{ ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL },
|
{ ARG_TIME, offsetof(starter_conn_t, dpd_timeout), NULL },
|
||||||
{ ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action },
|
{ ARG_ENUM, offsetof(starter_conn_t, dpd_action), LST_dpd_action },
|
||||||
|
{ ARG_ENUM, offsetof(starter_conn_t, close_action), LST_dpd_action },
|
||||||
{ ARG_TIME, offsetof(starter_conn_t, inactivity), NULL },
|
{ ARG_TIME, offsetof(starter_conn_t, inactivity), NULL },
|
||||||
{ ARG_MISC, 0, NULL /* KW_MODECONFIG */ },
|
{ ARG_MISC, 0, NULL /* KW_MODECONFIG */ },
|
||||||
{ ARG_MISC, 0, NULL /* KW_XAUTH */ },
|
{ ARG_MISC, 0, NULL /* KW_XAUTH */ },
|
||||||
|
|
|
@ -143,6 +143,8 @@ struct starter_conn {
|
||||||
dpd_action_t dpd_action;
|
dpd_action_t dpd_action;
|
||||||
int dpd_count;
|
int dpd_count;
|
||||||
|
|
||||||
|
dpd_action_t close_action;
|
||||||
|
|
||||||
time_t inactivity;
|
time_t inactivity;
|
||||||
|
|
||||||
bool me_mediation;
|
bool me_mediation;
|
||||||
|
|
|
@ -91,6 +91,7 @@ typedef enum {
|
||||||
KW_DPDDELAY,
|
KW_DPDDELAY,
|
||||||
KW_DPDTIMEOUT,
|
KW_DPDTIMEOUT,
|
||||||
KW_DPDACTION,
|
KW_DPDACTION,
|
||||||
|
KW_CLOSEACTION,
|
||||||
KW_INACTIVITY,
|
KW_INACTIVITY,
|
||||||
KW_MODECONFIG,
|
KW_MODECONFIG,
|
||||||
KW_XAUTH,
|
KW_XAUTH,
|
||||||
|
|
|
@ -82,6 +82,7 @@ pfsgroup, KW_PFSGROUP
|
||||||
dpddelay, KW_DPDDELAY
|
dpddelay, KW_DPDDELAY
|
||||||
dpdtimeout, KW_DPDTIMEOUT
|
dpdtimeout, KW_DPDTIMEOUT
|
||||||
dpdaction, KW_DPDACTION
|
dpdaction, KW_DPDACTION
|
||||||
|
closeaction, KW_CLOSEACTION
|
||||||
inactivity, KW_INACTIVITY
|
inactivity, KW_INACTIVITY
|
||||||
modeconfig, KW_MODECONFIG
|
modeconfig, KW_MODECONFIG
|
||||||
xauth, KW_XAUTH
|
xauth, KW_XAUTH
|
||||||
|
|
|
@ -258,6 +258,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
|
||||||
msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
|
msg.add_conn.algorithms.esp = push_string(&msg, conn->esp);
|
||||||
msg.add_conn.dpd.delay = conn->dpd_delay;
|
msg.add_conn.dpd.delay = conn->dpd_delay;
|
||||||
msg.add_conn.dpd.action = conn->dpd_action;
|
msg.add_conn.dpd.action = conn->dpd_action;
|
||||||
|
msg.add_conn.close_action = conn->close_action;
|
||||||
msg.add_conn.inactivity = conn->inactivity;
|
msg.add_conn.inactivity = conn->inactivity;
|
||||||
msg.add_conn.ikeme.mediation = conn->me_mediation;
|
msg.add_conn.ikeme.mediation = conn->me_mediation;
|
||||||
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
|
msg.add_conn.ikeme.mediated_by = push_string(&msg, conn->me_mediated_by);
|
||||||
|
|
|
@ -251,6 +251,7 @@ struct stroke_msg_t {
|
||||||
time_t inactivity;
|
time_t inactivity;
|
||||||
int proxy_mode;
|
int proxy_mode;
|
||||||
int install_policy;
|
int install_policy;
|
||||||
|
int close_action;
|
||||||
u_int32_t reqid;
|
u_int32_t reqid;
|
||||||
u_int32_t tfc;
|
u_int32_t tfc;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue