diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-05-25 19:01:36 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2010-05-25 19:01:36 +0000 |
commit | 1ac70afcc1f7d6d2738a34308810719b0976d29f (patch) | |
tree | 805f6ce2a15d1a717781d7cbceac8408a74b6b0c | |
parent | ed7d79f96177044949744da10f4431c1d6242241 (diff) | |
download | vyos-strongswan-1ac70afcc1f7d6d2738a34308810719b0976d29f.tar.gz vyos-strongswan-1ac70afcc1f7d6d2738a34308810719b0976d29f.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.4.0)
1459 files changed, 32095 insertions, 11258 deletions
diff --git a/Android.mk b/Android.mk new file mode 100644 index 000000000..0cda18302 --- /dev/null +++ b/Android.mk @@ -0,0 +1,64 @@ +LOCAL_PATH := $(call my-dir) +include $(CLEAR_VARS) + +# this is the list of plugins that are built into libstrongswan and charon +# also these plugins are loaded by default (if not changed in strongswan.conf) +strongswan_PLUGINS := openssl fips-prf random x509 pubkey pkcs1 \ + pem xcbc hmac kernel-netlink socket-default android + +# helper macros to only add source files for plugins included in the list above +# source files are relative to the android.mk that called the macro +plugin_enabled = $(findstring $(1), $(strongswan_PLUGINS)) +add_plugin = $(if $(call plugin_enabled,$(1)), \ + $(patsubst $(LOCAL_PATH)/%,%, \ + $(wildcard \ + $(LOCAL_PATH)/plugins/$(subst -,_,$(strip $(1)))/*.c \ + ) \ + ) \ + ) + +# includes +strongswan_PATH := $(LOCAL_PATH) +libvstr_PATH := external/strongswan-support/vstr/include +libgmp_PATH := external/strongswan-support/gmp + +# CFLAGS (partially from a configure run using droid-gcc) +strongswan_CFLAGS := \ + -Wno-format \ + -Wno-pointer-sign \ + -Wno-pointer-arith \ + -Wno-sign-compare \ + -Wno-strict-aliasing \ + -DHAVE___BOOL \ + -DHAVE_STDBOOL_H \ + -DHAVE_ALLOCA_H \ + -DHAVE_ALLOCA \ + -DHAVE_CLOCK_GETTIME \ + -DHAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC \ + -DHAVE_PRCTL \ + -DHAVE_LINUX_UDP_H \ + -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY \ + -DHAVE_IPSEC_MODE_BEET \ + -DHAVE_IPSEC_DIR_FWD \ + -DMONOLITHIC \ + -DUSE_VSTR \ + -DROUTING_TABLE=0 \ + -DROUTING_TABLE_PRIO=220 \ + -DVERSION=\"4.4.0\" \ + -DPLUGINS='"$(strongswan_PLUGINS)"' \ + -DIPSEC_DIR=\"/system/bin\" \ + -DIPSEC_PIDDIR=\"/data/misc/vpn\" \ + -DSTRONGSWAN_CONF=\"/system/etc/strongswan.conf\" \ + -DDEV_RANDOM=\"/dev/random\" \ + -DDEV_URANDOM=\"/dev/urandom\" + +# only for Android 2.0+ +strongswan_CFLAGS += \ + -DHAVE_IN6ADDR_ANY + +include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \ + charon \ + libcharon \ + libhydra \ + libstrongswan \ + )) diff --git a/Android.mk.in b/Android.mk.in new file mode 100644 index 000000000..4a4b7df96 --- /dev/null +++ b/Android.mk.in @@ -0,0 +1,64 @@ +LOCAL_PATH := $(call my-dir) +include $(CLEAR_VARS) + +# this is the list of plugins that are built into libstrongswan and charon +# also these plugins are loaded by default (if not changed in strongswan.conf) +strongswan_PLUGINS := openssl fips-prf random x509 pubkey pkcs1 \ + pem xcbc hmac kernel-netlink socket-default android + +# helper macros to only add source files for plugins included in the list above +# source files are relative to the android.mk that called the macro +plugin_enabled = $(findstring $(1), $(strongswan_PLUGINS)) +add_plugin = $(if $(call plugin_enabled,$(1)), \ + $(patsubst $(LOCAL_PATH)/%,%, \ + $(wildcard \ + $(LOCAL_PATH)/plugins/$(subst -,_,$(strip $(1)))/*.c \ + ) \ + ) \ + ) + +# includes +strongswan_PATH := $(LOCAL_PATH) +libvstr_PATH := external/strongswan-support/vstr/include +libgmp_PATH := external/strongswan-support/gmp + +# CFLAGS (partially from a configure run using droid-gcc) +strongswan_CFLAGS := \ + -Wno-format \ + -Wno-pointer-sign \ + -Wno-pointer-arith \ + -Wno-sign-compare \ + -Wno-strict-aliasing \ + -DHAVE___BOOL \ + -DHAVE_STDBOOL_H \ + -DHAVE_ALLOCA_H \ + -DHAVE_ALLOCA \ + -DHAVE_CLOCK_GETTIME \ + -DHAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC \ + -DHAVE_PRCTL \ + -DHAVE_LINUX_UDP_H \ + -DHAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY \ + -DHAVE_IPSEC_MODE_BEET \ + -DHAVE_IPSEC_DIR_FWD \ + -DMONOLITHIC \ + -DUSE_VSTR \ + -DROUTING_TABLE=0 \ + -DROUTING_TABLE_PRIO=220 \ + -DVERSION=\"@PACKAGE_VERSION@\" \ + -DPLUGINS='"$(strongswan_PLUGINS)"' \ + -DIPSEC_DIR=\"/system/bin\" \ + -DIPSEC_PIDDIR=\"/data/misc/vpn\" \ + -DSTRONGSWAN_CONF=\"/system/etc/strongswan.conf\" \ + -DDEV_RANDOM=\"/dev/random\" \ + -DDEV_URANDOM=\"/dev/urandom\" + +# only for Android 2.0+ +strongswan_CFLAGS += \ + -DHAVE_IN6ADDR_ANY + +include $(addprefix $(LOCAL_PATH)/src/,$(addsuffix /Android.mk, \ + charon \ + libcharon \ + libhydra \ + libstrongswan \ + )) diff --git a/Doxyfile.in b/Doxyfile.in index 8cb6e50a5..b79c9909d 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -528,7 +528,8 @@ WARN_LOGFILE = # with spaces. INPUT = @SRC_DIR@/src/libstrongswan \ - @SRC_DIR@/src/charon \ + @SRC_DIR@/src/libhydra \ + @SRC_DIR@/src/libcharon \ @SRC_DIR@/src/libsimaka \ @SRC_DIR@/src/libfast \ @SRC_DIR@/src/manager diff --git a/Makefile.am b/Makefile.am index fcb2f2e7a..6ed121f67 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,8 +6,15 @@ endif ACLOCAL_AMFLAGS = -I m4/config -EXTRA_DIST = Doxyfile.in CREDITS +EXTRA_DIST = Doxyfile.in CREDITS Android.mk.in Android.mk CLEANFILES = apidoc Doxyfile +BUILT_SOURCES = Android.mk +MAINTAINERCLEANFILES = Android.mk + +Android.mk : Android.mk.in configure.in + sed \ + -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \ + $(srcdir)/$@.in > $@ Doxyfile : Doxyfile.in sed \ diff --git a/Makefile.in b/Makefile.in index 6e97ac768..d4f18d054 100644 --- a/Makefile.in +++ b/Makefile.in @@ -229,6 +229,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -265,9 +266,12 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ SUBDIRS = src testing $(am__append_1) ACLOCAL_AMFLAGS = -I m4/config -EXTRA_DIST = Doxyfile.in CREDITS +EXTRA_DIST = Doxyfile.in CREDITS Android.mk.in Android.mk CLEANFILES = apidoc Doxyfile -all: all-recursive +BUILT_SOURCES = Android.mk +MAINTAINERCLEANFILES = Android.mk +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: am--refresh: @@ -626,11 +630,13 @@ distcleancheck: distclean $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am -check: check-recursive +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: -install: install-recursive +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive @@ -656,6 +662,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am @@ -726,8 +734,9 @@ ps-am: uninstall-am: -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ - install-am install-strip tags-recursive +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all check \ + ctags-recursive install install-am install-strip \ + tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am am--refresh check check-am clean clean-generic \ @@ -746,6 +755,11 @@ uninstall-am: tags tags-recursive uninstall uninstall-am +Android.mk : Android.mk.in configure.in + sed \ + -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \ + $(srcdir)/$@.in > $@ + Doxyfile : Doxyfile.in sed \ -e "s:\@PACKAGE_VERSION\@:$(PACKAGE_VERSION):" \ @@ -1,3 +1,52 @@ +strongswan-4.4.0 +---------------- + +- The IKEv2 High Availability plugin has been integrated. It provides + load sharing and failover capabilities in a cluster of currently two nodes, + based on an extend ClusterIP kernel module. More information is available at + http://wiki.strongswan.org/projects/strongswan/wiki/HighAvailability. + The development of the High Availability functionality was sponsored by + secunet Security Networks AG. + +- Added IKEv1 and IKEv2 configuration support for the AES-GMAC + authentication-only ESP cipher. Our aes_gmac kernel patch or a Linux + 2.6.34 kernel is required to make AES-GMAC available via the XFRM + kernel interface. + +- Added support for Diffie-Hellman groups 22, 23 and 24 to the gmp, gcrypt + and openssl plugins, usable by both pluto and charon. The new proposal + keywords are modp1024s160, modp2048s224 and modp2048s256. Thanks to Joy Latten + from IBM for his contribution. + +- The IKEv1 pluto daemon supports RAM-based virtual IP pools using + the rightsourceip directive with a subnet from which addresses + are allocated. + +- The ipsec pki --gen and --pub commands now allow the output of + private and public keys in PEM format using the --outform pem + command line option. + +- The new DHCP plugin queries virtual IP addresses for clients from a DHCP + server using broadcasts, or a defined server using the + charon.plugins.dhcp.server strongswan.conf option. DNS/WINS server information + is additionally served to clients if the DHCP server provides such + information. The plugin is used in ipsec.conf configurations having + rightsourceip set to %dhcp. + +- A new plugin called farp fakes ARP responses for virtual IP addresses + handed out to clients from the IKEv2 daemon charon. The plugin lets a + road-warrior act as a client on the local LAN if it uses a virtual IP + from the responders subnet, e.g. acquired using the DHCP plugin. + +- The existing IKEv2 socket implementations have been migrated to the + socket-default and the socket-raw plugins. The new socket-dynamic plugin + binds sockets dynamically to ports configured via the left-/rightikeport + ipsec.conf connection parameters. + +- The android charon plugin stores received DNS server information as "net.dns" + system properties, as used by the Android platform. + + strongswan-4.3.6 ---------------- @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.64 for strongSwan 4.3.6. +# Generated by GNU Autoconf 2.64 for strongSwan 4.4.0. # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software @@ -695,8 +695,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='strongSwan' PACKAGE_TARNAME='strongswan' -PACKAGE_VERSION='4.3.6' -PACKAGE_STRING='strongSwan 4.3.6' +PACKAGE_VERSION='4.4.0' +PACKAGE_STRING='strongSwan 4.4.0' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -740,12 +740,16 @@ ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS LIBOBJS +MONOLITHIC_FALSE +MONOLITHIC_TRUE USE_SIMAKA_FALSE USE_SIMAKA_TRUE USE_VSTR_FALSE USE_VSTR_TRUE USE_FILE_CONFIG_FALSE USE_FILE_CONFIG_TRUE +USE_LIBHYDRA_FALSE +USE_LIBHYDRA_TRUE USE_LIBSTRONGSWAN_FALSE USE_LIBSTRONGSWAN_TRUE USE_SCRIPTS_FALSE @@ -784,6 +788,14 @@ USE_CISCO_QUIRKS_FALSE USE_CISCO_QUIRKS_TRUE USE_SMARTCARD_FALSE USE_SMARTCARD_TRUE +USE_FARP_FALSE +USE_FARP_TRUE +USE_SOCKET_DYNAMIC_FALSE +USE_SOCKET_DYNAMIC_TRUE +USE_SOCKET_RAW_FALSE +USE_SOCKET_RAW_TRUE +USE_SOCKET_DEFAULT_FALSE +USE_SOCKET_DEFAULT_TRUE USE_KERNEL_KLIPS_FALSE USE_KERNEL_KLIPS_TRUE USE_KERNEL_PFROUTE_FALSE @@ -814,12 +826,16 @@ USE_EAP_SIM_FILE_FALSE USE_EAP_SIM_FILE_TRUE USE_EAP_SIM_FALSE USE_EAP_SIM_TRUE +USE_HA_FALSE +USE_HA_TRUE USE_LOAD_TESTER_FALSE USE_LOAD_TESTER_TRUE USE_UNIT_TESTS_FALSE USE_UNIT_TESTS_TRUE USE_RESOLVE_FALSE USE_RESOLVE_TRUE +USE_DHCP_FALSE +USE_DHCP_TRUE USE_ATTR_FALSE USE_ATTR_TRUE USE_UPDOWN_FALSE @@ -828,6 +844,8 @@ USE_SQL_FALSE USE_SQL_TRUE USE_SMP_FALSE USE_SMP_TRUE +USE_ANDROID_FALSE +USE_ANDROID_TRUE USE_UCI_FALSE USE_UCI_TRUE USE_NM_FALSE @@ -895,6 +913,7 @@ USE_CURL_TRUE USE_TEST_VECTORS_FALSE USE_TEST_VECTORS_TRUE pluto_plugins +libhydra_plugins libstrongswan_plugins nm_LIBS nm_CFLAGS @@ -1058,6 +1077,7 @@ with_linux_headers with_routing_table with_routing_table_prio with_capabilities +with_mpz_powm_sec with_xauth_module with_user with_group @@ -1110,6 +1130,10 @@ enable_kernel_netlink enable_kernel_pfkey enable_kernel_pfroute enable_kernel_klips +enable_socket_default +enable_socket_raw +enable_socket_dynamic +enable_farp enable_nat_transport enable_vendor_id enable_xauth_vid @@ -1126,14 +1150,18 @@ enable_scripts enable_updown enable_attr enable_attr_sql +enable_dhcp enable_resolve enable_padlock enable_openssl enable_gcrypt enable_agent enable_uci +enable_android enable_nm +enable_ha enable_vstr +enable_monolithic enable_dependency_tracking with_lib_prefix enable_shared @@ -1702,7 +1730,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures strongSwan 4.3.6 to adapt to many kinds of systems. +\`configure' configures strongSwan 4.4.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1772,7 +1800,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of strongSwan 4.3.6:";; + short | recursive ) echo "Configuration of strongSwan 4.4.0:";; esac cat <<\_ACEOF @@ -1843,6 +1871,13 @@ Optional Features: --enable-kernel-pfkey enable the PF_KEY kernel interface. --enable-kernel-pfroute enable the PF_ROUTE kernel interface. --enable-kernel-klips enable the KLIPS kernel interface. + --disable-socket-default + disable default socket implementation for charon. + --enable-socket-raw enable raw socket implementation of charon, enforced + if pluto is enabled + --enable-socket-dynamic enable dynamic socket implementation for charon + --enable-farp enable ARP faking plugin that responds to ARP + requests to peers virtual IP --enable-nat-transport enable NAT traversal with IPsec transport mode in pluto. --disable-vendor-id disable the sending of the strongSwan vendor ID in @@ -1867,15 +1902,21 @@ Optional Features: --disable-attr disable strongswan.conf based configuration attribute plugin. --enable-attr-sql enable SQL based configuration attribute plugin. + --enable-dhcp enable DHCP based attribute provider plugin. --disable-resolve disable resolve DNS handler plugin. --enable-padlock enables VIA Padlock crypto plugin. --enable-openssl enables the OpenSSL crypto plugin. --enable-gcrypt enables the libgcrypt plugin. --enable-agent enables the ssh-agent signing plugin. --enable-uci enable OpenWRT UCI configuration plugin. + --enable-android enable Android specific plugin. --enable-nm enable NetworkManager plugin. + --enable-ha enable high availability cluster plugin. --enable-vstr enforce using the Vstr string library to replace glibc-like printf hooks. + --enable-monolithic build monolithic version of libstrongswan that + includes all enabled plugins. Similarly, the plugins + of charon are assembled in libcharon. --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors --enable-shared[=PKGS] build shared libraries [default=yes] @@ -1919,6 +1960,8 @@ Optional Packages: set priority for IPsec routing table (default: 220). --with-capabilities=arg set capability dropping library. Currently only the value "libcap" is supported (default: no). + --with-mpz_powm_sec=arg use the more side-channel resistant mpz_powm_sec in + libgmp, if available (default: yes). --with-xauth-module=lib set the path to the XAUTH module --with-user=user change user of the daemons to "user" after startup (default is "root"). @@ -2018,7 +2061,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -strongSwan configure 4.3.6 +strongSwan configure 4.4.0 generated by GNU Autoconf 2.64 Copyright (C) 2009 Free Software Foundation, Inc. @@ -2494,7 +2537,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by strongSwan $as_me 4.3.6, which was +It was created by strongSwan $as_me 4.4.0, which was generated by GNU Autoconf 2.64. Invocation command line was $ $0 $@ @@ -3302,7 +3345,7 @@ fi # Define the identity of the package. PACKAGE='strongswan' - VERSION='4.3.6' + VERSION='4.4.0' cat >>confdefs.h <<_ACEOF @@ -3710,6 +3753,16 @@ fi +# Check whether --with-mpz_powm_sec was given. +if test "${with_mpz_powm_sec+set}" = set; then : + withval=$with_mpz_powm_sec; mpz_powm_sec="$withval" +else + mpz_powm_sec=yes + +fi + + + # Check whether --with-xauth-module was given. if test "${with_xauth_module+set}" = set; then : @@ -3764,949 +3817,1215 @@ fi # Check whether --enable-curl was given. if test "${enable_curl+set}" = set; then : - enableval=$enable_curl; if test x$enableval = xyes; then + enableval=$enable_curl; curl_given=true + if test x$enableval = xyes; then curl=true else curl=false fi else curl=false + curl_given=false fi # Check whether --enable-ldap was given. if test "${enable_ldap+set}" = set; then : - enableval=$enable_ldap; if test x$enableval = xyes; then + enableval=$enable_ldap; ldap_given=true + if test x$enableval = xyes; then ldap=true else ldap=false fi else ldap=false + ldap_given=false fi # Check whether --enable-aes was given. if test "${enable_aes+set}" = set; then : - enableval=$enable_aes; if test x$enableval = xyes; then + enableval=$enable_aes; aes_given=true + if test x$enableval = xyes; then aes=true else aes=false fi else aes=true + aes_given=false fi # Check whether --enable-des was given. if test "${enable_des+set}" = set; then : - enableval=$enable_des; if test x$enableval = xyes; then + enableval=$enable_des; des_given=true + if test x$enableval = xyes; then des=true else des=false fi else des=true + des_given=false fi # Check whether --enable-blowfish was given. if test "${enable_blowfish+set}" = set; then : - enableval=$enable_blowfish; if test x$enableval = xyes; then + enableval=$enable_blowfish; blowfish_given=true + if test x$enableval = xyes; then blowfish=true else blowfish=false fi else blowfish=false + blowfish_given=false fi # Check whether --enable-md4 was given. if test "${enable_md4+set}" = set; then : - enableval=$enable_md4; if test x$enableval = xyes; then + enableval=$enable_md4; md4_given=true + if test x$enableval = xyes; then md4=true else md4=false fi else md4=false + md4_given=false fi # Check whether --enable-md5 was given. if test "${enable_md5+set}" = set; then : - enableval=$enable_md5; if test x$enableval = xyes; then + enableval=$enable_md5; md5_given=true + if test x$enableval = xyes; then md5=true else md5=false fi else md5=true + md5_given=false fi # Check whether --enable-sha1 was given. if test "${enable_sha1+set}" = set; then : - enableval=$enable_sha1; if test x$enableval = xyes; then + enableval=$enable_sha1; sha1_given=true + if test x$enableval = xyes; then sha1=true else sha1=false fi else sha1=true + sha1_given=false fi # Check whether --enable-sha2 was given. if test "${enable_sha2+set}" = set; then : - enableval=$enable_sha2; if test x$enableval = xyes; then + enableval=$enable_sha2; sha2_given=true + if test x$enableval = xyes; then sha2=true else sha2=false fi else sha2=true + sha2_given=false fi # Check whether --enable-fips-prf was given. if test "${enable_fips_prf+set}" = set; then : - enableval=$enable_fips_prf; if test x$enableval = xyes; then + enableval=$enable_fips_prf; fips_prf_given=true + if test x$enableval = xyes; then fips_prf=true else fips_prf=false fi else fips_prf=true + fips_prf_given=false fi # Check whether --enable-gmp was given. if test "${enable_gmp+set}" = set; then : - enableval=$enable_gmp; if test x$enableval = xyes; then + enableval=$enable_gmp; gmp_given=true + if test x$enableval = xyes; then gmp=true else gmp=false fi else gmp=true + gmp_given=false fi # Check whether --enable-random was given. if test "${enable_random+set}" = set; then : - enableval=$enable_random; if test x$enableval = xyes; then + enableval=$enable_random; random_given=true + if test x$enableval = xyes; then random=true else random=false fi else random=true + random_given=false fi # Check whether --enable-x509 was given. if test "${enable_x509+set}" = set; then : - enableval=$enable_x509; if test x$enableval = xyes; then + enableval=$enable_x509; x509_given=true + if test x$enableval = xyes; then x509=true else x509=false fi else x509=true + x509_given=false fi # Check whether --enable-pubkey was given. if test "${enable_pubkey+set}" = set; then : - enableval=$enable_pubkey; if test x$enableval = xyes; then + enableval=$enable_pubkey; pubkey_given=true + if test x$enableval = xyes; then pubkey=true else pubkey=false fi else pubkey=true + pubkey_given=false fi # Check whether --enable-pkcs1 was given. if test "${enable_pkcs1+set}" = set; then : - enableval=$enable_pkcs1; if test x$enableval = xyes; then + enableval=$enable_pkcs1; pkcs1_given=true + if test x$enableval = xyes; then pkcs1=true else pkcs1=false fi else pkcs1=true + pkcs1_given=false fi # Check whether --enable-pgp was given. if test "${enable_pgp+set}" = set; then : - enableval=$enable_pgp; if test x$enableval = xyes; then + enableval=$enable_pgp; pgp_given=true + if test x$enableval = xyes; then pgp=true else pgp=false fi else pgp=true + pgp_given=false fi # Check whether --enable-dnskey was given. if test "${enable_dnskey+set}" = set; then : - enableval=$enable_dnskey; if test x$enableval = xyes; then + enableval=$enable_dnskey; dnskey_given=true + if test x$enableval = xyes; then dnskey=true else dnskey=false fi else dnskey=true + dnskey_given=false fi # Check whether --enable-pem was given. if test "${enable_pem+set}" = set; then : - enableval=$enable_pem; if test x$enableval = xyes; then + enableval=$enable_pem; pem_given=true + if test x$enableval = xyes; then pem=true else pem=false fi else pem=true + pem_given=false fi # Check whether --enable-hmac was given. if test "${enable_hmac+set}" = set; then : - enableval=$enable_hmac; if test x$enableval = xyes; then + enableval=$enable_hmac; hmac_given=true + if test x$enableval = xyes; then hmac=true else hmac=false fi else hmac=true + hmac_given=false fi # Check whether --enable-xcbc was given. if test "${enable_xcbc+set}" = set; then : - enableval=$enable_xcbc; if test x$enableval = xyes; then + enableval=$enable_xcbc; xcbc_given=true + if test x$enableval = xyes; then xcbc=true else xcbc=false fi else xcbc=true + xcbc_given=false fi # Check whether --enable-test-vectors was given. if test "${enable_test_vectors+set}" = set; then : - enableval=$enable_test_vectors; if test x$enableval = xyes; then + enableval=$enable_test_vectors; test_vectors_given=true + if test x$enableval = xyes; then test_vectors=true else test_vectors=false fi else test_vectors=false + test_vectors_given=false fi # Check whether --enable-mysql was given. if test "${enable_mysql+set}" = set; then : - enableval=$enable_mysql; if test x$enableval = xyes; then + enableval=$enable_mysql; mysql_given=true + if test x$enableval = xyes; then mysql=true else mysql=false fi else mysql=false + mysql_given=false fi # Check whether --enable-sqlite was given. if test "${enable_sqlite+set}" = set; then : - enableval=$enable_sqlite; if test x$enableval = xyes; then + enableval=$enable_sqlite; sqlite_given=true + if test x$enableval = xyes; then sqlite=true else sqlite=false fi else sqlite=false + sqlite_given=false fi # Check whether --enable-stroke was given. if test "${enable_stroke+set}" = set; then : - enableval=$enable_stroke; if test x$enableval = xyes; then + enableval=$enable_stroke; stroke_given=true + if test x$enableval = xyes; then stroke=true else stroke=false fi else stroke=true + stroke_given=false fi # Check whether --enable-medsrv was given. if test "${enable_medsrv+set}" = set; then : - enableval=$enable_medsrv; if test x$enableval = xyes; then + enableval=$enable_medsrv; medsrv_given=true + if test x$enableval = xyes; then medsrv=true else medsrv=false fi else medsrv=false + medsrv_given=false fi # Check whether --enable-medcli was given. if test "${enable_medcli+set}" = set; then : - enableval=$enable_medcli; if test x$enableval = xyes; then + enableval=$enable_medcli; medcli_given=true + if test x$enableval = xyes; then medcli=true else medcli=false fi else medcli=false + medcli_given=false fi # Check whether --enable-smp was given. if test "${enable_smp+set}" = set; then : - enableval=$enable_smp; if test x$enableval = xyes; then + enableval=$enable_smp; smp_given=true + if test x$enableval = xyes; then smp=true else smp=false fi else smp=false + smp_given=false fi # Check whether --enable-sql was given. if test "${enable_sql+set}" = set; then : - enableval=$enable_sql; if test x$enableval = xyes; then + enableval=$enable_sql; sql_given=true + if test x$enableval = xyes; then sql=true else sql=false fi else sql=false + sql_given=false fi # Check whether --enable-smartcard was given. if test "${enable_smartcard+set}" = set; then : - enableval=$enable_smartcard; if test x$enableval = xyes; then + enableval=$enable_smartcard; smartcard_given=true + if test x$enableval = xyes; then smartcard=true else smartcard=false fi else smartcard=false + smartcard_given=false fi # Check whether --enable-cisco-quirks was given. if test "${enable_cisco_quirks+set}" = set; then : - enableval=$enable_cisco_quirks; if test x$enableval = xyes; then + enableval=$enable_cisco_quirks; cisco_quirks_given=true + if test x$enableval = xyes; then cisco_quirks=true else cisco_quirks=false fi else cisco_quirks=false + cisco_quirks_given=false fi # Check whether --enable-leak-detective was given. if test "${enable_leak_detective+set}" = set; then : - enableval=$enable_leak_detective; if test x$enableval = xyes; then + enableval=$enable_leak_detective; leak_detective_given=true + if test x$enableval = xyes; then leak_detective=true else leak_detective=false fi else leak_detective=false + leak_detective_given=false fi # Check whether --enable-lock-profiler was given. if test "${enable_lock_profiler+set}" = set; then : - enableval=$enable_lock_profiler; if test x$enableval = xyes; then + enableval=$enable_lock_profiler; lock_profiler_given=true + if test x$enableval = xyes; then lock_profiler=true else lock_profiler=false fi else lock_profiler=false + lock_profiler_given=false fi # Check whether --enable-unit-tests was given. if test "${enable_unit_tests+set}" = set; then : - enableval=$enable_unit_tests; if test x$enableval = xyes; then + enableval=$enable_unit_tests; unit_tests_given=true + if test x$enableval = xyes; then unit_tests=true else unit_tests=false fi else unit_tests=false + unit_tests_given=false fi # Check whether --enable-load-tester was given. if test "${enable_load_tester+set}" = set; then : - enableval=$enable_load_tester; if test x$enableval = xyes; then + enableval=$enable_load_tester; load_tester_given=true + if test x$enableval = xyes; then load_tester=true else load_tester=false fi else load_tester=false + load_tester_given=false fi # Check whether --enable-eap-sim was given. if test "${enable_eap_sim+set}" = set; then : - enableval=$enable_eap_sim; if test x$enableval = xyes; then + enableval=$enable_eap_sim; eap_sim_given=true + if test x$enableval = xyes; then eap_sim=true else eap_sim=false fi else eap_sim=false + eap_sim_given=false fi # Check whether --enable-eap-sim-file was given. if test "${enable_eap_sim_file+set}" = set; then : - enableval=$enable_eap_sim_file; if test x$enableval = xyes; then + enableval=$enable_eap_sim_file; eap_sim_file_given=true + if test x$enableval = xyes; then eap_sim_file=true else eap_sim_file=false fi else eap_sim_file=false + eap_sim_file_given=false fi # Check whether --enable-eap-simaka-pseudonym was given. if test "${enable_eap_simaka_pseudonym+set}" = set; then : - enableval=$enable_eap_simaka_pseudonym; if test x$enableval = xyes; then + enableval=$enable_eap_simaka_pseudonym; eap_simaka_pseudonym_given=true + if test x$enableval = xyes; then eap_simaka_pseudonym=true else eap_simaka_pseudonym=false fi else eap_simaka_pseudonym=false + eap_simaka_pseudonym_given=false fi # Check whether --enable-eap-simaka-reauth was given. if test "${enable_eap_simaka_reauth+set}" = set; then : - enableval=$enable_eap_simaka_reauth; if test x$enableval = xyes; then + enableval=$enable_eap_simaka_reauth; eap_simaka_reauth_given=true + if test x$enableval = xyes; then eap_simaka_reauth=true else eap_simaka_reauth=false fi else eap_simaka_reauth=false + eap_simaka_reauth_given=false fi # Check whether --enable-eap-identity was given. if test "${enable_eap_identity+set}" = set; then : - enableval=$enable_eap_identity; if test x$enableval = xyes; then + enableval=$enable_eap_identity; eap_identity_given=true + if test x$enableval = xyes; then eap_identity=true else eap_identity=false fi else eap_identity=false + eap_identity_given=false fi # Check whether --enable-eap-md5 was given. if test "${enable_eap_md5+set}" = set; then : - enableval=$enable_eap_md5; if test x$enableval = xyes; then + enableval=$enable_eap_md5; eap_md5_given=true + if test x$enableval = xyes; then eap_md5=true else eap_md5=false fi else eap_md5=false + eap_md5_given=false fi # Check whether --enable-eap-gtc was given. if test "${enable_eap_gtc+set}" = set; then : - enableval=$enable_eap_gtc; if test x$enableval = xyes; then + enableval=$enable_eap_gtc; eap_gtc_given=true + if test x$enableval = xyes; then eap_gtc=true else eap_gtc=false fi else eap_gtc=false + eap_gtc_given=false fi # Check whether --enable-eap-aka was given. if test "${enable_eap_aka+set}" = set; then : - enableval=$enable_eap_aka; if test x$enableval = xyes; then + enableval=$enable_eap_aka; eap_aka_given=true + if test x$enableval = xyes; then eap_aka=true else eap_aka=false fi else eap_aka=false + eap_aka_given=false fi # Check whether --enable-eap-aka-3gpp2 was given. if test "${enable_eap_aka_3gpp2+set}" = set; then : - enableval=$enable_eap_aka_3gpp2; if test x$enableval = xyes; then + enableval=$enable_eap_aka_3gpp2; eap_aka_3gpp2_given=true + if test x$enableval = xyes; then eap_aka_3gpp2=true else eap_aka_3gpp2=false fi else eap_aka_3gpp2=false + eap_aka_3gpp2_given=false fi # Check whether --enable-eap-mschapv2 was given. if test "${enable_eap_mschapv2+set}" = set; then : - enableval=$enable_eap_mschapv2; if test x$enableval = xyes; then + enableval=$enable_eap_mschapv2; eap_mschapv2_given=true + if test x$enableval = xyes; then eap_mschapv2=true else eap_mschapv2=false fi else eap_mschapv2=false + eap_mschapv2_given=false fi # Check whether --enable-eap-radius was given. if test "${enable_eap_radius+set}" = set; then : - enableval=$enable_eap_radius; if test x$enableval = xyes; then + enableval=$enable_eap_radius; eap_radius_given=true + if test x$enableval = xyes; then eap_radius=true else eap_radius=false fi else eap_radius=false + eap_radius_given=false fi # Check whether --enable-kernel-netlink was given. if test "${enable_kernel_netlink+set}" = set; then : - enableval=$enable_kernel_netlink; if test x$enableval = xyes; then + enableval=$enable_kernel_netlink; kernel_netlink_given=true + if test x$enableval = xyes; then kernel_netlink=true else kernel_netlink=false fi else kernel_netlink=true + kernel_netlink_given=false fi # Check whether --enable-kernel-pfkey was given. if test "${enable_kernel_pfkey+set}" = set; then : - enableval=$enable_kernel_pfkey; if test x$enableval = xyes; then + enableval=$enable_kernel_pfkey; kernel_pfkey_given=true + if test x$enableval = xyes; then kernel_pfkey=true else kernel_pfkey=false fi else kernel_pfkey=false + kernel_pfkey_given=false fi # Check whether --enable-kernel-pfroute was given. if test "${enable_kernel_pfroute+set}" = set; then : - enableval=$enable_kernel_pfroute; if test x$enableval = xyes; then + enableval=$enable_kernel_pfroute; kernel_pfroute_given=true + if test x$enableval = xyes; then kernel_pfroute=true else kernel_pfroute=false fi else kernel_pfroute=false + kernel_pfroute_given=false fi # Check whether --enable-kernel-klips was given. if test "${enable_kernel_klips+set}" = set; then : - enableval=$enable_kernel_klips; if test x$enableval = xyes; then + enableval=$enable_kernel_klips; kernel_klips_given=true + if test x$enableval = xyes; then kernel_klips=true else kernel_klips=false fi else kernel_klips=false + kernel_klips_given=false + +fi + + +# Check whether --enable-socket-default was given. +if test "${enable_socket_default+set}" = set; then : + enableval=$enable_socket_default; socket_default_given=true + if test x$enableval = xyes; then + socket_default=true + else + socket_default=false + fi +else + socket_default=true + socket_default_given=false + +fi + + +# Check whether --enable-socket-raw was given. +if test "${enable_socket_raw+set}" = set; then : + enableval=$enable_socket_raw; socket_raw_given=true + if test x$enableval = xyes; then + socket_raw=true + else + socket_raw=false + fi +else + socket_raw=false + socket_raw_given=false + +fi + + +# Check whether --enable-socket-dynamic was given. +if test "${enable_socket_dynamic+set}" = set; then : + enableval=$enable_socket_dynamic; socket_dynamic_given=true + if test x$enableval = xyes; then + socket_dynamic=true + else + socket_dynamic=false + fi +else + socket_dynamic=false + socket_dynamic_given=false + +fi + + +# Check whether --enable-farp was given. +if test "${enable_farp+set}" = set; then : + enableval=$enable_farp; farp_given=true + if test x$enableval = xyes; then + farp=true + else + farp=false + fi +else + farp=false + farp_given=false fi # Check whether --enable-nat-transport was given. if test "${enable_nat_transport+set}" = set; then : - enableval=$enable_nat_transport; if test x$enableval = xyes; then + enableval=$enable_nat_transport; nat_transport_given=true + if test x$enableval = xyes; then nat_transport=true else nat_transport=false fi else nat_transport=false + nat_transport_given=false fi # Check whether --enable-vendor-id was given. if test "${enable_vendor_id+set}" = set; then : - enableval=$enable_vendor_id; if test x$enableval = xyes; then + enableval=$enable_vendor_id; vendor_id_given=true + if test x$enableval = xyes; then vendor_id=true else vendor_id=false fi else vendor_id=true + vendor_id_given=false fi # Check whether --enable-xauth-vid was given. if test "${enable_xauth_vid+set}" = set; then : - enableval=$enable_xauth_vid; if test x$enableval = xyes; then + enableval=$enable_xauth_vid; xauth_vid_given=true + if test x$enableval = xyes; then xauth_vid=true else xauth_vid=false fi else xauth_vid=true + xauth_vid_given=false fi # Check whether --enable-dumm was given. if test "${enable_dumm+set}" = set; then : - enableval=$enable_dumm; if test x$enableval = xyes; then + enableval=$enable_dumm; dumm_given=true + if test x$enableval = xyes; then dumm=true else dumm=false fi else dumm=false + dumm_given=false fi # Check whether --enable-fast was given. if test "${enable_fast+set}" = set; then : - enableval=$enable_fast; if test x$enableval = xyes; then + enableval=$enable_fast; fast_given=true + if test x$enableval = xyes; then fast=true else fast=false fi else fast=false + fast_given=false fi # Check whether --enable-manager was given. if test "${enable_manager+set}" = set; then : - enableval=$enable_manager; if test x$enableval = xyes; then + enableval=$enable_manager; manager_given=true + if test x$enableval = xyes; then manager=true else manager=false fi else manager=false + manager_given=false fi # Check whether --enable-mediation was given. if test "${enable_mediation+set}" = set; then : - enableval=$enable_mediation; if test x$enableval = xyes; then + enableval=$enable_mediation; mediation_given=true + if test x$enableval = xyes; then mediation=true else mediation=false fi else mediation=false + mediation_given=false fi # Check whether --enable-integrity-test was given. if test "${enable_integrity_test+set}" = set; then : - enableval=$enable_integrity_test; if test x$enableval = xyes; then + enableval=$enable_integrity_test; integrity_test_given=true + if test x$enableval = xyes; then integrity_test=true else integrity_test=false fi else integrity_test=false + integrity_test_given=false fi # Check whether --enable-pluto was given. if test "${enable_pluto+set}" = set; then : - enableval=$enable_pluto; if test x$enableval = xyes; then + enableval=$enable_pluto; pluto_given=true + if test x$enableval = xyes; then pluto=true else pluto=false fi else pluto=true + pluto_given=false fi # Check whether --enable-threads was given. if test "${enable_threads+set}" = set; then : - enableval=$enable_threads; if test x$enableval = xyes; then + enableval=$enable_threads; threads_given=true + if test x$enableval = xyes; then threads=true else threads=false fi else threads=true + threads_given=false fi # Check whether --enable-charon was given. if test "${enable_charon+set}" = set; then : - enableval=$enable_charon; if test x$enableval = xyes; then + enableval=$enable_charon; charon_given=true + if test x$enableval = xyes; then charon=true else charon=false fi else charon=true + charon_given=false fi # Check whether --enable-tools was given. if test "${enable_tools+set}" = set; then : - enableval=$enable_tools; if test x$enableval = xyes; then + enableval=$enable_tools; tools_given=true + if test x$enableval = xyes; then tools=true else tools=false fi else tools=true + tools_given=false fi # Check whether --enable-scripts was given. if test "${enable_scripts+set}" = set; then : - enableval=$enable_scripts; if test x$enableval = xyes; then + enableval=$enable_scripts; scripts_given=true + if test x$enableval = xyes; then scripts=true else scripts=false fi else scripts=true + scripts_given=false fi # Check whether --enable-updown was given. if test "${enable_updown+set}" = set; then : - enableval=$enable_updown; if test x$enableval = xyes; then + enableval=$enable_updown; updown_given=true + if test x$enableval = xyes; then updown=true else updown=false fi else updown=true + updown_given=false fi # Check whether --enable-attr was given. if test "${enable_attr+set}" = set; then : - enableval=$enable_attr; if test x$enableval = xyes; then + enableval=$enable_attr; attr_given=true + if test x$enableval = xyes; then attr=true else attr=false fi else attr=true + attr_given=false fi # Check whether --enable-attr-sql was given. if test "${enable_attr_sql+set}" = set; then : - enableval=$enable_attr_sql; if test x$enableval = xyes; then + enableval=$enable_attr_sql; attr_sql_given=true + if test x$enableval = xyes; then attr_sql=true else attr_sql=false fi else attr_sql=false + attr_sql_given=false + +fi + + +# Check whether --enable-dhcp was given. +if test "${enable_dhcp+set}" = set; then : + enableval=$enable_dhcp; dhcp_given=true + if test x$enableval = xyes; then + dhcp=true + else + dhcp=false + fi +else + dhcp=false + dhcp_given=false fi # Check whether --enable-resolve was given. if test "${enable_resolve+set}" = set; then : - enableval=$enable_resolve; if test x$enableval = xyes; then + enableval=$enable_resolve; resolve_given=true + if test x$enableval = xyes; then resolve=true else resolve=false fi else resolve=true + resolve_given=false fi # Check whether --enable-padlock was given. if test "${enable_padlock+set}" = set; then : - enableval=$enable_padlock; if test x$enableval = xyes; then + enableval=$enable_padlock; padlock_given=true + if test x$enableval = xyes; then padlock=true else padlock=false fi else padlock=false + padlock_given=false fi # Check whether --enable-openssl was given. if test "${enable_openssl+set}" = set; then : - enableval=$enable_openssl; if test x$enableval = xyes; then + enableval=$enable_openssl; openssl_given=true + if test x$enableval = xyes; then openssl=true else openssl=false fi else openssl=false + openssl_given=false fi # Check whether --enable-gcrypt was given. if test "${enable_gcrypt+set}" = set; then : - enableval=$enable_gcrypt; if test x$enableval = xyes; then + enableval=$enable_gcrypt; gcrypt_given=true + if test x$enableval = xyes; then gcrypt=true else gcrypt=false fi else gcrypt=false + gcrypt_given=false fi # Check whether --enable-agent was given. if test "${enable_agent+set}" = set; then : - enableval=$enable_agent; if test x$enableval = xyes; then + enableval=$enable_agent; agent_given=true + if test x$enableval = xyes; then agent=true else agent=false fi else agent=false + agent_given=false fi # Check whether --enable-uci was given. if test "${enable_uci+set}" = set; then : - enableval=$enable_uci; if test x$enableval = xyes; then + enableval=$enable_uci; uci_given=true + if test x$enableval = xyes; then uci=true else uci=false fi else uci=false + uci_given=false + +fi + + +# Check whether --enable-android was given. +if test "${enable_android+set}" = set; then : + enableval=$enable_android; android_given=true + if test x$enableval = xyes; then + android=true + else + android=false + fi +else + android=false + android_given=false fi # Check whether --enable-nm was given. if test "${enable_nm+set}" = set; then : - enableval=$enable_nm; if test x$enableval = xyes; then + enableval=$enable_nm; nm_given=true + if test x$enableval = xyes; then nm=true else nm=false fi else nm=false + nm_given=false + +fi + + +# Check whether --enable-ha was given. +if test "${enable_ha+set}" = set; then : + enableval=$enable_ha; ha_given=true + if test x$enableval = xyes; then + ha=true + else + ha=false + fi +else + ha=false + ha_given=false fi # Check whether --enable-vstr was given. if test "${enable_vstr+set}" = set; then : - enableval=$enable_vstr; if test x$enableval = xyes; then + enableval=$enable_vstr; vstr_given=true + if test x$enableval = xyes; then vstr=true else vstr=false fi else vstr=false + vstr_given=false + +fi + + +# Check whether --enable-monolithic was given. +if test "${enable_monolithic+set}" = set; then : + enableval=$enable_monolithic; monolithic_given=true + if test x$enableval = xyes; then + monolithic=true + else + monolithic=false + fi +else + monolithic=false + monolithic_given=false fi @@ -6997,13 +7316,13 @@ if test "${lt_cv_nm_interface+set}" = set; then : else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:7000: $ac_compile\"" >&5) + (eval echo "\"\$as_me:7319: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:7003: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:7322: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:7006: output\"" >&5) + (eval echo "\"\$as_me:7325: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -8208,7 +8527,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 8211 "configure"' > conftest.$ac_ext + echo '#line 8530 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -9470,11 +9789,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9473: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9792: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9477: \$? = $ac_status" >&5 + echo "$as_me:9796: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9809,11 +10128,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9812: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10131: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:9816: \$? = $ac_status" >&5 + echo "$as_me:10135: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9914,11 +10233,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9917: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10236: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9921: \$? = $ac_status" >&5 + echo "$as_me:10240: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -9969,11 +10288,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9972: $lt_compile\"" >&5) + (eval echo "\"\$as_me:10291: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9976: \$? = $ac_status" >&5 + echo "$as_me:10295: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -12352,7 +12671,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12355 "configure" +#line 12674 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12448,7 +12767,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12451 "configure" +#line 12770 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -13110,7 +13429,6 @@ fi if test x$eap_aka = xtrue; then fips_prf=true; - sha1=true; simaka=true; fi @@ -13120,7 +13438,9 @@ if test x$eap_sim = xtrue; then fi if test x$fips_prf = xtrue; then - sha1=true; + if test x$openssl = xfalse; then + sha1=true; + fi fi if test x$smp = xtrue; then @@ -13140,6 +13460,17 @@ if test x$medcli = xtrue; then mediation=true fi +if test x$pluto = xtrue; then + if test x$socket_raw = xfalse; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Enforcing --enable-socket-raw, as pluto is enabled" >&5 +$as_echo "$as_me: Enforcing --enable-socket-raw, as pluto is enabled" >&6;} + socket_raw=true + if test x$socket_default_given = xfalse; then + socket_default=false + fi + fi +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 $as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } @@ -14213,6 +14544,7 @@ ac_cv_lib_vstr=ac_cv_lib_vstr_main fi if test x$gmp = xtrue; then + saved_LIBS=$LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lgmp" >&5 $as_echo_n "checking for main in -lgmp... " >&6; } if test "${ac_cv_lib_gmp_main+set}" = set; then : @@ -14244,12 +14576,48 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp_main" >&5 $as_echo "$ac_cv_lib_gmp_main" >&6; } if test "x$ac_cv_lib_gmp_main" = x""yes; then : - LIBS="$LIBS" + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBGMP 1 +_ACEOF + + LIBS="-lgmp $LIBS" + else as_fn_error "GNU Multi Precision library gmp not found" "$LINENO" 5 fi ac_cv_lib_gmp=ac_cv_lib_gmp_main + { $as_echo "$as_me:${as_lineno-$LINENO}: checking mpz_powm_sec" >&5 +$as_echo_n "checking mpz_powm_sec... " >&6; } + if test x$mpz_powm_sec = xyes; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include "gmp.h" +int +main () +{ + + void *x = mpz_powm_sec; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; $as_echo "#define HAVE_MPZ_POWM_SEC 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +$as_echo "disabled" >&6; } + fi + LIBS=$saved_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: checking gmp.h version >= 4.1.4" >&5 $as_echo_n "checking gmp.h version >= 4.1.4... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -15145,6 +15513,56 @@ fi fi +if test x$android = xtrue; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lcutils" >&5 +$as_echo_n "checking for main in -lcutils... " >&6; } +if test "${ac_cv_lib_cutils_main+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcutils $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_cutils_main=yes +else + ac_cv_lib_cutils_main=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cutils_main" >&5 +$as_echo "$ac_cv_lib_cutils_main" >&6; } +if test "x$ac_cv_lib_cutils_main" = x""yes; then : + LIBS="$LIBS" +else + as_fn_error "Android library libcutils not found" "$LINENO" 5 +fi +ac_cv_lib_cutils=ac_cv_lib_cutils_main + + ac_fn_c_check_header_mongrel "$LINENO" "cutils/properties.h" "ac_cv_header_cutils_properties_h" "$ac_includes_default" +if test "x$ac_cv_header_cutils_properties_h" = x""yes; then : + +else + as_fn_error "Android header cutils/properties.h not found!" "$LINENO" 5 +fi + + + DLLIB="-ldl" + +fi + if test x$nm = xtrue; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnm-glib\""; } >&5 @@ -15488,6 +15906,7 @@ fi libstrongswan_plugins= +libhydra_plugins= pluto_plugins= if test x$test_vectors = xtrue; then @@ -15529,9 +15948,6 @@ if test x$md5 = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" md5" pluto_plugins=${pluto_plugins}" md5" fi -if test x$fips_prf = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" fips-prf" -fi if test x$random = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" random" pluto_plugins=${pluto_plugins}" random" @@ -15568,10 +15984,6 @@ if test x$sqlite = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" sqlite" pluto_plugins=${pluto_plugins}" sqlite" fi -if test x$attr_sql = xtrue -o x$sql = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" attr-sql" - pluto_plugins=${pluto_plugins}" attr-sql" -fi if test x$padlock = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" padlock" fi @@ -15583,6 +15995,9 @@ if test x$gcrypt = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" gcrypt" pluto_plugins=${pluto_plugins}" gcrypt" fi +if test x$fips_prf = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" fips-prf" +fi if test x$xcbc = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" xcbc" fi @@ -15597,6 +16012,15 @@ if test x$gmp = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" gmp" pluto_plugins=${pluto_plugins}" gmp" fi +if test x$attr = xtrue; then + libhydra_plugins=${libhydra_plugins}" attr" + pluto_plugins=${pluto_plugins}" attr" +fi +if test x$attr_sql = xtrue -o x$sql = xtrue; then + libhydra_plugins=${libhydra_plugins}" attr-sql" + pluto_plugins=${pluto_plugins}" attr-sql" +fi + @@ -15867,6 +16291,14 @@ else USE_UCI_FALSE= fi + if test x$android = xtrue; then + USE_ANDROID_TRUE= + USE_ANDROID_FALSE='#' +else + USE_ANDROID_TRUE='#' + USE_ANDROID_FALSE= +fi + if test x$smp = xtrue; then USE_SMP_TRUE= USE_SMP_FALSE='#' @@ -15899,6 +16331,14 @@ else USE_ATTR_FALSE= fi + if test x$dhcp = xtrue; then + USE_DHCP_TRUE= + USE_DHCP_FALSE='#' +else + USE_DHCP_TRUE='#' + USE_DHCP_FALSE= +fi + if test x$resolve = xtrue; then USE_RESOLVE_TRUE= USE_RESOLVE_FALSE='#' @@ -15923,6 +16363,14 @@ else USE_LOAD_TESTER_FALSE= fi + if test x$ha = xtrue; then + USE_HA_TRUE= + USE_HA_FALSE='#' +else + USE_HA_TRUE='#' + USE_HA_FALSE= +fi + if test x$eap_sim = xtrue; then USE_EAP_SIM_TRUE= USE_EAP_SIM_FALSE='#' @@ -16043,6 +16491,38 @@ else USE_KERNEL_KLIPS_FALSE= fi + if test x$socket_default = xtrue; then + USE_SOCKET_DEFAULT_TRUE= + USE_SOCKET_DEFAULT_FALSE='#' +else + USE_SOCKET_DEFAULT_TRUE='#' + USE_SOCKET_DEFAULT_FALSE= +fi + + if test x$socket_raw = xtrue; then + USE_SOCKET_RAW_TRUE= + USE_SOCKET_RAW_FALSE='#' +else + USE_SOCKET_RAW_TRUE='#' + USE_SOCKET_RAW_FALSE= +fi + + if test x$socket_dynamic = xtrue; then + USE_SOCKET_DYNAMIC_TRUE= + USE_SOCKET_DYNAMIC_FALSE='#' +else + USE_SOCKET_DYNAMIC_TRUE='#' + USE_SOCKET_DYNAMIC_FALSE= +fi + + if test x$farp = xtrue; then + USE_FARP_TRUE= + USE_FARP_FALSE='#' +else + USE_FARP_TRUE='#' + USE_FARP_FALSE= +fi + if test x$smartcard = xtrue; then USE_SMARTCARD_TRUE= @@ -16196,6 +16676,14 @@ else USE_LIBSTRONGSWAN_FALSE= fi + if test x$charon = xtrue -o x$pluto = xtrue; then + USE_LIBHYDRA_TRUE= + USE_LIBHYDRA_FALSE='#' +else + USE_LIBHYDRA_TRUE='#' + USE_LIBHYDRA_FALSE= +fi + if test x$pluto = xtrue -o x$stroke = xtrue; then USE_FILE_CONFIG_TRUE= USE_FILE_CONFIG_FALSE='#' @@ -16220,6 +16708,14 @@ else USE_SIMAKA_FALSE= fi + if test x$monolithic = xtrue; then + MONOLITHIC_TRUE= + MONOLITHIC_FALSE='#' +else + MONOLITHIC_TRUE='#' + MONOLITHIC_FALSE= +fi + if test x$mediation = xtrue; then @@ -16230,9 +16726,14 @@ if test x$capabilities = xlibcap; then $as_echo "#define CAPABILITIES 1" >>confdefs.h fi +if test x$monolithic = xtrue; then + $as_echo "#define MONOLITHIC 1" >>confdefs.h + +fi + -ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/attr_sql/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/charon/plugins/eap_aka/Makefile src/charon/plugins/eap_aka_3gpp2/Makefile src/charon/plugins/eap_identity/Makefile src/charon/plugins/eap_md5/Makefile src/charon/plugins/eap_gtc/Makefile src/charon/plugins/eap_sim/Makefile src/charon/plugins/eap_sim_file/Makefile src/charon/plugins/eap_simaka_pseudonym/Makefile src/charon/plugins/eap_simaka_reauth/Makefile src/charon/plugins/eap_mschapv2/Makefile src/charon/plugins/eap_radius/Makefile src/charon/plugins/kernel_netlink/Makefile src/charon/plugins/kernel_pfkey/Makefile src/charon/plugins/kernel_pfroute/Makefile src/charon/plugins/kernel_klips/Makefile src/charon/plugins/smp/Makefile src/charon/plugins/sql/Makefile src/charon/plugins/medsrv/Makefile src/charon/plugins/medcli/Makefile src/charon/plugins/nm/Makefile src/charon/plugins/uci/Makefile src/charon/plugins/stroke/Makefile src/charon/plugins/updown/Makefile src/charon/plugins/attr/Makefile src/charon/plugins/resolve/Makefile src/charon/plugins/unit_tester/Makefile src/charon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile" +ac_config_files="$ac_config_files Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libhydra/Makefile src/libhydra/plugins/attr/Makefile src/libhydra/plugins/attr_sql/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_klips/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_raw/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/nm/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/android/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/unit_tester/Makefile src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/_updown/Makefile src/_updown_espmark/Makefile src/_copyright/Makefile src/openac/Makefile src/scepclient/Makefile src/pki/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile scripts/Makefile testing/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -16516,6 +17017,10 @@ if test -z "${USE_UCI_TRUE}" && test -z "${USE_UCI_FALSE}"; then as_fn_error "conditional \"USE_UCI\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_ANDROID_TRUE}" && test -z "${USE_ANDROID_FALSE}"; then + as_fn_error "conditional \"USE_ANDROID\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_SMP_TRUE}" && test -z "${USE_SMP_FALSE}"; then as_fn_error "conditional \"USE_SMP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -16532,6 +17037,10 @@ if test -z "${USE_ATTR_TRUE}" && test -z "${USE_ATTR_FALSE}"; then as_fn_error "conditional \"USE_ATTR\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_DHCP_TRUE}" && test -z "${USE_DHCP_FALSE}"; then + as_fn_error "conditional \"USE_DHCP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_RESOLVE_TRUE}" && test -z "${USE_RESOLVE_FALSE}"; then as_fn_error "conditional \"USE_RESOLVE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -16544,6 +17053,10 @@ if test -z "${USE_LOAD_TESTER_TRUE}" && test -z "${USE_LOAD_TESTER_FALSE}"; then as_fn_error "conditional \"USE_LOAD_TESTER\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_HA_TRUE}" && test -z "${USE_HA_FALSE}"; then + as_fn_error "conditional \"USE_HA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_EAP_SIM_TRUE}" && test -z "${USE_EAP_SIM_FALSE}"; then as_fn_error "conditional \"USE_EAP_SIM\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -16604,6 +17117,22 @@ if test -z "${USE_KERNEL_KLIPS_TRUE}" && test -z "${USE_KERNEL_KLIPS_FALSE}"; th as_fn_error "conditional \"USE_KERNEL_KLIPS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_SOCKET_DEFAULT_TRUE}" && test -z "${USE_SOCKET_DEFAULT_FALSE}"; then + as_fn_error "conditional \"USE_SOCKET_DEFAULT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_SOCKET_RAW_TRUE}" && test -z "${USE_SOCKET_RAW_FALSE}"; then + as_fn_error "conditional \"USE_SOCKET_RAW\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_SOCKET_DYNAMIC_TRUE}" && test -z "${USE_SOCKET_DYNAMIC_FALSE}"; then + as_fn_error "conditional \"USE_SOCKET_DYNAMIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${USE_FARP_TRUE}" && test -z "${USE_FARP_FALSE}"; then + as_fn_error "conditional \"USE_FARP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_SMARTCARD_TRUE}" && test -z "${USE_SMARTCARD_FALSE}"; then as_fn_error "conditional \"USE_SMARTCARD\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -16680,6 +17209,10 @@ if test -z "${USE_LIBSTRONGSWAN_TRUE}" && test -z "${USE_LIBSTRONGSWAN_FALSE}"; as_fn_error "conditional \"USE_LIBSTRONGSWAN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_LIBHYDRA_TRUE}" && test -z "${USE_LIBHYDRA_FALSE}"; then + as_fn_error "conditional \"USE_LIBHYDRA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_FILE_CONFIG_TRUE}" && test -z "${USE_FILE_CONFIG_FALSE}"; then as_fn_error "conditional \"USE_FILE_CONFIG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -16692,6 +17225,10 @@ if test -z "${USE_SIMAKA_TRUE}" && test -z "${USE_SIMAKA_FALSE}"; then as_fn_error "conditional \"USE_SIMAKA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${MONOLITHIC_TRUE}" && test -z "${MONOLITHIC_FALSE}"; then + as_fn_error "conditional \"MONOLITHIC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi : ${CONFIG_STATUS=./config.status} ac_write_fail=0 @@ -17100,7 +17637,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by strongSwan $as_me 4.3.6, which was +This file was extended by strongSwan $as_me 4.4.0, which was generated by GNU Autoconf 2.64. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -17155,7 +17692,7 @@ Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -strongSwan config.status 4.3.6 +strongSwan config.status 4.4.0 configured by $0, generated by GNU Autoconf 2.64, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" @@ -17548,44 +18085,53 @@ do "src/libstrongswan/plugins/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/ldap/Makefile" ;; "src/libstrongswan/plugins/mysql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/mysql/Makefile" ;; "src/libstrongswan/plugins/sqlite/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/sqlite/Makefile" ;; - "src/libstrongswan/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/attr_sql/Makefile" ;; "src/libstrongswan/plugins/padlock/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/padlock/Makefile" ;; "src/libstrongswan/plugins/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/openssl/Makefile" ;; "src/libstrongswan/plugins/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcrypt/Makefile" ;; "src/libstrongswan/plugins/agent/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/agent/Makefile" ;; "src/libstrongswan/plugins/test_vectors/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/test_vectors/Makefile" ;; + "src/libhydra/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/Makefile" ;; + "src/libhydra/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr/Makefile" ;; + "src/libhydra/plugins/attr_sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libhydra/plugins/attr_sql/Makefile" ;; "src/libfreeswan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfreeswan/Makefile" ;; "src/libsimaka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libsimaka/Makefile" ;; "src/pluto/Makefile") CONFIG_FILES="$CONFIG_FILES src/pluto/Makefile" ;; "src/whack/Makefile") CONFIG_FILES="$CONFIG_FILES src/whack/Makefile" ;; "src/charon/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/Makefile" ;; - "src/charon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_aka/Makefile" ;; - "src/charon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_aka_3gpp2/Makefile" ;; - "src/charon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_identity/Makefile" ;; - "src/charon/plugins/eap_md5/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_md5/Makefile" ;; - "src/charon/plugins/eap_gtc/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_gtc/Makefile" ;; - "src/charon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim/Makefile" ;; - "src/charon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_sim_file/Makefile" ;; - "src/charon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_simaka_pseudonym/Makefile" ;; - "src/charon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_simaka_reauth/Makefile" ;; - "src/charon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_mschapv2/Makefile" ;; - "src/charon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/eap_radius/Makefile" ;; - "src/charon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_netlink/Makefile" ;; - "src/charon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_pfkey/Makefile" ;; - "src/charon/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_pfroute/Makefile" ;; - "src/charon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/kernel_klips/Makefile" ;; - "src/charon/plugins/smp/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/smp/Makefile" ;; - "src/charon/plugins/sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/sql/Makefile" ;; - "src/charon/plugins/medsrv/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/medsrv/Makefile" ;; - "src/charon/plugins/medcli/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/medcli/Makefile" ;; - "src/charon/plugins/nm/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/nm/Makefile" ;; - "src/charon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/uci/Makefile" ;; - "src/charon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/stroke/Makefile" ;; - "src/charon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/updown/Makefile" ;; - "src/charon/plugins/attr/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/attr/Makefile" ;; - "src/charon/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/resolve/Makefile" ;; - "src/charon/plugins/unit_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/unit_tester/Makefile" ;; - "src/charon/plugins/load_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/charon/plugins/load_tester/Makefile" ;; + "src/libcharon/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/Makefile" ;; + "src/libcharon/plugins/eap_aka/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka/Makefile" ;; + "src/libcharon/plugins/eap_aka_3gpp2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_aka_3gpp2/Makefile" ;; + "src/libcharon/plugins/eap_identity/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_identity/Makefile" ;; + "src/libcharon/plugins/eap_md5/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_md5/Makefile" ;; + "src/libcharon/plugins/eap_gtc/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_gtc/Makefile" ;; + "src/libcharon/plugins/eap_sim/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_sim/Makefile" ;; + "src/libcharon/plugins/eap_sim_file/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_sim_file/Makefile" ;; + "src/libcharon/plugins/eap_simaka_pseudonym/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_pseudonym/Makefile" ;; + "src/libcharon/plugins/eap_simaka_reauth/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_simaka_reauth/Makefile" ;; + "src/libcharon/plugins/eap_mschapv2/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_mschapv2/Makefile" ;; + "src/libcharon/plugins/eap_radius/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/eap_radius/Makefile" ;; + "src/libcharon/plugins/kernel_netlink/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_netlink/Makefile" ;; + "src/libcharon/plugins/kernel_pfkey/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfkey/Makefile" ;; + "src/libcharon/plugins/kernel_pfroute/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_pfroute/Makefile" ;; + "src/libcharon/plugins/kernel_klips/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/kernel_klips/Makefile" ;; + "src/libcharon/plugins/socket_default/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_default/Makefile" ;; + "src/libcharon/plugins/socket_raw/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_raw/Makefile" ;; + "src/libcharon/plugins/socket_dynamic/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/socket_dynamic/Makefile" ;; + "src/libcharon/plugins/farp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/farp/Makefile" ;; + "src/libcharon/plugins/smp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/smp/Makefile" ;; + "src/libcharon/plugins/sql/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/sql/Makefile" ;; + "src/libcharon/plugins/medsrv/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/medsrv/Makefile" ;; + "src/libcharon/plugins/medcli/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/medcli/Makefile" ;; + "src/libcharon/plugins/nm/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/nm/Makefile" ;; + "src/libcharon/plugins/uci/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/uci/Makefile" ;; + "src/libcharon/plugins/ha/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/ha/Makefile" ;; + "src/libcharon/plugins/android/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/android/Makefile" ;; + "src/libcharon/plugins/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/stroke/Makefile" ;; + "src/libcharon/plugins/updown/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/updown/Makefile" ;; + "src/libcharon/plugins/dhcp/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/dhcp/Makefile" ;; + "src/libcharon/plugins/resolve/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/resolve/Makefile" ;; + "src/libcharon/plugins/unit_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/unit_tester/Makefile" ;; + "src/libcharon/plugins/load_tester/Makefile") CONFIG_FILES="$CONFIG_FILES src/libcharon/plugins/load_tester/Makefile" ;; "src/stroke/Makefile") CONFIG_FILES="$CONFIG_FILES src/stroke/Makefile" ;; "src/ipsec/Makefile") CONFIG_FILES="$CONFIG_FILES src/ipsec/Makefile" ;; "src/starter/Makefile") CONFIG_FILES="$CONFIG_FILES src/starter/Makefile" ;; diff --git a/configure.in b/configure.in index 8ba844e9b..efcccbb42 100644 --- a/configure.in +++ b/configure.in @@ -16,7 +16,7 @@ dnl =========================== dnl initialize & set some vars dnl =========================== -AC_INIT(strongSwan,4.3.6) +AC_INIT(strongSwan,4.4.0) AM_INIT_AUTOMAKE(tar-ustar) AC_CONFIG_MACRO_DIR([m4/config]) PKG_PROG_PKG_CONFIG @@ -41,6 +41,7 @@ ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table]) ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently only the value "libcap" is supported]) +ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available]) AC_ARG_WITH( [xauth-module], @@ -113,6 +114,10 @@ ARG_DISBL_SET([kernel-netlink], [disable the netlink kernel interface.]) ARG_ENABL_SET([kernel-pfkey], [enable the PF_KEY kernel interface.]) ARG_ENABL_SET([kernel-pfroute], [enable the PF_ROUTE kernel interface.]) ARG_ENABL_SET([kernel-klips], [enable the KLIPS kernel interface.]) +ARG_DISBL_SET([socket-default], [disable default socket implementation for charon.]) +ARG_ENABL_SET([socket-raw], [enable raw socket implementation of charon, enforced if pluto is enabled]) +ARG_ENABL_SET([socket-dynamic], [enable dynamic socket implementation for charon]) +ARG_ENABL_SET([farp], [enable ARP faking plugin that responds to ARP requests to peers virtual IP]) ARG_ENABL_SET([nat-transport], [enable NAT traversal with IPsec transport mode in pluto.]) ARG_DISBL_SET([vendor-id], [disable the sending of the strongSwan vendor ID in pluto.]) ARG_DISBL_SET([xauth-vid], [disable the sending of the XAUTH vendor ID.]) @@ -129,14 +134,18 @@ ARG_DISBL_SET([scripts], [disable additional utilities (found in director ARG_DISBL_SET([updown], [disable updown firewall script plugin.]) ARG_DISBL_SET([attr], [disable strongswan.conf based configuration attribute plugin.]) ARG_ENABL_SET([attr-sql], [enable SQL based configuration attribute plugin.]) +ARG_ENABL_SET([dhcp], [enable DHCP based attribute provider plugin.]) ARG_DISBL_SET([resolve], [disable resolve DNS handler plugin.]) ARG_ENABL_SET([padlock], [enables VIA Padlock crypto plugin.]) ARG_ENABL_SET([openssl], [enables the OpenSSL crypto plugin.]) ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) ARG_ENABL_SET([agent], [enables the ssh-agent signing plugin.]) ARG_ENABL_SET([uci], [enable OpenWRT UCI configuration plugin.]) +ARG_ENABL_SET([android], [enable Android specific plugin.]) ARG_ENABL_SET([nm], [enable NetworkManager plugin.]) +ARG_ENABL_SET([ha], [enable high availability cluster plugin.]) ARG_ENABL_SET([vstr], [enforce using the Vstr string library to replace glibc-like printf hooks.]) +ARG_ENABL_SET([monolithic], [build monolithic version of libstrongswan that includes all enabled plugins. Similarly, the plugins of charon are assembled in libcharon.]) dnl ========================= dnl set up compiler and flags @@ -202,7 +211,6 @@ fi if test x$eap_aka = xtrue; then fips_prf=true; - sha1=true; simaka=true; fi @@ -212,7 +220,9 @@ if test x$eap_sim = xtrue; then fi if test x$fips_prf = xtrue; then - sha1=true; + if test x$openssl = xfalse; then + sha1=true; + fi fi if test x$smp = xtrue; then @@ -232,6 +242,16 @@ if test x$medcli = xtrue; then mediation=true fi +if test x$pluto = xtrue; then + if test x$socket_raw = xfalse; then + AC_MSG_NOTICE([Enforcing --enable-socket-raw, as pluto is enabled]) + socket_raw=true + if test x$socket_default_given = xfalse; then + socket_default=false + fi + fi +fi + dnl =========================================== dnl check required libraries and header files dnl =========================================== @@ -431,7 +451,21 @@ if test x$vstr = xtrue; then fi if test x$gmp = xtrue; then - AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])]) + saved_LIBS=$LIBS + AC_HAVE_LIBRARY([gmp],,[AC_MSG_ERROR([GNU Multi Precision library gmp not found])]) + AC_MSG_CHECKING([mpz_powm_sec]) + if test x$mpz_powm_sec = xyes; then + AC_TRY_COMPILE( + [#include "gmp.h"], + [ + void *x = mpz_powm_sec; + ], + [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_MPZ_POWM_SEC)], [AC_MSG_RESULT([no])] + ) + else + AC_MSG_RESULT([disabled]) + fi + LIBS=$saved_LIBS AC_MSG_CHECKING([gmp.h version >= 4.1.4]) AC_TRY_COMPILE( [#include "gmp.h"], @@ -554,6 +588,15 @@ if test x$uci = xtrue; then AC_CHECK_HEADER([uci.h],,[AC_MSG_ERROR([UCI header uci.h not found!])]) fi +if test x$android = xtrue; then + AC_HAVE_LIBRARY([cutils],[LIBS="$LIBS"],[AC_MSG_ERROR([Android library libcutils not found])]) + AC_CHECK_HEADER([cutils/properties.h],,[AC_MSG_ERROR([Android header cutils/properties.h not found!])]) + dnl we have to force the use of libdl here because the autodetection + dnl above does not work correctly when cross-compiling for android. + DLLIB="-ldl" + AC_SUBST(DLLIB) +fi + if test x$nm = xtrue; then PKG_CHECK_EXISTS([libnm-glib], [PKG_CHECK_MODULES(nm, [NetworkManager gthread-2.0 libnm-glib libnm-glib-vpn])], @@ -592,11 +635,12 @@ if test x$integrity_test = xtrue; then ) fi -dnl ====================================== -dnl collect all plugins for libstrongswan -dnl ====================================== +dnl ========================================================== +dnl collect all plugins for libstrongswan, libhydra and pluto +dnl ========================================================== libstrongswan_plugins= +libhydra_plugins= pluto_plugins= if test x$test_vectors = xtrue; then @@ -638,9 +682,6 @@ if test x$md5 = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" md5" pluto_plugins=${pluto_plugins}" md5" fi -if test x$fips_prf = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" fips-prf" -fi if test x$random = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" random" pluto_plugins=${pluto_plugins}" random" @@ -677,10 +718,6 @@ if test x$sqlite = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" sqlite" pluto_plugins=${pluto_plugins}" sqlite" fi -if test x$attr_sql = xtrue -o x$sql = xtrue; then - libstrongswan_plugins=${libstrongswan_plugins}" attr-sql" - pluto_plugins=${pluto_plugins}" attr-sql" -fi if test x$padlock = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" padlock" fi @@ -692,6 +729,9 @@ if test x$gcrypt = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" gcrypt" pluto_plugins=${pluto_plugins}" gcrypt" fi +if test x$fips_prf = xtrue; then + libstrongswan_plugins=${libstrongswan_plugins}" fips-prf" +fi if test x$xcbc = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" xcbc" fi @@ -706,8 +746,17 @@ if test x$gmp = xtrue; then libstrongswan_plugins=${libstrongswan_plugins}" gmp" pluto_plugins=${pluto_plugins}" gmp" fi +if test x$attr = xtrue; then + libhydra_plugins=${libhydra_plugins}" attr" + pluto_plugins=${pluto_plugins}" attr" +fi +if test x$attr_sql = xtrue -o x$sql = xtrue; then + libhydra_plugins=${libhydra_plugins}" attr-sql" + pluto_plugins=${pluto_plugins}" attr-sql" +fi AC_SUBST(libstrongswan_plugins) +AC_SUBST(libhydra_plugins) AC_SUBST(pluto_plugins) dnl ========================= @@ -752,13 +801,16 @@ AM_CONDITIONAL(USE_MEDSRV, test x$medsrv = xtrue) AM_CONDITIONAL(USE_MEDCLI, test x$medcli = xtrue) AM_CONDITIONAL(USE_NM, test x$nm = xtrue) AM_CONDITIONAL(USE_UCI, test x$uci = xtrue) +AM_CONDITIONAL(USE_ANDROID, test x$android = xtrue) AM_CONDITIONAL(USE_SMP, test x$smp = xtrue) AM_CONDITIONAL(USE_SQL, test x$sql = xtrue) AM_CONDITIONAL(USE_UPDOWN, test x$updown = xtrue) AM_CONDITIONAL(USE_ATTR, test x$attr = xtrue) +AM_CONDITIONAL(USE_DHCP, test x$dhcp = xtrue) AM_CONDITIONAL(USE_RESOLVE, test x$resolve = xtrue) AM_CONDITIONAL(USE_UNIT_TESTS, test x$unit_tests = xtrue) AM_CONDITIONAL(USE_LOAD_TESTER, test x$load_tester = xtrue) +AM_CONDITIONAL(USE_HA, test x$ha = xtrue) AM_CONDITIONAL(USE_EAP_SIM, test x$eap_sim = xtrue) AM_CONDITIONAL(USE_EAP_SIM_FILE, test x$eap_sim_file = xtrue) AM_CONDITIONAL(USE_EAP_SIMAKA_PSEUDONYM, test x$eap_simaka_pseudonym = xtrue) @@ -774,6 +826,10 @@ AM_CONDITIONAL(USE_KERNEL_NETLINK, test x$kernel_netlink = xtrue) AM_CONDITIONAL(USE_KERNEL_PFKEY, test x$kernel_pfkey = xtrue) AM_CONDITIONAL(USE_KERNEL_PFROUTE, test x$kernel_pfroute = xtrue) AM_CONDITIONAL(USE_KERNEL_KLIPS, test x$kernel_klips = xtrue) +AM_CONDITIONAL(USE_SOCKET_DEFAULT, test x$socket_default = xtrue) +AM_CONDITIONAL(USE_SOCKET_RAW, test x$socket_raw = xtrue) +AM_CONDITIONAL(USE_SOCKET_DYNAMIC, test x$socket_dynamic = xtrue) +AM_CONDITIONAL(USE_FARP, test x$farp = xtrue) dnl other options dnl ============= @@ -796,9 +852,11 @@ AM_CONDITIONAL(USE_CHARON, test x$charon = xtrue) AM_CONDITIONAL(USE_TOOLS, test x$tools = xtrue) AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue) AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pluto = xtrue -o x$tools = xtrue) +AM_CONDITIONAL(USE_LIBHYDRA, test x$charon = xtrue -o x$pluto = xtrue) AM_CONDITIONAL(USE_FILE_CONFIG, test x$pluto = xtrue -o x$stroke = xtrue) AM_CONDITIONAL(USE_VSTR, test x$vstr = xtrue) AM_CONDITIONAL(USE_SIMAKA, test x$simaka = xtrue) +AM_CONDITIONAL(MONOLITHIC, test x$monolithic = xtrue) dnl ============================== dnl set global definitions @@ -810,6 +868,10 @@ fi if test x$capabilities = xlibcap; then AC_DEFINE(CAPABILITIES) fi +if test x$monolithic = xtrue; then + AC_DEFINE(MONOLITHIC) +fi + dnl ============================== dnl build Makefiles @@ -842,44 +904,53 @@ AC_OUTPUT( src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile - src/libstrongswan/plugins/attr_sql/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/test_vectors/Makefile + src/libhydra/Makefile + src/libhydra/plugins/attr/Makefile + src/libhydra/plugins/attr_sql/Makefile src/libfreeswan/Makefile src/libsimaka/Makefile src/pluto/Makefile src/whack/Makefile src/charon/Makefile - src/charon/plugins/eap_aka/Makefile - src/charon/plugins/eap_aka_3gpp2/Makefile - src/charon/plugins/eap_identity/Makefile - src/charon/plugins/eap_md5/Makefile - src/charon/plugins/eap_gtc/Makefile - src/charon/plugins/eap_sim/Makefile - src/charon/plugins/eap_sim_file/Makefile - src/charon/plugins/eap_simaka_pseudonym/Makefile - src/charon/plugins/eap_simaka_reauth/Makefile - src/charon/plugins/eap_mschapv2/Makefile - src/charon/plugins/eap_radius/Makefile - src/charon/plugins/kernel_netlink/Makefile - src/charon/plugins/kernel_pfkey/Makefile - src/charon/plugins/kernel_pfroute/Makefile - src/charon/plugins/kernel_klips/Makefile - src/charon/plugins/smp/Makefile - src/charon/plugins/sql/Makefile - src/charon/plugins/medsrv/Makefile - src/charon/plugins/medcli/Makefile - src/charon/plugins/nm/Makefile - src/charon/plugins/uci/Makefile - src/charon/plugins/stroke/Makefile - src/charon/plugins/updown/Makefile - src/charon/plugins/attr/Makefile - src/charon/plugins/resolve/Makefile - src/charon/plugins/unit_tester/Makefile - src/charon/plugins/load_tester/Makefile + src/libcharon/Makefile + src/libcharon/plugins/eap_aka/Makefile + src/libcharon/plugins/eap_aka_3gpp2/Makefile + src/libcharon/plugins/eap_identity/Makefile + src/libcharon/plugins/eap_md5/Makefile + src/libcharon/plugins/eap_gtc/Makefile + src/libcharon/plugins/eap_sim/Makefile + src/libcharon/plugins/eap_sim_file/Makefile + src/libcharon/plugins/eap_simaka_pseudonym/Makefile + src/libcharon/plugins/eap_simaka_reauth/Makefile + src/libcharon/plugins/eap_mschapv2/Makefile + src/libcharon/plugins/eap_radius/Makefile + src/libcharon/plugins/kernel_netlink/Makefile + src/libcharon/plugins/kernel_pfkey/Makefile + src/libcharon/plugins/kernel_pfroute/Makefile + src/libcharon/plugins/kernel_klips/Makefile + src/libcharon/plugins/socket_default/Makefile + src/libcharon/plugins/socket_raw/Makefile + src/libcharon/plugins/socket_dynamic/Makefile + src/libcharon/plugins/farp/Makefile + src/libcharon/plugins/smp/Makefile + src/libcharon/plugins/sql/Makefile + src/libcharon/plugins/medsrv/Makefile + src/libcharon/plugins/medcli/Makefile + src/libcharon/plugins/nm/Makefile + src/libcharon/plugins/uci/Makefile + src/libcharon/plugins/ha/Makefile + src/libcharon/plugins/android/Makefile + src/libcharon/plugins/stroke/Makefile + src/libcharon/plugins/updown/Makefile + src/libcharon/plugins/dhcp/Makefile + src/libcharon/plugins/resolve/Makefile + src/libcharon/plugins/unit_tester/Makefile + src/libcharon/plugins/load_tester/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile diff --git a/m4/macros/enable-disable.m4 b/m4/macros/enable-disable.m4 index 6d7959e4e..3d423652f 100644 --- a/m4/macros/enable-disable.m4 +++ b/m4/macros/enable-disable.m4 @@ -6,12 +6,14 @@ AC_DEFUN([ARG_ENABL_SET], [AC_ARG_ENABLE( [$1], AS_HELP_STRING([--enable-$1], [$2]), - [if test x$enableval = xyes; then + [patsubst([$1], [-], [_])_given=true + if test x$enableval = xyes; then patsubst([$1], [-], [_])=true else patsubst([$1], [-], [_])=false fi], - patsubst([$1], [-], [_])=false + [patsubst([$1], [-], [_])=false + patsubst([$1], [-], [_])_given=false] )] ) @@ -22,11 +24,13 @@ AC_DEFUN([ARG_DISBL_SET], [AC_ARG_ENABLE( [$1], AS_HELP_STRING([--disable-$1], [$2]), - [if test x$enableval = xyes; then + [patsubst([$1], [-], [_])_given=true + if test x$enableval = xyes; then patsubst([$1], [-], [_])=true else patsubst([$1], [-], [_])=false fi], - patsubst([$1], [-], [_])=true + [patsubst([$1], [-], [_])=true + patsubst([$1], [-], [_])_given=false] )] ) diff --git a/scripts/Makefile.am b/scripts/Makefile.am index 24e3cd164..70a56f697 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -17,3 +17,7 @@ key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la dh_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt + +key2keyid.o : $(top_builddir)/config.status + +keyid2sql.o : $(top_builddir)/config.status diff --git a/scripts/Makefile.in b/scripts/Makefile.in index 7d1af0803..6a75fa7ae 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -226,6 +226,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -585,6 +586,10 @@ uninstall-am: pdf pdf-am ps ps-am tags uninstall uninstall-am +key2keyid.o : $(top_builddir)/config.status + +keyid2sql.o : $(top_builddir)/config.status + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/scripts/dh_speed.c b/scripts/dh_speed.c index b85bf1ad8..ce102491b 100644 --- a/scripts/dh_speed.c +++ b/scripts/dh_speed.c @@ -15,19 +15,22 @@ struct { char *name; diffie_hellman_group_t group; } groups[] = { - {"modp768", MODP_768_BIT}, - {"modp1024", MODP_1024_BIT}, - {"modp1536", MODP_1536_BIT}, - {"modp2048", MODP_2048_BIT}, - {"modp3072", MODP_3072_BIT}, - {"modp4096", MODP_4096_BIT}, - {"modp6144", MODP_6144_BIT}, - {"modp8192", MODP_8192_BIT}, - {"ecp256", ECP_256_BIT}, - {"ecp384", ECP_384_BIT}, - {"ecp521", ECP_521_BIT}, - {"ecp192", ECP_192_BIT}, - {"ecp224", ECP_224_BIT}, + {"modp768", MODP_768_BIT}, + {"modp1024", MODP_1024_BIT}, + {"modp1024s160", MODP_1024_160}, + {"modp1536", MODP_1536_BIT}, + {"modp2048", MODP_2048_BIT}, + {"modp2048s224", MODP_2048_224}, + {"modp2048s256", MODP_2048_256}, + {"modp3072", MODP_3072_BIT}, + {"modp4096", MODP_4096_BIT}, + {"modp6144", MODP_6144_BIT}, + {"modp8192", MODP_8192_BIT}, + {"ecp256", ECP_256_BIT}, + {"ecp384", ECP_384_BIT}, + {"ecp521", ECP_521_BIT}, + {"ecp192", ECP_192_BIT}, + {"ecp224", ECP_224_BIT}, }; static void start_timing(struct timespec *start) diff --git a/src/Makefile.am b/src/Makefile.am index ae3ec8a20..8d4dd2e37 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -4,6 +4,10 @@ if USE_LIBSTRONGSWAN SUBDIRS += libstrongswan endif +if USE_LIBHYDRA + SUBDIRS += libhydra +endif + if USE_SIMAKA SUBDIRS += libsimaka endif @@ -17,7 +21,7 @@ if USE_PLUTO endif if USE_CHARON - SUBDIRS += charon + SUBDIRS += libcharon charon endif if USE_STROKE @@ -29,7 +33,7 @@ if USE_UPDOWN endif if USE_TOOLS - SUBDIRS += openac scepclient pki + SUBDIRS += libfreeswan openac scepclient pki endif if USE_DUMM diff --git a/src/Makefile.in b/src/Makefile.in index 2e305f50a..2a04c8b19 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -34,18 +34,19 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @USE_LIBSTRONGSWAN_TRUE@am__append_1 = libstrongswan -@USE_SIMAKA_TRUE@am__append_2 = libsimaka -@USE_FILE_CONFIG_TRUE@am__append_3 = libfreeswan starter ipsec _copyright -@USE_PLUTO_TRUE@am__append_4 = pluto whack -@USE_CHARON_TRUE@am__append_5 = charon -@USE_STROKE_TRUE@am__append_6 = stroke -@USE_UPDOWN_TRUE@am__append_7 = _updown _updown_espmark -@USE_TOOLS_TRUE@am__append_8 = openac scepclient pki -@USE_DUMM_TRUE@am__append_9 = dumm -@USE_FAST_TRUE@am__append_10 = libfast -@USE_MANAGER_TRUE@am__append_11 = manager -@USE_MEDSRV_TRUE@am__append_12 = medsrv -@USE_INTEGRITY_TEST_TRUE@am__append_13 = checksum +@USE_LIBHYDRA_TRUE@am__append_2 = libhydra +@USE_SIMAKA_TRUE@am__append_3 = libsimaka +@USE_FILE_CONFIG_TRUE@am__append_4 = libfreeswan starter ipsec _copyright +@USE_PLUTO_TRUE@am__append_5 = pluto whack +@USE_CHARON_TRUE@am__append_6 = libcharon charon +@USE_STROKE_TRUE@am__append_7 = stroke +@USE_UPDOWN_TRUE@am__append_8 = _updown _updown_espmark +@USE_TOOLS_TRUE@am__append_9 = libfreeswan openac scepclient pki +@USE_DUMM_TRUE@am__append_10 = dumm +@USE_FAST_TRUE@am__append_11 = libfast +@USE_MANAGER_TRUE@am__append_12 = manager +@USE_MEDSRV_TRUE@am__append_13 = medsrv +@USE_INTEGRITY_TEST_TRUE@am__append_14 = checksum subdir = src DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -78,10 +79,10 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = . include libstrongswan libsimaka libfreeswan starter \ - ipsec _copyright pluto whack charon stroke _updown \ - _updown_espmark openac scepclient pki dumm libfast manager \ - medsrv checksum +DIST_SUBDIRS = . include libstrongswan libhydra libsimaka libfreeswan \ + starter ipsec _copyright pluto whack libcharon charon stroke \ + _updown _updown_espmark openac scepclient pki dumm libfast \ + manager medsrv checksum DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -228,6 +229,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -266,7 +268,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_5) $(am__append_6) \ $(am__append_7) $(am__append_8) $(am__append_9) \ $(am__append_10) $(am__append_11) $(am__append_12) \ - $(am__append_13) + $(am__append_13) $(am__append_14) EXTRA_DIST = strongswan.conf all: all-recursive diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index fe529a151..d4e1c157b 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -221,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index e99238ed8..cf153461d 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in index ed88b67a6..a4379b44c 100644 --- a/src/_updown_espmark/Makefile.in +++ b/src/_updown_espmark/Makefile.in @@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/src/charon/Android.mk b/src/charon/Android.mk new file mode 100644 index 000000000..491d7f946 --- /dev/null +++ b/src/charon/Android.mk @@ -0,0 +1,27 @@ +LOCAL_PATH := $(call my-dir) +include $(CLEAR_VARS) + +# copy-n-paste from Makefile.am +LOCAL_SRC_FILES := \ +charon.c + +# build charon ----------------------------------------------------------------- + +LOCAL_C_INCLUDES += \ + $(libvstr_PATH) \ + $(strongswan_PATH)/src/libhydra \ + $(strongswan_PATH)/src/libcharon \ + $(strongswan_PATH)/src/libstrongswan + +LOCAL_CFLAGS := $(strongswan_CFLAGS) + +LOCAL_MODULE := charon + +LOCAL_ARM_MODE := arm + +LOCAL_PRELINK_MODULE := false + +LOCAL_SHARED_LIBRARIES += libstrongswan libhydra libcharon + +include $(BUILD_EXECUTABLE) + diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index e20d45cf8..6481947f1 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -1,275 +1,22 @@ ipsec_PROGRAMS = charon charon_SOURCES = \ -bus/bus.c bus/bus.h \ -bus/listeners/listener.h \ -bus/listeners/file_logger.c bus/listeners/file_logger.h \ -bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ -config/backend_manager.c config/backend_manager.h config/backend.h \ -config/child_cfg.c config/child_cfg.h \ -config/ike_cfg.c config/ike_cfg.h \ -config/peer_cfg.c config/peer_cfg.h \ -config/proposal.c config/proposal.h \ -config/auth_cfg.c config/auth_cfg.h \ -control/controller.c control/controller.h \ -daemon.c daemon.h \ -encoding/generator.c encoding/generator.h \ -encoding/message.c encoding/message.h \ -encoding/parser.c encoding/parser.h \ -encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \ -encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \ -encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \ -encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \ -encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ -encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \ -encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \ -encoding/payloads/encodings.c encoding/payloads/encodings.h \ -encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \ -encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ -encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ -encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ -encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \ -encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \ -encoding/payloads/payload.c encoding/payloads/payload.h \ -encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \ -encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \ -encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \ -encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \ -encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \ -encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \ -encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \ -encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \ -kernel/kernel_interface.c kernel/kernel_interface.h \ -kernel/kernel_ipsec.c kernel/kernel_ipsec.h \ -kernel/kernel_net.h \ -network/packet.c network/packet.h \ -network/receiver.c network/receiver.h \ -network/sender.c network/sender.h \ -network/socket.h \ -processing/jobs/job.h \ -processing/jobs/acquire_job.c processing/jobs/acquire_job.h \ -processing/jobs/callback_job.c processing/jobs/callback_job.h \ -processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \ -processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \ -processing/jobs/migrate_job.c processing/jobs/migrate_job.h \ -processing/jobs/process_message_job.c processing/jobs/process_message_job.h \ -processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \ -processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \ -processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \ -processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ -processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \ -processing/jobs/roam_job.c processing/jobs/roam_job.h \ -processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ -processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ -processing/scheduler.c processing/scheduler.h \ -processing/processor.c processing/processor.h \ -sa/authenticators/authenticator.c sa/authenticators/authenticator.h \ -sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \ -sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \ -sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \ -sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \ -sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \ -sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \ -sa/child_sa.c sa/child_sa.h \ -sa/ike_sa.c sa/ike_sa.h \ -sa/ike_sa_id.c sa/ike_sa_id.h \ -sa/ike_sa_manager.c sa/ike_sa_manager.h \ -sa/task_manager.c sa/task_manager.h \ -sa/keymat.c sa/keymat.h \ -sa/trap_manager.c sa/trap_manager.h \ -sa/tasks/child_create.c sa/tasks/child_create.h \ -sa/tasks/child_delete.c sa/tasks/child_delete.h \ -sa/tasks/child_rekey.c sa/tasks/child_rekey.h \ -sa/tasks/ike_auth.c sa/tasks/ike_auth.h \ -sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \ -sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \ -sa/tasks/ike_config.c sa/tasks/ike_config.h \ -sa/tasks/ike_delete.c sa/tasks/ike_delete.h \ -sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \ -sa/tasks/ike_init.c sa/tasks/ike_init.h \ -sa/tasks/ike_natd.c sa/tasks/ike_natd.h \ -sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \ -sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \ -sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ -sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ -sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ -sa/tasks/task.c sa/tasks/task.h \ -credentials/credential_manager.c credentials/credential_manager.h \ -credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \ -credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \ -credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ -credentials/credential_set.h +charon.c -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -AM_CFLAGS = -rdynamic \ - -DIPSEC_DIR=\"${ipsecdir}\" \ - -DIPSEC_PIDDIR=\"${piddir}\" -charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) +INCLUDES = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -# compile options -################# +AM_CFLAGS = \ + -DIPSEC_DIR=\"${ipsecdir}\" \ + -DIPSEC_PIDDIR=\"${piddir}\" -# Use RAW socket if pluto gets built -if USE_PLUTO - charon_SOURCES += network/socket-raw.c -else - charon_SOURCES += network/socket.c -endif +charon_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + -lm $(PTHREADLIB) $(DLLIB) -if USE_ME - charon_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \ - processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \ - processing/jobs/mediation_job.c processing/jobs/mediation_job.h \ - sa/connect_manager.c sa/connect_manager.h \ - sa/mediation_manager.c sa/mediation_manager.h \ - sa/tasks/ike_me.c sa/tasks/ike_me.h -endif - -if USE_CAPABILITIES - charon_LDADD += -lcap -endif - - -# build optional plugins -######################## - -SUBDIRS = . -PLUGINS = ${libstrongswan_plugins} - -if USE_LOAD_TESTER - SUBDIRS += plugins/load_tester - PLUGINS += load-tester -endif - -if USE_KERNEL_PFKEY - SUBDIRS += plugins/kernel_pfkey - PLUGINS += kernel-pfkey -endif - -if USE_KERNEL_PFROUTE - SUBDIRS += plugins/kernel_pfroute - PLUGINS += kernel-pfroute -endif - -if USE_KERNEL_KLIPS - SUBDIRS += plugins/kernel_klips - PLUGINS += kernel-klips -endif - -if USE_KERNEL_NETLINK - SUBDIRS += plugins/kernel_netlink - PLUGINS += kernel-netlink -endif - -if USE_STROKE - SUBDIRS += plugins/stroke - PLUGINS += stroke -endif - -if USE_SMP - SUBDIRS += plugins/smp - PLUGINS += smp -endif - -if USE_SQL - SUBDIRS += plugins/sql - PLUGINS += sql -endif - -if USE_UPDOWN - SUBDIRS += plugins/updown - PLUGINS += updown -endif - -if USE_ATTR - SUBDIRS += plugins/attr - PLUGINS += attr -endif - -if USE_EAP_IDENTITY - SUBDIRS += plugins/eap_identity - PLUGINS += eap-identity -endif - -if USE_EAP_SIM - SUBDIRS += plugins/eap_sim - PLUGINS += eap-sim -endif - -if USE_EAP_SIM_FILE - SUBDIRS += plugins/eap_sim_file - PLUGINS += eap-sim-file -endif - -if USE_EAP_SIMAKA_PSEUDONYM - SUBDIRS += plugins/eap_simaka_pseudonym - PLUGINS += eap-simaka-pseudonym -endif - -if USE_EAP_SIMAKA_REAUTH - SUBDIRS += plugins/eap_simaka_reauth - PLUGINS += eap-simaka-reauth -endif - -if USE_EAP_MD5 - SUBDIRS += plugins/eap_md5 - PLUGINS += eap-md5 -endif - -if USE_EAP_GTC - SUBDIRS += plugins/eap_gtc - PLUGINS += eap-gtc -endif - -if USE_EAP_AKA - SUBDIRS += plugins/eap_aka - PLUGINS += eap-aka -endif - -if USE_EAP_AKA_3GPP2 - SUBDIRS += plugins/eap_aka_3gpp2 - PLUGINS += eap-aka-3gpp2 -endif - -if USE_EAP_MSCHAPV2 - SUBDIRS += plugins/eap_mschapv2 - PLUGINS += eap-mschapv2 -endif - -if USE_EAP_RADIUS - SUBDIRS += plugins/eap_radius - PLUGINS += eap-radius -endif - -if USE_MEDSRV - SUBDIRS += plugins/medsrv - PLUGINS += medsrv -endif - -if USE_MEDCLI - SUBDIRS += plugins/medcli - PLUGINS += medcli -endif - -if USE_NM - SUBDIRS += plugins/nm - PLUGINS += nm -endif - -if USE_RESOLVE - SUBDIRS += plugins/resolve - PLUGINS += resolve -endif - -if USE_UCI - SUBDIRS += plugins/uci - PLUGINS += uci -endif - -if USE_UNIT_TESTS - SUBDIRS += plugins/unit_tester - PLUGINS += unit-tester -endif - -AM_CFLAGS += -DPLUGINS=\""${PLUGINS}\"" +EXTRA_DIST = Android.mk diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index d7339b226..66690a37a 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -35,75 +35,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = charon$(EXEEXT) - -# compile options -################# - -# Use RAW socket if pluto gets built -@USE_PLUTO_TRUE@am__append_1 = network/socket-raw.c -@USE_PLUTO_FALSE@am__append_2 = network/socket.c -@USE_ME_TRUE@am__append_3 = encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \ -@USE_ME_TRUE@ processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \ -@USE_ME_TRUE@ processing/jobs/mediation_job.c processing/jobs/mediation_job.h \ -@USE_ME_TRUE@ sa/connect_manager.c sa/connect_manager.h \ -@USE_ME_TRUE@ sa/mediation_manager.c sa/mediation_manager.h \ -@USE_ME_TRUE@ sa/tasks/ike_me.c sa/tasks/ike_me.h - -@USE_CAPABILITIES_TRUE@am__append_4 = -lcap -@USE_LOAD_TESTER_TRUE@am__append_5 = plugins/load_tester -@USE_LOAD_TESTER_TRUE@am__append_6 = load-tester -@USE_KERNEL_PFKEY_TRUE@am__append_7 = plugins/kernel_pfkey -@USE_KERNEL_PFKEY_TRUE@am__append_8 = kernel-pfkey -@USE_KERNEL_PFROUTE_TRUE@am__append_9 = plugins/kernel_pfroute -@USE_KERNEL_PFROUTE_TRUE@am__append_10 = kernel-pfroute -@USE_KERNEL_KLIPS_TRUE@am__append_11 = plugins/kernel_klips -@USE_KERNEL_KLIPS_TRUE@am__append_12 = kernel-klips -@USE_KERNEL_NETLINK_TRUE@am__append_13 = plugins/kernel_netlink -@USE_KERNEL_NETLINK_TRUE@am__append_14 = kernel-netlink -@USE_STROKE_TRUE@am__append_15 = plugins/stroke -@USE_STROKE_TRUE@am__append_16 = stroke -@USE_SMP_TRUE@am__append_17 = plugins/smp -@USE_SMP_TRUE@am__append_18 = smp -@USE_SQL_TRUE@am__append_19 = plugins/sql -@USE_SQL_TRUE@am__append_20 = sql -@USE_UPDOWN_TRUE@am__append_21 = plugins/updown -@USE_UPDOWN_TRUE@am__append_22 = updown -@USE_ATTR_TRUE@am__append_23 = plugins/attr -@USE_ATTR_TRUE@am__append_24 = attr -@USE_EAP_IDENTITY_TRUE@am__append_25 = plugins/eap_identity -@USE_EAP_IDENTITY_TRUE@am__append_26 = eap-identity -@USE_EAP_SIM_TRUE@am__append_27 = plugins/eap_sim -@USE_EAP_SIM_TRUE@am__append_28 = eap-sim -@USE_EAP_SIM_FILE_TRUE@am__append_29 = plugins/eap_sim_file -@USE_EAP_SIM_FILE_TRUE@am__append_30 = eap-sim-file -@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_31 = plugins/eap_simaka_pseudonym -@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_32 = eap-simaka-pseudonym -@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_33 = plugins/eap_simaka_reauth -@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_34 = eap-simaka-reauth -@USE_EAP_MD5_TRUE@am__append_35 = plugins/eap_md5 -@USE_EAP_MD5_TRUE@am__append_36 = eap-md5 -@USE_EAP_GTC_TRUE@am__append_37 = plugins/eap_gtc -@USE_EAP_GTC_TRUE@am__append_38 = eap-gtc -@USE_EAP_AKA_TRUE@am__append_39 = plugins/eap_aka -@USE_EAP_AKA_TRUE@am__append_40 = eap-aka -@USE_EAP_AKA_3GPP2_TRUE@am__append_41 = plugins/eap_aka_3gpp2 -@USE_EAP_AKA_3GPP2_TRUE@am__append_42 = eap-aka-3gpp2 -@USE_EAP_MSCHAPV2_TRUE@am__append_43 = plugins/eap_mschapv2 -@USE_EAP_MSCHAPV2_TRUE@am__append_44 = eap-mschapv2 -@USE_EAP_RADIUS_TRUE@am__append_45 = plugins/eap_radius -@USE_EAP_RADIUS_TRUE@am__append_46 = eap-radius -@USE_MEDSRV_TRUE@am__append_47 = plugins/medsrv -@USE_MEDSRV_TRUE@am__append_48 = medsrv -@USE_MEDCLI_TRUE@am__append_49 = plugins/medcli -@USE_MEDCLI_TRUE@am__append_50 = medcli -@USE_NM_TRUE@am__append_51 = plugins/nm -@USE_NM_TRUE@am__append_52 = nm -@USE_RESOLVE_TRUE@am__append_53 = plugins/resolve -@USE_RESOLVE_TRUE@am__append_54 = resolve -@USE_UCI_TRUE@am__append_55 = plugins/uci -@USE_UCI_TRUE@am__append_56 = uci -@USE_UNIT_TESTS_TRUE@am__append_57 = plugins/unit_tester -@USE_UNIT_TESTS_TRUE@am__append_58 = unit-tester subdir = src/charon DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -122,186 +53,13 @@ CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(ipsecdir)" PROGRAMS = $(ipsec_PROGRAMS) -am__charon_SOURCES_DIST = bus/bus.c bus/bus.h bus/listeners/listener.h \ - bus/listeners/file_logger.c bus/listeners/file_logger.h \ - bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ - config/backend_manager.c config/backend_manager.h \ - config/backend.h config/child_cfg.c config/child_cfg.h \ - config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \ - config/peer_cfg.h config/proposal.c config/proposal.h \ - config/auth_cfg.c config/auth_cfg.h control/controller.c \ - control/controller.h daemon.c daemon.h encoding/generator.c \ - encoding/generator.h encoding/message.c encoding/message.h \ - encoding/parser.c encoding/parser.h \ - encoding/payloads/auth_payload.c \ - encoding/payloads/auth_payload.h \ - encoding/payloads/cert_payload.c \ - encoding/payloads/cert_payload.h \ - encoding/payloads/certreq_payload.c \ - encoding/payloads/certreq_payload.h \ - encoding/payloads/configuration_attribute.c \ - encoding/payloads/configuration_attribute.h \ - encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ - encoding/payloads/delete_payload.c \ - encoding/payloads/delete_payload.h \ - encoding/payloads/eap_payload.c \ - encoding/payloads/eap_payload.h encoding/payloads/encodings.c \ - encoding/payloads/encodings.h \ - encoding/payloads/encryption_payload.c \ - encoding/payloads/encryption_payload.h \ - encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ - encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ - encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ - encoding/payloads/nonce_payload.c \ - encoding/payloads/nonce_payload.h \ - encoding/payloads/notify_payload.c \ - encoding/payloads/notify_payload.h encoding/payloads/payload.c \ - encoding/payloads/payload.h \ - encoding/payloads/proposal_substructure.c \ - encoding/payloads/proposal_substructure.h \ - encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \ - encoding/payloads/traffic_selector_substructure.c \ - encoding/payloads/traffic_selector_substructure.h \ - encoding/payloads/transform_attribute.c \ - encoding/payloads/transform_attribute.h \ - encoding/payloads/transform_substructure.c \ - encoding/payloads/transform_substructure.h \ - encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \ - encoding/payloads/unknown_payload.c \ - encoding/payloads/unknown_payload.h \ - encoding/payloads/vendor_id_payload.c \ - encoding/payloads/vendor_id_payload.h \ - kernel/kernel_interface.c kernel/kernel_interface.h \ - kernel/kernel_ipsec.c kernel/kernel_ipsec.h \ - kernel/kernel_net.h network/packet.c network/packet.h \ - network/receiver.c network/receiver.h network/sender.c \ - network/sender.h network/socket.h processing/jobs/job.h \ - processing/jobs/acquire_job.c processing/jobs/acquire_job.h \ - processing/jobs/callback_job.c processing/jobs/callback_job.h \ - processing/jobs/delete_child_sa_job.c \ - processing/jobs/delete_child_sa_job.h \ - processing/jobs/delete_ike_sa_job.c \ - processing/jobs/delete_ike_sa_job.h \ - processing/jobs/migrate_job.c processing/jobs/migrate_job.h \ - processing/jobs/process_message_job.c \ - processing/jobs/process_message_job.h \ - processing/jobs/rekey_child_sa_job.c \ - processing/jobs/rekey_child_sa_job.h \ - processing/jobs/rekey_ike_sa_job.c \ - processing/jobs/rekey_ike_sa_job.h \ - processing/jobs/retransmit_job.c \ - processing/jobs/retransmit_job.h \ - processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ - processing/jobs/send_keepalive_job.c \ - processing/jobs/send_keepalive_job.h \ - processing/jobs/roam_job.c processing/jobs/roam_job.h \ - processing/jobs/update_sa_job.c \ - processing/jobs/update_sa_job.h \ - processing/jobs/inactivity_job.c \ - processing/jobs/inactivity_job.h processing/scheduler.c \ - processing/scheduler.h processing/processor.c \ - processing/processor.h sa/authenticators/authenticator.c \ - sa/authenticators/authenticator.h \ - sa/authenticators/eap_authenticator.c \ - sa/authenticators/eap_authenticator.h \ - sa/authenticators/eap/eap_method.c \ - sa/authenticators/eap/eap_method.h \ - sa/authenticators/eap/eap_manager.c \ - sa/authenticators/eap/eap_manager.h \ - sa/authenticators/eap/sim_manager.c \ - sa/authenticators/eap/sim_manager.h \ - sa/authenticators/psk_authenticator.c \ - sa/authenticators/psk_authenticator.h \ - sa/authenticators/pubkey_authenticator.c \ - sa/authenticators/pubkey_authenticator.h sa/child_sa.c \ - sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \ - sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \ - sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \ - sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \ - sa/tasks/child_create.h sa/tasks/child_delete.c \ - sa/tasks/child_delete.h sa/tasks/child_rekey.c \ - sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \ - sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \ - sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \ - sa/tasks/ike_config.c sa/tasks/ike_config.h \ - sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \ - sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \ - sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \ - sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \ - sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \ - sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ - sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ - sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ - credentials/credential_manager.c \ - credentials/credential_manager.h \ - credentials/sets/auth_cfg_wrapper.c \ - credentials/sets/auth_cfg_wrapper.h \ - credentials/sets/ocsp_response_wrapper.c \ - credentials/sets/ocsp_response_wrapper.h \ - credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ - credentials/credential_set.h network/socket-raw.c \ - network/socket.c encoding/payloads/endpoint_notify.c \ - encoding/payloads/endpoint_notify.h \ - processing/jobs/initiate_mediation_job.c \ - processing/jobs/initiate_mediation_job.h \ - processing/jobs/mediation_job.c \ - processing/jobs/mediation_job.h sa/connect_manager.c \ - sa/connect_manager.h sa/mediation_manager.c \ - sa/mediation_manager.h sa/tasks/ike_me.c sa/tasks/ike_me.h -@USE_PLUTO_TRUE@am__objects_1 = socket-raw.$(OBJEXT) -@USE_PLUTO_FALSE@am__objects_2 = socket.$(OBJEXT) -@USE_ME_TRUE@am__objects_3 = endpoint_notify.$(OBJEXT) \ -@USE_ME_TRUE@ initiate_mediation_job.$(OBJEXT) \ -@USE_ME_TRUE@ mediation_job.$(OBJEXT) connect_manager.$(OBJEXT) \ -@USE_ME_TRUE@ mediation_manager.$(OBJEXT) ike_me.$(OBJEXT) -am_charon_OBJECTS = bus.$(OBJEXT) file_logger.$(OBJEXT) \ - sys_logger.$(OBJEXT) backend_manager.$(OBJEXT) \ - child_cfg.$(OBJEXT) ike_cfg.$(OBJEXT) peer_cfg.$(OBJEXT) \ - proposal.$(OBJEXT) auth_cfg.$(OBJEXT) controller.$(OBJEXT) \ - daemon.$(OBJEXT) generator.$(OBJEXT) message.$(OBJEXT) \ - parser.$(OBJEXT) auth_payload.$(OBJEXT) cert_payload.$(OBJEXT) \ - certreq_payload.$(OBJEXT) configuration_attribute.$(OBJEXT) \ - cp_payload.$(OBJEXT) delete_payload.$(OBJEXT) \ - eap_payload.$(OBJEXT) encodings.$(OBJEXT) \ - encryption_payload.$(OBJEXT) id_payload.$(OBJEXT) \ - ike_header.$(OBJEXT) ke_payload.$(OBJEXT) \ - nonce_payload.$(OBJEXT) notify_payload.$(OBJEXT) \ - payload.$(OBJEXT) proposal_substructure.$(OBJEXT) \ - sa_payload.$(OBJEXT) traffic_selector_substructure.$(OBJEXT) \ - transform_attribute.$(OBJEXT) transform_substructure.$(OBJEXT) \ - ts_payload.$(OBJEXT) unknown_payload.$(OBJEXT) \ - vendor_id_payload.$(OBJEXT) kernel_interface.$(OBJEXT) \ - kernel_ipsec.$(OBJEXT) packet.$(OBJEXT) receiver.$(OBJEXT) \ - sender.$(OBJEXT) acquire_job.$(OBJEXT) callback_job.$(OBJEXT) \ - delete_child_sa_job.$(OBJEXT) delete_ike_sa_job.$(OBJEXT) \ - migrate_job.$(OBJEXT) process_message_job.$(OBJEXT) \ - rekey_child_sa_job.$(OBJEXT) rekey_ike_sa_job.$(OBJEXT) \ - retransmit_job.$(OBJEXT) send_dpd_job.$(OBJEXT) \ - send_keepalive_job.$(OBJEXT) roam_job.$(OBJEXT) \ - update_sa_job.$(OBJEXT) inactivity_job.$(OBJEXT) \ - scheduler.$(OBJEXT) processor.$(OBJEXT) \ - authenticator.$(OBJEXT) eap_authenticator.$(OBJEXT) \ - eap_method.$(OBJEXT) eap_manager.$(OBJEXT) \ - sim_manager.$(OBJEXT) psk_authenticator.$(OBJEXT) \ - pubkey_authenticator.$(OBJEXT) child_sa.$(OBJEXT) \ - ike_sa.$(OBJEXT) ike_sa_id.$(OBJEXT) ike_sa_manager.$(OBJEXT) \ - task_manager.$(OBJEXT) keymat.$(OBJEXT) trap_manager.$(OBJEXT) \ - child_create.$(OBJEXT) child_delete.$(OBJEXT) \ - child_rekey.$(OBJEXT) ike_auth.$(OBJEXT) \ - ike_cert_pre.$(OBJEXT) ike_cert_post.$(OBJEXT) \ - ike_config.$(OBJEXT) ike_delete.$(OBJEXT) ike_dpd.$(OBJEXT) \ - ike_init.$(OBJEXT) ike_natd.$(OBJEXT) ike_mobike.$(OBJEXT) \ - ike_rekey.$(OBJEXT) ike_reauth.$(OBJEXT) \ - ike_auth_lifetime.$(OBJEXT) ike_vendor.$(OBJEXT) \ - task.$(OBJEXT) credential_manager.$(OBJEXT) \ - auth_cfg_wrapper.$(OBJEXT) ocsp_response_wrapper.$(OBJEXT) \ - cert_cache.$(OBJEXT) $(am__objects_1) $(am__objects_2) \ - $(am__objects_3) +am_charon_OBJECTS = charon.$(OBJEXT) charon_OBJECTS = $(am_charon_OBJECTS) am__DEPENDENCIES_1 = charon_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp @@ -317,57 +75,10 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(charon_SOURCES) -DIST_SOURCES = $(am__charon_SOURCES_DIST) -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir +DIST_SOURCES = $(charon_SOURCES) ETAGS = etags CTAGS = ctags -DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \ - plugins/kernel_pfroute plugins/kernel_klips \ - plugins/kernel_netlink plugins/stroke plugins/smp plugins/sql \ - plugins/updown plugins/attr plugins/eap_identity \ - plugins/eap_sim plugins/eap_sim_file \ - plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \ - plugins/eap_md5 plugins/eap_gtc plugins/eap_aka \ - plugins/eap_aka_3gpp2 plugins/eap_mschapv2 plugins/eap_radius \ - plugins/medsrv plugins/medcli plugins/nm plugins/resolve \ - plugins/uci plugins/unit_tester DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ @@ -488,6 +199,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -522,153 +234,26 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -charon_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ - bus/listeners/file_logger.c bus/listeners/file_logger.h \ - bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ - config/backend_manager.c config/backend_manager.h \ - config/backend.h config/child_cfg.c config/child_cfg.h \ - config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \ - config/peer_cfg.h config/proposal.c config/proposal.h \ - config/auth_cfg.c config/auth_cfg.h control/controller.c \ - control/controller.h daemon.c daemon.h encoding/generator.c \ - encoding/generator.h encoding/message.c encoding/message.h \ - encoding/parser.c encoding/parser.h \ - encoding/payloads/auth_payload.c \ - encoding/payloads/auth_payload.h \ - encoding/payloads/cert_payload.c \ - encoding/payloads/cert_payload.h \ - encoding/payloads/certreq_payload.c \ - encoding/payloads/certreq_payload.h \ - encoding/payloads/configuration_attribute.c \ - encoding/payloads/configuration_attribute.h \ - encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ - encoding/payloads/delete_payload.c \ - encoding/payloads/delete_payload.h \ - encoding/payloads/eap_payload.c \ - encoding/payloads/eap_payload.h encoding/payloads/encodings.c \ - encoding/payloads/encodings.h \ - encoding/payloads/encryption_payload.c \ - encoding/payloads/encryption_payload.h \ - encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ - encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ - encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ - encoding/payloads/nonce_payload.c \ - encoding/payloads/nonce_payload.h \ - encoding/payloads/notify_payload.c \ - encoding/payloads/notify_payload.h encoding/payloads/payload.c \ - encoding/payloads/payload.h \ - encoding/payloads/proposal_substructure.c \ - encoding/payloads/proposal_substructure.h \ - encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \ - encoding/payloads/traffic_selector_substructure.c \ - encoding/payloads/traffic_selector_substructure.h \ - encoding/payloads/transform_attribute.c \ - encoding/payloads/transform_attribute.h \ - encoding/payloads/transform_substructure.c \ - encoding/payloads/transform_substructure.h \ - encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \ - encoding/payloads/unknown_payload.c \ - encoding/payloads/unknown_payload.h \ - encoding/payloads/vendor_id_payload.c \ - encoding/payloads/vendor_id_payload.h \ - kernel/kernel_interface.c kernel/kernel_interface.h \ - kernel/kernel_ipsec.c kernel/kernel_ipsec.h \ - kernel/kernel_net.h network/packet.c network/packet.h \ - network/receiver.c network/receiver.h network/sender.c \ - network/sender.h network/socket.h processing/jobs/job.h \ - processing/jobs/acquire_job.c processing/jobs/acquire_job.h \ - processing/jobs/callback_job.c processing/jobs/callback_job.h \ - processing/jobs/delete_child_sa_job.c \ - processing/jobs/delete_child_sa_job.h \ - processing/jobs/delete_ike_sa_job.c \ - processing/jobs/delete_ike_sa_job.h \ - processing/jobs/migrate_job.c processing/jobs/migrate_job.h \ - processing/jobs/process_message_job.c \ - processing/jobs/process_message_job.h \ - processing/jobs/rekey_child_sa_job.c \ - processing/jobs/rekey_child_sa_job.h \ - processing/jobs/rekey_ike_sa_job.c \ - processing/jobs/rekey_ike_sa_job.h \ - processing/jobs/retransmit_job.c \ - processing/jobs/retransmit_job.h \ - processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ - processing/jobs/send_keepalive_job.c \ - processing/jobs/send_keepalive_job.h \ - processing/jobs/roam_job.c processing/jobs/roam_job.h \ - processing/jobs/update_sa_job.c \ - processing/jobs/update_sa_job.h \ - processing/jobs/inactivity_job.c \ - processing/jobs/inactivity_job.h processing/scheduler.c \ - processing/scheduler.h processing/processor.c \ - processing/processor.h sa/authenticators/authenticator.c \ - sa/authenticators/authenticator.h \ - sa/authenticators/eap_authenticator.c \ - sa/authenticators/eap_authenticator.h \ - sa/authenticators/eap/eap_method.c \ - sa/authenticators/eap/eap_method.h \ - sa/authenticators/eap/eap_manager.c \ - sa/authenticators/eap/eap_manager.h \ - sa/authenticators/eap/sim_manager.c \ - sa/authenticators/eap/sim_manager.h \ - sa/authenticators/psk_authenticator.c \ - sa/authenticators/psk_authenticator.h \ - sa/authenticators/pubkey_authenticator.c \ - sa/authenticators/pubkey_authenticator.h sa/child_sa.c \ - sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \ - sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \ - sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \ - sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \ - sa/tasks/child_create.h sa/tasks/child_delete.c \ - sa/tasks/child_delete.h sa/tasks/child_rekey.c \ - sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \ - sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \ - sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \ - sa/tasks/ike_config.c sa/tasks/ike_config.h \ - sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \ - sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \ - sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \ - sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \ - sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \ - sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ - sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ - sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ - credentials/credential_manager.c \ - credentials/credential_manager.h \ - credentials/sets/auth_cfg_wrapper.c \ - credentials/sets/auth_cfg_wrapper.h \ - credentials/sets/ocsp_response_wrapper.c \ - credentials/sets/ocsp_response_wrapper.h \ - credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ - credentials/credential_set.h $(am__append_1) $(am__append_2) \ - $(am__append_3) -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -AM_CFLAGS = -rdynamic -DIPSEC_DIR=\"${ipsecdir}\" \ - -DIPSEC_PIDDIR=\"${piddir}\" -DPLUGINS=\""${PLUGINS}\"" -charon_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lm \ - $(PTHREADLIB) $(DLLIB) $(SOCKLIB) $(am__append_4) - -# build optional plugins -######################## -SUBDIRS = . $(am__append_5) $(am__append_7) $(am__append_9) \ - $(am__append_11) $(am__append_13) $(am__append_15) \ - $(am__append_17) $(am__append_19) $(am__append_21) \ - $(am__append_23) $(am__append_25) $(am__append_27) \ - $(am__append_29) $(am__append_31) $(am__append_33) \ - $(am__append_35) $(am__append_37) $(am__append_39) \ - $(am__append_41) $(am__append_43) $(am__append_45) \ - $(am__append_47) $(am__append_49) $(am__append_51) \ - $(am__append_53) $(am__append_55) $(am__append_57) -PLUGINS = ${libstrongswan_plugins} $(am__append_6) $(am__append_8) \ - $(am__append_10) $(am__append_12) $(am__append_14) \ - $(am__append_16) $(am__append_18) $(am__append_20) \ - $(am__append_22) $(am__append_24) $(am__append_26) \ - $(am__append_28) $(am__append_30) $(am__append_32) \ - $(am__append_34) $(am__append_36) $(am__append_38) \ - $(am__append_40) $(am__append_42) $(am__append_44) \ - $(am__append_46) $(am__append_48) $(am__append_50) \ - $(am__append_52) $(am__append_54) $(am__append_56) \ - $(am__append_58) -all: all-recursive +charon_SOURCES = \ +charon.c + +INCLUDES = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + -DIPSEC_DIR=\"${ipsecdir}\" \ + -DIPSEC_PIDDIR=\"${piddir}\" + +charon_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + -lm $(PTHREADLIB) $(DLLIB) + +EXTRA_DIST = Android.mk +all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj @@ -755,107 +340,7 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenticator.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backend_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bus.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_cache.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreq_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_cfg.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_create.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_delete.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_rekey.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_sa.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configuration_attribute.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connect_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/controller.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cp_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/credential_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_child_sa_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_ike_sa_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_authenticator.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_method.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encodings.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encryption_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/endpoint_notify.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file_logger.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generator.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth_lifetime.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_post.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_pre.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cfg.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_config.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_delete.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_dpd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_header.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_init.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_me.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_mobike.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_natd.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_reauth.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_rekey.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_ipsec.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keymat.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/migrate_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nonce_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response_wrapper.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/peer_cfg.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process_message_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/processor.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_substructure.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk_authenticator.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_authenticator.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/receiver.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_child_sa_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_ike_sa_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/retransmit_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/roam_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sa_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scheduler.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_dpd_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_keepalive_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sim_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket-raw.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trap_manager.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unknown_payload.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/update_sa_job.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor_id_payload.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/charon.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -878,1482 +363,12 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -bus.o: bus/bus.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.o -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/bus.c' object='bus.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.o `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c - -bus.obj: bus/bus.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.obj -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/bus.c' object='bus.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.obj `if test -f 'bus/bus.c'; then $(CYGPATH_W) 'bus/bus.c'; else $(CYGPATH_W) '$(srcdir)/bus/bus.c'; fi` - -file_logger.o: bus/listeners/file_logger.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.o -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/file_logger.c' object='file_logger.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.o `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c - -file_logger.obj: bus/listeners/file_logger.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.obj -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/file_logger.c' object='file_logger.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.obj `if test -f 'bus/listeners/file_logger.c'; then $(CYGPATH_W) 'bus/listeners/file_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/file_logger.c'; fi` - -sys_logger.o: bus/listeners/sys_logger.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.o -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.o `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c - -sys_logger.obj: bus/listeners/sys_logger.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.obj -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.obj `if test -f 'bus/listeners/sys_logger.c'; then $(CYGPATH_W) 'bus/listeners/sys_logger.c'; else $(CYGPATH_W) '$(srcdir)/bus/listeners/sys_logger.c'; fi` - -backend_manager.o: config/backend_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.o -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.o `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c - -backend_manager.obj: config/backend_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.obj -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.obj `if test -f 'config/backend_manager.c'; then $(CYGPATH_W) 'config/backend_manager.c'; else $(CYGPATH_W) '$(srcdir)/config/backend_manager.c'; fi` - -child_cfg.o: config/child_cfg.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.o -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.o `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c - -child_cfg.obj: config/child_cfg.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.obj -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.obj `if test -f 'config/child_cfg.c'; then $(CYGPATH_W) 'config/child_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/child_cfg.c'; fi` - -ike_cfg.o: config/ike_cfg.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.o -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.o `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c - -ike_cfg.obj: config/ike_cfg.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.obj -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.obj `if test -f 'config/ike_cfg.c'; then $(CYGPATH_W) 'config/ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/ike_cfg.c'; fi` - -peer_cfg.o: config/peer_cfg.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.o -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.o `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c - -peer_cfg.obj: config/peer_cfg.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.obj -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.obj `if test -f 'config/peer_cfg.c'; then $(CYGPATH_W) 'config/peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/peer_cfg.c'; fi` - -proposal.o: config/proposal.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.o -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/proposal.c' object='proposal.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.o `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c - -proposal.obj: config/proposal.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.obj -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/proposal.c' object='proposal.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.obj `if test -f 'config/proposal.c'; then $(CYGPATH_W) 'config/proposal.c'; else $(CYGPATH_W) '$(srcdir)/config/proposal.c'; fi` - -auth_cfg.o: config/auth_cfg.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.o -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.o `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/auth_cfg.c' object='auth_cfg.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.o `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c - -auth_cfg.obj: config/auth_cfg.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.obj -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.obj `if test -f 'config/auth_cfg.c'; then $(CYGPATH_W) 'config/auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/auth_cfg.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/auth_cfg.c' object='auth_cfg.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.obj `if test -f 'config/auth_cfg.c'; then $(CYGPATH_W) 'config/auth_cfg.c'; else $(CYGPATH_W) '$(srcdir)/config/auth_cfg.c'; fi` - -controller.o: control/controller.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.o -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.o `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/controller.c' object='controller.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.o `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c - -controller.obj: control/controller.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.obj -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.obj `if test -f 'control/controller.c'; then $(CYGPATH_W) 'control/controller.c'; else $(CYGPATH_W) '$(srcdir)/control/controller.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/controller.c' object='controller.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.obj `if test -f 'control/controller.c'; then $(CYGPATH_W) 'control/controller.c'; else $(CYGPATH_W) '$(srcdir)/control/controller.c'; fi` - -generator.o: encoding/generator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.o -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.o `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c - -generator.obj: encoding/generator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.obj -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.obj `if test -f 'encoding/generator.c'; then $(CYGPATH_W) 'encoding/generator.c'; else $(CYGPATH_W) '$(srcdir)/encoding/generator.c'; fi` - -message.o: encoding/message.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.o -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.o `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c - -message.obj: encoding/message.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.obj -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.obj `if test -f 'encoding/message.c'; then $(CYGPATH_W) 'encoding/message.c'; else $(CYGPATH_W) '$(srcdir)/encoding/message.c'; fi` - -parser.o: encoding/parser.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.o -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.o `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c - -parser.obj: encoding/parser.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.obj -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.obj `if test -f 'encoding/parser.c'; then $(CYGPATH_W) 'encoding/parser.c'; else $(CYGPATH_W) '$(srcdir)/encoding/parser.c'; fi` - -auth_payload.o: encoding/payloads/auth_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.o -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.o `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c - -auth_payload.obj: encoding/payloads/auth_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.obj -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.obj `if test -f 'encoding/payloads/auth_payload.c'; then $(CYGPATH_W) 'encoding/payloads/auth_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/auth_payload.c'; fi` - -cert_payload.o: encoding/payloads/cert_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.o -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.o `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c - -cert_payload.obj: encoding/payloads/cert_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.obj -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.obj `if test -f 'encoding/payloads/cert_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cert_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cert_payload.c'; fi` - -certreq_payload.o: encoding/payloads/certreq_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.o -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.o `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c - -certreq_payload.obj: encoding/payloads/certreq_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.obj -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.obj `if test -f 'encoding/payloads/certreq_payload.c'; then $(CYGPATH_W) 'encoding/payloads/certreq_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/certreq_payload.c'; fi` - -configuration_attribute.o: encoding/payloads/configuration_attribute.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.o -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.o `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c - -configuration_attribute.obj: encoding/payloads/configuration_attribute.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.obj -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.obj `if test -f 'encoding/payloads/configuration_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/configuration_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/configuration_attribute.c'; fi` - -cp_payload.o: encoding/payloads/cp_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.o -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.o `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c - -cp_payload.obj: encoding/payloads/cp_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.obj -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.obj `if test -f 'encoding/payloads/cp_payload.c'; then $(CYGPATH_W) 'encoding/payloads/cp_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/cp_payload.c'; fi` - -delete_payload.o: encoding/payloads/delete_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.o -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.o `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c - -delete_payload.obj: encoding/payloads/delete_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.obj -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.obj `if test -f 'encoding/payloads/delete_payload.c'; then $(CYGPATH_W) 'encoding/payloads/delete_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/delete_payload.c'; fi` - -eap_payload.o: encoding/payloads/eap_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.o -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.o `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c - -eap_payload.obj: encoding/payloads/eap_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.obj -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.obj `if test -f 'encoding/payloads/eap_payload.c'; then $(CYGPATH_W) 'encoding/payloads/eap_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/eap_payload.c'; fi` - -encodings.o: encoding/payloads/encodings.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.o -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.o `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c - -encodings.obj: encoding/payloads/encodings.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.obj -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.obj `if test -f 'encoding/payloads/encodings.c'; then $(CYGPATH_W) 'encoding/payloads/encodings.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encodings.c'; fi` - -encryption_payload.o: encoding/payloads/encryption_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.o -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.o `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c - -encryption_payload.obj: encoding/payloads/encryption_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.obj -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.obj `if test -f 'encoding/payloads/encryption_payload.c'; then $(CYGPATH_W) 'encoding/payloads/encryption_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/encryption_payload.c'; fi` - -id_payload.o: encoding/payloads/id_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.o -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.o `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c - -id_payload.obj: encoding/payloads/id_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.obj -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.obj `if test -f 'encoding/payloads/id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/id_payload.c'; fi` - -ike_header.o: encoding/payloads/ike_header.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.o -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.o `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c - -ike_header.obj: encoding/payloads/ike_header.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.obj -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.obj `if test -f 'encoding/payloads/ike_header.c'; then $(CYGPATH_W) 'encoding/payloads/ike_header.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ike_header.c'; fi` - -ke_payload.o: encoding/payloads/ke_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.o -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.o `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c - -ke_payload.obj: encoding/payloads/ke_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.obj -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.obj `if test -f 'encoding/payloads/ke_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ke_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ke_payload.c'; fi` - -nonce_payload.o: encoding/payloads/nonce_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.o -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.o `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c - -nonce_payload.obj: encoding/payloads/nonce_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.obj -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.obj `if test -f 'encoding/payloads/nonce_payload.c'; then $(CYGPATH_W) 'encoding/payloads/nonce_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/nonce_payload.c'; fi` - -notify_payload.o: encoding/payloads/notify_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.o -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.o `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c - -notify_payload.obj: encoding/payloads/notify_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.obj -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.obj `if test -f 'encoding/payloads/notify_payload.c'; then $(CYGPATH_W) 'encoding/payloads/notify_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/notify_payload.c'; fi` - -payload.o: encoding/payloads/payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.o -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.o `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c - -payload.obj: encoding/payloads/payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.obj -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.obj `if test -f 'encoding/payloads/payload.c'; then $(CYGPATH_W) 'encoding/payloads/payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/payload.c'; fi` - -proposal_substructure.o: encoding/payloads/proposal_substructure.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.o -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.o `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c - -proposal_substructure.obj: encoding/payloads/proposal_substructure.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.obj -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.obj `if test -f 'encoding/payloads/proposal_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/proposal_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/proposal_substructure.c'; fi` - -sa_payload.o: encoding/payloads/sa_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.o -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.o `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c - -sa_payload.obj: encoding/payloads/sa_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.obj -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.obj `if test -f 'encoding/payloads/sa_payload.c'; then $(CYGPATH_W) 'encoding/payloads/sa_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/sa_payload.c'; fi` - -traffic_selector_substructure.o: encoding/payloads/traffic_selector_substructure.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.o -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.o `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c - -traffic_selector_substructure.obj: encoding/payloads/traffic_selector_substructure.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.obj -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.obj `if test -f 'encoding/payloads/traffic_selector_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/traffic_selector_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/traffic_selector_substructure.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.obj `if test -f 'encoding/payloads/traffic_selector_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/traffic_selector_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/traffic_selector_substructure.c'; fi` - -transform_attribute.o: encoding/payloads/transform_attribute.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.o -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.o `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_attribute.c' object='transform_attribute.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.o `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c - -transform_attribute.obj: encoding/payloads/transform_attribute.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.obj -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_attribute.c' object='transform_attribute.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.obj `if test -f 'encoding/payloads/transform_attribute.c'; then $(CYGPATH_W) 'encoding/payloads/transform_attribute.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_attribute.c'; fi` - -transform_substructure.o: encoding/payloads/transform_substructure.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.o -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_substructure.c' object='transform_substructure.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.o `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c - -transform_substructure.obj: encoding/payloads/transform_substructure.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.obj -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_substructure.c' object='transform_substructure.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.obj `if test -f 'encoding/payloads/transform_substructure.c'; then $(CYGPATH_W) 'encoding/payloads/transform_substructure.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/transform_substructure.c'; fi` - -ts_payload.o: encoding/payloads/ts_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.o -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.o `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c - -ts_payload.obj: encoding/payloads/ts_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.obj -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.obj `if test -f 'encoding/payloads/ts_payload.c'; then $(CYGPATH_W) 'encoding/payloads/ts_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/ts_payload.c'; fi` - -unknown_payload.o: encoding/payloads/unknown_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.o -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.o `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c - -unknown_payload.obj: encoding/payloads/unknown_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.obj -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.obj `if test -f 'encoding/payloads/unknown_payload.c'; then $(CYGPATH_W) 'encoding/payloads/unknown_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/unknown_payload.c'; fi` - -vendor_id_payload.o: encoding/payloads/vendor_id_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.o -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.o `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c - -vendor_id_payload.obj: encoding/payloads/vendor_id_payload.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.obj -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.obj `if test -f 'encoding/payloads/vendor_id_payload.c'; then $(CYGPATH_W) 'encoding/payloads/vendor_id_payload.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/vendor_id_payload.c'; fi` - -kernel_interface.o: kernel/kernel_interface.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.o -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.o `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c - -kernel_interface.obj: kernel/kernel_interface.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.obj -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.obj `if test -f 'kernel/kernel_interface.c'; then $(CYGPATH_W) 'kernel/kernel_interface.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_interface.c'; fi` - -kernel_ipsec.o: kernel/kernel_ipsec.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.o -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.o `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_ipsec.c' object='kernel_ipsec.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.o `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c - -kernel_ipsec.obj: kernel/kernel_ipsec.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.obj -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.obj `if test -f 'kernel/kernel_ipsec.c'; then $(CYGPATH_W) 'kernel/kernel_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_ipsec.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_ipsec.c' object='kernel_ipsec.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.obj `if test -f 'kernel/kernel_ipsec.c'; then $(CYGPATH_W) 'kernel/kernel_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/kernel/kernel_ipsec.c'; fi` - -packet.o: network/packet.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.o -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.o `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c - -packet.obj: network/packet.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.obj -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.obj `if test -f 'network/packet.c'; then $(CYGPATH_W) 'network/packet.c'; else $(CYGPATH_W) '$(srcdir)/network/packet.c'; fi` - -receiver.o: network/receiver.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.o -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.o `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c - -receiver.obj: network/receiver.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.obj -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.obj `if test -f 'network/receiver.c'; then $(CYGPATH_W) 'network/receiver.c'; else $(CYGPATH_W) '$(srcdir)/network/receiver.c'; fi` - -sender.o: network/sender.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.o -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.o `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c - -sender.obj: network/sender.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.obj -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.obj `if test -f 'network/sender.c'; then $(CYGPATH_W) 'network/sender.c'; else $(CYGPATH_W) '$(srcdir)/network/sender.c'; fi` - -acquire_job.o: processing/jobs/acquire_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.o -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.o `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c - -acquire_job.obj: processing/jobs/acquire_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.obj -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.obj `if test -f 'processing/jobs/acquire_job.c'; then $(CYGPATH_W) 'processing/jobs/acquire_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/acquire_job.c'; fi` - -callback_job.o: processing/jobs/callback_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.o -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.o `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.o `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c - -callback_job.obj: processing/jobs/callback_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.obj -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.obj `if test -f 'processing/jobs/callback_job.c'; then $(CYGPATH_W) 'processing/jobs/callback_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/callback_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.obj `if test -f 'processing/jobs/callback_job.c'; then $(CYGPATH_W) 'processing/jobs/callback_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/callback_job.c'; fi` - -delete_child_sa_job.o: processing/jobs/delete_child_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.o -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.o `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c - -delete_child_sa_job.obj: processing/jobs/delete_child_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.obj -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.obj `if test -f 'processing/jobs/delete_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_child_sa_job.c'; fi` - -delete_ike_sa_job.o: processing/jobs/delete_ike_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.o -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.o `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c - -delete_ike_sa_job.obj: processing/jobs/delete_ike_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.obj -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.obj `if test -f 'processing/jobs/delete_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/delete_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/delete_ike_sa_job.c'; fi` - -migrate_job.o: processing/jobs/migrate_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.o -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.o `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/migrate_job.c' object='migrate_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.o `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c - -migrate_job.obj: processing/jobs/migrate_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.obj -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.obj `if test -f 'processing/jobs/migrate_job.c'; then $(CYGPATH_W) 'processing/jobs/migrate_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/migrate_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/migrate_job.c' object='migrate_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.obj `if test -f 'processing/jobs/migrate_job.c'; then $(CYGPATH_W) 'processing/jobs/migrate_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/migrate_job.c'; fi` - -process_message_job.o: processing/jobs/process_message_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.o -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.o `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c - -process_message_job.obj: processing/jobs/process_message_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.obj -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.obj `if test -f 'processing/jobs/process_message_job.c'; then $(CYGPATH_W) 'processing/jobs/process_message_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/process_message_job.c'; fi` - -rekey_child_sa_job.o: processing/jobs/rekey_child_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.o -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.o `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c - -rekey_child_sa_job.obj: processing/jobs/rekey_child_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.obj -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.obj `if test -f 'processing/jobs/rekey_child_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_child_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_child_sa_job.c'; fi` - -rekey_ike_sa_job.o: processing/jobs/rekey_ike_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.o -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.o `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c - -rekey_ike_sa_job.obj: processing/jobs/rekey_ike_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.obj -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.obj `if test -f 'processing/jobs/rekey_ike_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/rekey_ike_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/rekey_ike_sa_job.c'; fi` - -retransmit_job.o: processing/jobs/retransmit_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.o -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.o `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c - -retransmit_job.obj: processing/jobs/retransmit_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.obj -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.obj `if test -f 'processing/jobs/retransmit_job.c'; then $(CYGPATH_W) 'processing/jobs/retransmit_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/retransmit_job.c'; fi` - -send_dpd_job.o: processing/jobs/send_dpd_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.o -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.o `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c - -send_dpd_job.obj: processing/jobs/send_dpd_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.obj -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.obj `if test -f 'processing/jobs/send_dpd_job.c'; then $(CYGPATH_W) 'processing/jobs/send_dpd_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_dpd_job.c'; fi` - -send_keepalive_job.o: processing/jobs/send_keepalive_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.o -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.o `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c - -send_keepalive_job.obj: processing/jobs/send_keepalive_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.obj -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.obj `if test -f 'processing/jobs/send_keepalive_job.c'; then $(CYGPATH_W) 'processing/jobs/send_keepalive_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/send_keepalive_job.c'; fi` - -roam_job.o: processing/jobs/roam_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.o -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.o `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/roam_job.c' object='roam_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.o `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c - -roam_job.obj: processing/jobs/roam_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.obj -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.obj `if test -f 'processing/jobs/roam_job.c'; then $(CYGPATH_W) 'processing/jobs/roam_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/roam_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/roam_job.c' object='roam_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.obj `if test -f 'processing/jobs/roam_job.c'; then $(CYGPATH_W) 'processing/jobs/roam_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/roam_job.c'; fi` - -update_sa_job.o: processing/jobs/update_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.o -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.o `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/update_sa_job.c' object='update_sa_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.o `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c - -update_sa_job.obj: processing/jobs/update_sa_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.obj -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.obj `if test -f 'processing/jobs/update_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/update_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/update_sa_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/update_sa_job.c' object='update_sa_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.obj `if test -f 'processing/jobs/update_sa_job.c'; then $(CYGPATH_W) 'processing/jobs/update_sa_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/update_sa_job.c'; fi` - -inactivity_job.o: processing/jobs/inactivity_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.o -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.o `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/inactivity_job.c' object='inactivity_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.o `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c - -inactivity_job.obj: processing/jobs/inactivity_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.obj -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.obj `if test -f 'processing/jobs/inactivity_job.c'; then $(CYGPATH_W) 'processing/jobs/inactivity_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/inactivity_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/inactivity_job.c' object='inactivity_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.obj `if test -f 'processing/jobs/inactivity_job.c'; then $(CYGPATH_W) 'processing/jobs/inactivity_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/inactivity_job.c'; fi` - -scheduler.o: processing/scheduler.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.o -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.o `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c - -scheduler.obj: processing/scheduler.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.obj -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.obj `if test -f 'processing/scheduler.c'; then $(CYGPATH_W) 'processing/scheduler.c'; else $(CYGPATH_W) '$(srcdir)/processing/scheduler.c'; fi` - -processor.o: processing/processor.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.o -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.o `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.o `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c - -processor.obj: processing/processor.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.obj -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.obj `if test -f 'processing/processor.c'; then $(CYGPATH_W) 'processing/processor.c'; else $(CYGPATH_W) '$(srcdir)/processing/processor.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.obj `if test -f 'processing/processor.c'; then $(CYGPATH_W) 'processing/processor.c'; else $(CYGPATH_W) '$(srcdir)/processing/processor.c'; fi` - -authenticator.o: sa/authenticators/authenticator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.o -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.o `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c - -authenticator.obj: sa/authenticators/authenticator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.obj -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.obj `if test -f 'sa/authenticators/authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/authenticator.c'; fi` - -eap_authenticator.o: sa/authenticators/eap_authenticator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.o -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.o `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c - -eap_authenticator.obj: sa/authenticators/eap_authenticator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.obj -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.obj `if test -f 'sa/authenticators/eap_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/eap_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap_authenticator.c'; fi` - -eap_method.o: sa/authenticators/eap/eap_method.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.o -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.o `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c - -eap_method.obj: sa/authenticators/eap/eap_method.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.obj -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.obj `if test -f 'sa/authenticators/eap/eap_method.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_method.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_method.c'; fi` - -eap_manager.o: sa/authenticators/eap/eap_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.o -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.o `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_manager.c' object='eap_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.o `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c - -eap_manager.obj: sa/authenticators/eap/eap_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.obj -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.obj `if test -f 'sa/authenticators/eap/eap_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_manager.c' object='eap_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.obj `if test -f 'sa/authenticators/eap/eap_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/eap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/eap_manager.c'; fi` - -sim_manager.o: sa/authenticators/eap/sim_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.o -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.o `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/sim_manager.c' object='sim_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.o `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c - -sim_manager.obj: sa/authenticators/eap/sim_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.obj -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.obj `if test -f 'sa/authenticators/eap/sim_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/sim_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/sim_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/sim_manager.c' object='sim_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.obj `if test -f 'sa/authenticators/eap/sim_manager.c'; then $(CYGPATH_W) 'sa/authenticators/eap/sim_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/eap/sim_manager.c'; fi` - -psk_authenticator.o: sa/authenticators/psk_authenticator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.o -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.o `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c - -psk_authenticator.obj: sa/authenticators/psk_authenticator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.obj -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.obj `if test -f 'sa/authenticators/psk_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/psk_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/psk_authenticator.c'; fi` - -pubkey_authenticator.o: sa/authenticators/pubkey_authenticator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.o -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.o `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.o `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c - -pubkey_authenticator.obj: sa/authenticators/pubkey_authenticator.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.obj -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.obj `if test -f 'sa/authenticators/pubkey_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/pubkey_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/pubkey_authenticator.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.obj `if test -f 'sa/authenticators/pubkey_authenticator.c'; then $(CYGPATH_W) 'sa/authenticators/pubkey_authenticator.c'; else $(CYGPATH_W) '$(srcdir)/sa/authenticators/pubkey_authenticator.c'; fi` - -child_sa.o: sa/child_sa.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.o -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.o `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c - -child_sa.obj: sa/child_sa.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.obj -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.obj `if test -f 'sa/child_sa.c'; then $(CYGPATH_W) 'sa/child_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/child_sa.c'; fi` - -ike_sa.o: sa/ike_sa.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.o -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.o `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c - -ike_sa.obj: sa/ike_sa.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.obj -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.obj `if test -f 'sa/ike_sa.c'; then $(CYGPATH_W) 'sa/ike_sa.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa.c'; fi` - -ike_sa_id.o: sa/ike_sa_id.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.o -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.o `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c - -ike_sa_id.obj: sa/ike_sa_id.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.obj -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.obj `if test -f 'sa/ike_sa_id.c'; then $(CYGPATH_W) 'sa/ike_sa_id.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_id.c'; fi` - -ike_sa_manager.o: sa/ike_sa_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.o -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.o `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c - -ike_sa_manager.obj: sa/ike_sa_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.obj -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.obj `if test -f 'sa/ike_sa_manager.c'; then $(CYGPATH_W) 'sa/ike_sa_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/ike_sa_manager.c'; fi` - -task_manager.o: sa/task_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.o -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.o `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c - -task_manager.obj: sa/task_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.obj -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.obj `if test -f 'sa/task_manager.c'; then $(CYGPATH_W) 'sa/task_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/task_manager.c'; fi` - -keymat.o: sa/keymat.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.o -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.o `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/keymat.c' object='keymat.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.o `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c - -keymat.obj: sa/keymat.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.obj -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.obj `if test -f 'sa/keymat.c'; then $(CYGPATH_W) 'sa/keymat.c'; else $(CYGPATH_W) '$(srcdir)/sa/keymat.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/keymat.c' object='keymat.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.obj `if test -f 'sa/keymat.c'; then $(CYGPATH_W) 'sa/keymat.c'; else $(CYGPATH_W) '$(srcdir)/sa/keymat.c'; fi` - -trap_manager.o: sa/trap_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.o -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.o `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/trap_manager.c' object='trap_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.o `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c - -trap_manager.obj: sa/trap_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.obj -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.obj `if test -f 'sa/trap_manager.c'; then $(CYGPATH_W) 'sa/trap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/trap_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/trap_manager.c' object='trap_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.obj `if test -f 'sa/trap_manager.c'; then $(CYGPATH_W) 'sa/trap_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/trap_manager.c'; fi` - -child_create.o: sa/tasks/child_create.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.o -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.o `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c - -child_create.obj: sa/tasks/child_create.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.obj -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.obj `if test -f 'sa/tasks/child_create.c'; then $(CYGPATH_W) 'sa/tasks/child_create.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_create.c'; fi` - -child_delete.o: sa/tasks/child_delete.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.o -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.o `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c - -child_delete.obj: sa/tasks/child_delete.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.obj -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.obj `if test -f 'sa/tasks/child_delete.c'; then $(CYGPATH_W) 'sa/tasks/child_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_delete.c'; fi` - -child_rekey.o: sa/tasks/child_rekey.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.o -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.o `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c - -child_rekey.obj: sa/tasks/child_rekey.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.obj -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.obj `if test -f 'sa/tasks/child_rekey.c'; then $(CYGPATH_W) 'sa/tasks/child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/child_rekey.c'; fi` - -ike_auth.o: sa/tasks/ike_auth.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.o -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.o `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c - -ike_auth.obj: sa/tasks/ike_auth.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.obj -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.obj `if test -f 'sa/tasks/ike_auth.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth.c'; fi` - -ike_cert_pre.o: sa/tasks/ike_cert_pre.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.o -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.o `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.o `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c - -ike_cert_pre.obj: sa/tasks/ike_cert_pre.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.obj -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.obj `if test -f 'sa/tasks/ike_cert_pre.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_pre.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_pre.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.obj `if test -f 'sa/tasks/ike_cert_pre.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_pre.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_pre.c'; fi` - -ike_cert_post.o: sa/tasks/ike_cert_post.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.o -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.o `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_post.c' object='ike_cert_post.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.o `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c - -ike_cert_post.obj: sa/tasks/ike_cert_post.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.obj -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.obj `if test -f 'sa/tasks/ike_cert_post.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_post.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_post.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_post.c' object='ike_cert_post.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.obj `if test -f 'sa/tasks/ike_cert_post.c'; then $(CYGPATH_W) 'sa/tasks/ike_cert_post.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_cert_post.c'; fi` - -ike_config.o: sa/tasks/ike_config.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.o -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.o `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c - -ike_config.obj: sa/tasks/ike_config.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.obj -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.obj `if test -f 'sa/tasks/ike_config.c'; then $(CYGPATH_W) 'sa/tasks/ike_config.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_config.c'; fi` - -ike_delete.o: sa/tasks/ike_delete.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.o -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.o `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c - -ike_delete.obj: sa/tasks/ike_delete.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.obj -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.obj `if test -f 'sa/tasks/ike_delete.c'; then $(CYGPATH_W) 'sa/tasks/ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_delete.c'; fi` - -ike_dpd.o: sa/tasks/ike_dpd.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.o -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.o `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c - -ike_dpd.obj: sa/tasks/ike_dpd.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.obj -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.obj `if test -f 'sa/tasks/ike_dpd.c'; then $(CYGPATH_W) 'sa/tasks/ike_dpd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_dpd.c'; fi` - -ike_init.o: sa/tasks/ike_init.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.o -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.o `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c - -ike_init.obj: sa/tasks/ike_init.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.obj -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.obj `if test -f 'sa/tasks/ike_init.c'; then $(CYGPATH_W) 'sa/tasks/ike_init.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_init.c'; fi` - -ike_natd.o: sa/tasks/ike_natd.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.o -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.o `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c - -ike_natd.obj: sa/tasks/ike_natd.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.obj -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.obj `if test -f 'sa/tasks/ike_natd.c'; then $(CYGPATH_W) 'sa/tasks/ike_natd.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_natd.c'; fi` - -ike_mobike.o: sa/tasks/ike_mobike.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.o -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.o `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_mobike.c' object='ike_mobike.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.o `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c - -ike_mobike.obj: sa/tasks/ike_mobike.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.obj -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.obj `if test -f 'sa/tasks/ike_mobike.c'; then $(CYGPATH_W) 'sa/tasks/ike_mobike.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_mobike.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_mobike.c' object='ike_mobike.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.obj `if test -f 'sa/tasks/ike_mobike.c'; then $(CYGPATH_W) 'sa/tasks/ike_mobike.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_mobike.c'; fi` - -ike_rekey.o: sa/tasks/ike_rekey.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.o -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.o `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c - -ike_rekey.obj: sa/tasks/ike_rekey.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.obj -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.obj `if test -f 'sa/tasks/ike_rekey.c'; then $(CYGPATH_W) 'sa/tasks/ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_rekey.c'; fi` - -ike_reauth.o: sa/tasks/ike_reauth.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.o -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.o `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_reauth.c' object='ike_reauth.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.o `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c - -ike_reauth.obj: sa/tasks/ike_reauth.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.obj -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.obj `if test -f 'sa/tasks/ike_reauth.c'; then $(CYGPATH_W) 'sa/tasks/ike_reauth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_reauth.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_reauth.c' object='ike_reauth.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.obj `if test -f 'sa/tasks/ike_reauth.c'; then $(CYGPATH_W) 'sa/tasks/ike_reauth.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_reauth.c'; fi` - -ike_auth_lifetime.o: sa/tasks/ike_auth_lifetime.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.o -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.o `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.o `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c - -ike_auth_lifetime.obj: sa/tasks/ike_auth_lifetime.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.obj -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.obj `if test -f 'sa/tasks/ike_auth_lifetime.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth_lifetime.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth_lifetime.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.obj `if test -f 'sa/tasks/ike_auth_lifetime.c'; then $(CYGPATH_W) 'sa/tasks/ike_auth_lifetime.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_auth_lifetime.c'; fi` - -ike_vendor.o: sa/tasks/ike_vendor.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.o -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.o `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_vendor.c' object='ike_vendor.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.o `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c - -ike_vendor.obj: sa/tasks/ike_vendor.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.obj -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.obj `if test -f 'sa/tasks/ike_vendor.c'; then $(CYGPATH_W) 'sa/tasks/ike_vendor.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_vendor.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_vendor.c' object='ike_vendor.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.obj `if test -f 'sa/tasks/ike_vendor.c'; then $(CYGPATH_W) 'sa/tasks/ike_vendor.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_vendor.c'; fi` - -task.o: sa/tasks/task.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.o -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.o `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c - -task.obj: sa/tasks/task.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.obj -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.obj `if test -f 'sa/tasks/task.c'; then $(CYGPATH_W) 'sa/tasks/task.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/task.c'; fi` - -credential_manager.o: credentials/credential_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.o -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.o `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_manager.c' object='credential_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.o `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c - -credential_manager.obj: credentials/credential_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.obj -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.obj `if test -f 'credentials/credential_manager.c'; then $(CYGPATH_W) 'credentials/credential_manager.c'; else $(CYGPATH_W) '$(srcdir)/credentials/credential_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_manager.c' object='credential_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.obj `if test -f 'credentials/credential_manager.c'; then $(CYGPATH_W) 'credentials/credential_manager.c'; else $(CYGPATH_W) '$(srcdir)/credentials/credential_manager.c'; fi` - -auth_cfg_wrapper.o: credentials/sets/auth_cfg_wrapper.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.o -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.o `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.o `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c - -auth_cfg_wrapper.obj: credentials/sets/auth_cfg_wrapper.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.obj -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.obj `if test -f 'credentials/sets/auth_cfg_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/auth_cfg_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/auth_cfg_wrapper.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.obj `if test -f 'credentials/sets/auth_cfg_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/auth_cfg_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/auth_cfg_wrapper.c'; fi` - -ocsp_response_wrapper.o: credentials/sets/ocsp_response_wrapper.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.o -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.o `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.o `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c - -ocsp_response_wrapper.obj: credentials/sets/ocsp_response_wrapper.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.obj -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.obj `if test -f 'credentials/sets/ocsp_response_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/ocsp_response_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/ocsp_response_wrapper.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.obj `if test -f 'credentials/sets/ocsp_response_wrapper.c'; then $(CYGPATH_W) 'credentials/sets/ocsp_response_wrapper.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/ocsp_response_wrapper.c'; fi` - -cert_cache.o: credentials/sets/cert_cache.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.o -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.o `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/cert_cache.c' object='cert_cache.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.o `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c - -cert_cache.obj: credentials/sets/cert_cache.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.obj -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.obj `if test -f 'credentials/sets/cert_cache.c'; then $(CYGPATH_W) 'credentials/sets/cert_cache.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/cert_cache.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/cert_cache.c' object='cert_cache.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.obj `if test -f 'credentials/sets/cert_cache.c'; then $(CYGPATH_W) 'credentials/sets/cert_cache.c'; else $(CYGPATH_W) '$(srcdir)/credentials/sets/cert_cache.c'; fi` - -socket-raw.o: network/socket-raw.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket-raw.o -MD -MP -MF $(DEPDIR)/socket-raw.Tpo -c -o socket-raw.o `test -f 'network/socket-raw.c' || echo '$(srcdir)/'`network/socket-raw.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket-raw.c' object='socket-raw.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket-raw.o `test -f 'network/socket-raw.c' || echo '$(srcdir)/'`network/socket-raw.c - -socket-raw.obj: network/socket-raw.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket-raw.obj -MD -MP -MF $(DEPDIR)/socket-raw.Tpo -c -o socket-raw.obj `if test -f 'network/socket-raw.c'; then $(CYGPATH_W) 'network/socket-raw.c'; else $(CYGPATH_W) '$(srcdir)/network/socket-raw.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket-raw.Tpo $(DEPDIR)/socket-raw.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket-raw.c' object='socket-raw.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket-raw.obj `if test -f 'network/socket-raw.c'; then $(CYGPATH_W) 'network/socket-raw.c'; else $(CYGPATH_W) '$(srcdir)/network/socket-raw.c'; fi` - -socket.o: network/socket.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.o -MD -MP -MF $(DEPDIR)/socket.Tpo -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.o `test -f 'network/socket.c' || echo '$(srcdir)/'`network/socket.c - -socket.obj: network/socket.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket.obj -MD -MP -MF $(DEPDIR)/socket.Tpo -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket.Tpo $(DEPDIR)/socket.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket.c' object='socket.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket.obj `if test -f 'network/socket.c'; then $(CYGPATH_W) 'network/socket.c'; else $(CYGPATH_W) '$(srcdir)/network/socket.c'; fi` - -endpoint_notify.o: encoding/payloads/endpoint_notify.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.o -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.o `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.o `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c - -endpoint_notify.obj: encoding/payloads/endpoint_notify.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.obj -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.obj `if test -f 'encoding/payloads/endpoint_notify.c'; then $(CYGPATH_W) 'encoding/payloads/endpoint_notify.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/endpoint_notify.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.obj `if test -f 'encoding/payloads/endpoint_notify.c'; then $(CYGPATH_W) 'encoding/payloads/endpoint_notify.c'; else $(CYGPATH_W) '$(srcdir)/encoding/payloads/endpoint_notify.c'; fi` - -initiate_mediation_job.o: processing/jobs/initiate_mediation_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.o -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.o `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.o `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c - -initiate_mediation_job.obj: processing/jobs/initiate_mediation_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.obj -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.obj `if test -f 'processing/jobs/initiate_mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/initiate_mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/initiate_mediation_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.obj `if test -f 'processing/jobs/initiate_mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/initiate_mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/initiate_mediation_job.c'; fi` - -mediation_job.o: processing/jobs/mediation_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.o -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.o `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/mediation_job.c' object='mediation_job.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.o `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c - -mediation_job.obj: processing/jobs/mediation_job.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.obj -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.obj `if test -f 'processing/jobs/mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/mediation_job.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/mediation_job.c' object='mediation_job.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.obj `if test -f 'processing/jobs/mediation_job.c'; then $(CYGPATH_W) 'processing/jobs/mediation_job.c'; else $(CYGPATH_W) '$(srcdir)/processing/jobs/mediation_job.c'; fi` - -connect_manager.o: sa/connect_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.o -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.o `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/connect_manager.c' object='connect_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.o `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c - -connect_manager.obj: sa/connect_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.obj -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.obj `if test -f 'sa/connect_manager.c'; then $(CYGPATH_W) 'sa/connect_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/connect_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/connect_manager.c' object='connect_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.obj `if test -f 'sa/connect_manager.c'; then $(CYGPATH_W) 'sa/connect_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/connect_manager.c'; fi` - -mediation_manager.o: sa/mediation_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.o -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.o `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/mediation_manager.c' object='mediation_manager.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.o `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c - -mediation_manager.obj: sa/mediation_manager.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.obj -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.obj `if test -f 'sa/mediation_manager.c'; then $(CYGPATH_W) 'sa/mediation_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/mediation_manager.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/mediation_manager.c' object='mediation_manager.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.obj `if test -f 'sa/mediation_manager.c'; then $(CYGPATH_W) 'sa/mediation_manager.c'; else $(CYGPATH_W) '$(srcdir)/sa/mediation_manager.c'; fi` - -ike_me.o: sa/tasks/ike_me.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.o -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.o `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_me.c' object='ike_me.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.o `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c - -ike_me.obj: sa/tasks/ike_me.c -@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.obj -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.obj `if test -f 'sa/tasks/ike_me.c'; then $(CYGPATH_W) 'sa/tasks/ike_me.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_me.c'; fi` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_me.c' object='ike_me.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.obj `if test -f 'sa/tasks/ike_me.c'; then $(CYGPATH_W) 'sa/tasks/ike_me.c'; else $(CYGPATH_W) '$(srcdir)/sa/tasks/ike_me.c'; fi` - mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -# This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -$(RECURSIVE_CLEAN_TARGETS): - @failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done - ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -2364,23 +379,10 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) mkid -fID $$unique tags: TAGS -TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ @@ -2399,7 +401,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ fi; \ fi ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -2449,51 +451,22 @@ distdir: $(DISTFILES) || exit 1; \ fi; \ done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done check-am: all-am -check: check-recursive +check: check-am all-am: Makefile $(PROGRAMS) -installdirs: installdirs-recursive -installdirs-am: +installdirs: for dir in "$(DESTDIR)$(ipsecdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -installcheck: installcheck-recursive +installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ @@ -2510,95 +483,92 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -clean: clean-recursive +clean: clean-am clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ mostlyclean-am -distclean: distclean-recursive +distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags -dvi: dvi-recursive +dvi: dvi-am dvi-am: -html: html-recursive +html: html-am html-am: -info: info-recursive +info: info-am info-am: install-data-am: install-ipsecPROGRAMS -install-dvi: install-dvi-recursive +install-dvi: install-dvi-am install-dvi-am: install-exec-am: -install-html: install-html-recursive +install-html: install-html-am install-html-am: -install-info: install-info-recursive +install-info: install-info-am install-info-am: install-man: -install-pdf: install-pdf-recursive +install-pdf: install-pdf-am install-pdf-am: -install-ps: install-ps-recursive +install-ps: install-ps-am install-ps-am: installcheck-am: -maintainer-clean: maintainer-clean-recursive +maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic -mostlyclean: mostlyclean-recursive +mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool -pdf: pdf-recursive +pdf: pdf-am pdf-am: -ps: ps-recursive +ps: ps-am ps-am: uninstall-am: uninstall-ipsecPROGRAMS -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ - install-am install-strip tags-recursive - -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am check check-am clean clean-generic \ - clean-ipsecPROGRAMS clean-libtool ctags ctags-recursive \ - distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipsecPROGRAMS install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ - uninstall-ipsecPROGRAMS +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-ipsecPROGRAMS clean-libtool ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-ipsecPROGRAMS # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/charon.c b/src/charon/charon.c new file mode 100644 index 000000000..9b552fb62 --- /dev/null +++ b/src/charon/charon.c @@ -0,0 +1,417 @@ +/* + * Copyright (C) 2006-2010 Tobias Brunner + * Copyright (C) 2005-2009 Martin Willi + * Copyright (C) 2006 Daniel Roethlisberger + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <stdio.h> +#ifdef HAVE_PRCTL +#include <sys/prctl.h> +#endif +#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */ +#include <signal.h> +#undef _POSIX_PTHREAD_SEMANTICS +#include <pthread.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> +#include <getopt.h> +#include <pwd.h> +#include <grp.h> + +#include <hydra.h> +#include <daemon.h> + +#include <library.h> +#include <utils/backtrace.h> +#include <threading/thread.h> + +/** + * PID file, in which charon stores its process id + */ +#define PID_FILE IPSEC_PIDDIR "/charon.pid" + +/** + * hook in library for debugging messages + */ +extern void (*dbg) (debug_t group, level_t level, char *fmt, ...); + +/** + * Logging hook for library logs, using stderr output + */ +static void dbg_stderr(debug_t group, level_t level, char *fmt, ...) +{ + va_list args; + + if (level <= 1) + { + va_start(args, fmt); + fprintf(stderr, "00[%N] ", debug_names, group); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); + va_end(args); + } +} + +/** + * Run the daemon and handle unix signals + */ +static void run() +{ + sigset_t set; + + /* handle SIGINT, SIGHUP ans SIGTERM in this handler */ + sigemptyset(&set); + sigaddset(&set, SIGINT); + sigaddset(&set, SIGHUP); + sigaddset(&set, SIGTERM); + sigprocmask(SIG_BLOCK, &set, NULL); + + while (TRUE) + { + int sig; + int error; + + error = sigwait(&set, &sig); + if (error) + { + DBG1(DBG_DMN, "error %d while waiting for a signal", error); + return; + } + switch (sig) + { + case SIGHUP: + { + DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored"); + break; + } + case SIGINT: + { + DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down"); + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig); + return; + } + case SIGTERM: + { + DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down"); + charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig); + return; + } + default: + { + DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig); + break; + } + } + } +} + +/** + * drop daemon capabilities + */ +static bool drop_capabilities() +{ +#ifdef HAVE_PRCTL + prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); +#endif + + if (setgid(charon->gid) != 0) + { + DBG1(DBG_DMN, "change to unprivileged group failed"); + return FALSE; + } + if (setuid(charon->uid) != 0) + { + DBG1(DBG_DMN, "change to unprivileged user failed"); + return FALSE; + } + if (!charon->drop_capabilities(charon)) + { + DBG1(DBG_DMN, "unable to drop daemon capabilities"); + return FALSE; + } + return TRUE; +} + +/** + * lookup UID and GID + */ +static bool lookup_uid_gid() +{ +#ifdef IPSEC_USER + { + char buf[1024]; + struct passwd passwd, *pwp; + + if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || + pwp == NULL) + { + DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed"); + return FALSE; + } + charon->uid = pwp->pw_uid; + } +#endif +#ifdef IPSEC_GROUP + { + char buf[1024]; + struct group group, *grp; + + if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || + grp == NULL) + { + DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed"); + return FALSE; + } + charon->gid = grp->gr_gid; + } +#endif + return TRUE; +} + +/** + * Handle SIGSEGV/SIGILL signals raised by threads + */ +static void segv_handler(int signal) +{ + backtrace_t *backtrace; + + DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal); + backtrace = backtrace_create(2); + backtrace->log(backtrace, stderr); + backtrace->destroy(backtrace); + + DBG1(DBG_DMN, "killing ourself, received critical signal"); + abort(); +} + +/** + * Check/create PID file, return TRUE if already running + */ +static bool check_pidfile() +{ + struct stat stb; + FILE *file; + + if (stat(PID_FILE, &stb) == 0) + { + file = fopen(PID_FILE, "r"); + if (file) + { + char buf[64]; + pid_t pid = 0; + + memset(buf, 0, sizeof(buf)); + if (fread(buf, 1, sizeof(buf), file)) + { + pid = atoi(buf); + } + fclose(file); + if (pid && kill(pid, 0) == 0) + { /* such a process is running */ + return TRUE; + } + } + DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running"); + unlink(PID_FILE); + } + + /* create new pidfile */ + file = fopen(PID_FILE, "w"); + if (file) + { + fprintf(file, "%d\n", getpid()); + ignore_result(fchown(fileno(file), charon->uid, charon->gid)); + fclose(file); + } + return FALSE; +} + +/** + * print command line usage and exit + */ +static void usage(const char *msg) +{ + if (msg != NULL && *msg != '\0') + { + fprintf(stderr, "%s\n", msg); + } + fprintf(stderr, "Usage: charon\n" + " [--help]\n" + " [--version]\n" + " [--use-syslog]\n" + " [--debug-<type> <level>]\n" + " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n" + " <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n" + " 2 = controlmore, 3 = raw, 4 = private)\n" + "\n" + ); + exit(msg == NULL? 0 : 1); +} + +/** + * Main function, starts the daemon. + */ +int main(int argc, char *argv[]) +{ + struct sigaction action; + bool use_syslog = FALSE; + level_t levels[DBG_MAX]; + int group, status = SS_RC_INITIALIZATION_FAILED; + + /* logging for library during initialization, as we have no bus yet */ + dbg = dbg_stderr; + + /* initialize library */ + if (!library_init(NULL)) + { + library_deinit(); + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "charon", argv[0])) + { + dbg_stderr(DBG_DMN, 1, "integrity check of charon failed"); + library_deinit(); + exit(SS_RC_DAEMON_INTEGRITY); + } + + if (!libhydra_init("charon")) + { + dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon"); + libhydra_deinit(); + library_deinit(); + exit(SS_RC_INITIALIZATION_FAILED); + } + + if (!libcharon_init()) + { + dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon"); + goto deinit; + } + + /* use CTRL loglevel for default */ + for (group = 0; group < DBG_MAX; group++) + { + levels[group] = LEVEL_CTRL; + } + + /* handle arguments */ + for (;;) + { + struct option long_opts[] = { + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'v' }, + { "use-syslog", no_argument, NULL, 'l' }, + /* TODO: handle "debug-all" */ + { "debug-dmn", required_argument, &group, DBG_DMN }, + { "debug-mgr", required_argument, &group, DBG_MGR }, + { "debug-ike", required_argument, &group, DBG_IKE }, + { "debug-chd", required_argument, &group, DBG_CHD }, + { "debug-job", required_argument, &group, DBG_JOB }, + { "debug-cfg", required_argument, &group, DBG_CFG }, + { "debug-knl", required_argument, &group, DBG_KNL }, + { "debug-net", required_argument, &group, DBG_NET }, + { "debug-enc", required_argument, &group, DBG_ENC }, + { "debug-lib", required_argument, &group, DBG_LIB }, + { 0,0,0,0 } + }; + + int c = getopt_long(argc, argv, "", long_opts, NULL); + switch (c) + { + case EOF: + break; + case 'h': + usage(NULL); + break; + case 'v': + printf("Linux strongSwan %s\n", VERSION); + status = 0; + goto deinit; + case 'l': + use_syslog = TRUE; + continue; + case 0: + /* option is in group */ + levels[group] = atoi(optarg); + continue; + default: + usage(""); + break; + } + break; + } + + if (!lookup_uid_gid()) + { + dbg_stderr(DBG_DMN, 1, "invalid uid/gid - aborting charon"); + goto deinit; + } + + /* initialize daemon */ + if (!charon->initialize(charon, use_syslog, levels)) + { + DBG1(DBG_DMN, "initialization failed - aborting charon"); + goto deinit; + } + + if (check_pidfile()) + { + DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)"); + status = -1; + goto deinit; + } + + if (!drop_capabilities()) + { + DBG1(DBG_DMN, "capability dropping failed - aborting charon"); + goto deinit; + } + + /* add handler for SEGV and ILL, + * INT, TERM and HUP are handled by sigwait() in run() */ + action.sa_handler = segv_handler; + action.sa_flags = 0; + sigemptyset(&action.sa_mask); + sigaddset(&action.sa_mask, SIGINT); + sigaddset(&action.sa_mask, SIGTERM); + sigaddset(&action.sa_mask, SIGHUP); + sigaction(SIGSEGV, &action, NULL); + sigaction(SIGILL, &action, NULL); + sigaction(SIGBUS, &action, NULL); + action.sa_handler = SIG_IGN; + sigaction(SIGPIPE, &action, NULL); + + pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL); + + /* start daemon (i.e. the threads in the thread-pool) */ + charon->start(charon); + + /* main thread goes to run loop */ + run(); + + /* normal termination, cleanup and exit */ + unlink(PID_FILE); + status = 0; + +deinit: + libcharon_deinit(); + libhydra_deinit(); + library_deinit(); + return status; +} + diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c deleted file mode 100644 index 99bf94e9b..000000000 --- a/src/charon/kernel/kernel_interface.c +++ /dev/null @@ -1,430 +0,0 @@ -/* - * Copyright (C) 2008-2009 Tobias Brunner - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "kernel_interface.h" - -#include <daemon.h> - -typedef struct private_kernel_interface_t private_kernel_interface_t; - -/** - * Private data of a kernel_interface_t object. - */ -struct private_kernel_interface_t { - - /** - * Public part of kernel_interface_t object. - */ - kernel_interface_t public; - - /** - * ipsec interface - */ - kernel_ipsec_t *ipsec; - - /** - * network interface - */ - kernel_net_t *net; -}; - -/** - * Implementation of kernel_interface_t.get_spi - */ -static status_t get_spi(private_kernel_interface_t *this, host_t *src, host_t *dst, - protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->get_spi(this->ipsec, src, dst, protocol, reqid, spi); -} - -/** - * Implementation of kernel_interface_t.get_cpi - */ -static status_t get_cpi(private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->get_cpi(this->ipsec, src, dst, reqid, cpi); -} - -/** - * Implementation of kernel_interface_t.add_sa - */ -static status_t add_sa(private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, - lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, - bool inbound, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, - lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi, - encap, inbound, src_ts, dst_ts); -} - -/** - * Implementation of kernel_interface_t.update_sa - */ -static status_t update_sa(private_kernel_interface_t *this, u_int32_t spi, - protocol_id_t protocol, u_int16_t cpi, host_t *src, host_t *dst, - host_t *new_src, host_t *new_dst, bool encap, bool new_encap) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst, - new_src, new_dst, encap, new_encap); -} - -/** - * Implementation of kernel_interface_t.query_sa - */ -static status_t query_sa(private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, bytes); -} - -/** - * Implementation of kernel_interface_t.del_sa - */ -static status_t del_sa(private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi); -} - -/** - * Implementation of kernel_interface_t.add_policy - */ -static status_t add_policy(private_kernel_interface_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, - u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool routed) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts, - direction, spi, protocol, reqid, mode, ipcomp, cpi, routed); -} - -/** - * Implementation of kernel_interface_t.query_policy - */ -static status_t query_policy(private_kernel_interface_t *this, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t *use_time) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts, direction, use_time); -} - -/** - * Implementation of kernel_interface_t.del_policy - */ -static status_t del_policy(private_kernel_interface_t *this, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, bool unrouted) -{ - if (!this->ipsec) - { - return NOT_SUPPORTED; - } - return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts, direction, unrouted); -} - -/** - * Implementation of kernel_interface_t.get_source_addr - */ -static host_t *get_source_addr(private_kernel_interface_t *this, - host_t *dest, host_t *src) -{ - if (!this->net) - { - return NULL; - } - return this->net->get_source_addr(this->net, dest, src); -} - -/** - * Implementation of kernel_interface_t.get_nexthop - */ -static host_t *get_nexthop(private_kernel_interface_t *this, host_t *dest) -{ - if (!this->net) - { - return NULL; - } - return this->net->get_nexthop(this->net, dest); -} - -/** - * Implementation of kernel_interface_t.get_interface - */ -static char* get_interface(private_kernel_interface_t *this, host_t *host) -{ - if (!this->net) - { - return NULL; - } - return this->net->get_interface(this->net, host); -} - -/** - * Implementation of kernel_interface_t.create_address_enumerator - */ -static enumerator_t *create_address_enumerator(private_kernel_interface_t *this, - bool include_down_ifaces, bool include_virtual_ips) -{ - if (!this->net) - { - return enumerator_create_empty(); - } - return this->net->create_address_enumerator(this->net, include_down_ifaces, - include_virtual_ips); -} - -/** - * Implementation of kernel_interface_t.add_ip - */ -static status_t add_ip(private_kernel_interface_t *this, host_t *virtual_ip, - host_t *iface_ip) -{ - if (!this->net) - { - return NOT_SUPPORTED; - } - return this->net->add_ip(this->net, virtual_ip, iface_ip); -} - -/** - * Implementation of kernel_interface_t.del_ip - */ -static status_t del_ip(private_kernel_interface_t *this, host_t *virtual_ip) -{ - if (!this->net) - { - return NOT_SUPPORTED; - } - return this->net->del_ip(this->net, virtual_ip); -} - -/** - * Implementation of kernel_interface_t.add_route - */ -static status_t add_route(private_kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) -{ - if (!this->net) - { - return NOT_SUPPORTED; - } - return this->net->add_route(this->net, dst_net, prefixlen, gateway, src_ip, - if_name); -} - -/** - * Implementation of kernel_interface_t.del_route - */ -static status_t del_route(private_kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) -{ - if (!this->net) - { - return NOT_SUPPORTED; - } - return this->net->del_route(this->net, dst_net, prefixlen, gateway, src_ip, - if_name); -} - - -/** - * Implementation of kernel_interface_t.get_address_by_ts - */ -static status_t get_address_by_ts(private_kernel_interface_t *this, - traffic_selector_t *ts, host_t **ip) -{ - enumerator_t *addrs; - host_t *host; - int family; - bool found = FALSE; - - DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts); - - /* if we have a family which includes localhost, we do not - * search for an IP, we use the default */ - family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6; - - if (family == AF_INET) - { - host = host_create_from_string("127.0.0.1", 0); - } - else - { - host = host_create_from_string("::1", 0); - } - - if (ts->includes(ts, host)) - { - *ip = host_create_any(family); - host->destroy(host); - DBG2(DBG_KNL, "using host %H", *ip); - return SUCCESS; - } - host->destroy(host); - - addrs = create_address_enumerator(this, TRUE, TRUE); - while (addrs->enumerate(addrs, (void**)&host)) - { - if (ts->includes(ts, host)) - { - found = TRUE; - *ip = host->clone(host); - break; - } - } - addrs->destroy(addrs); - - if (!found) - { - DBG1(DBG_KNL, "no local address found in traffic selector %R", ts); - return FAILED; - } - - DBG2(DBG_KNL, "using host %H", *ip); - return SUCCESS; -} - - -/** - * Implementation of kernel_interface_t.add_ipsec_interface. - */ -static void add_ipsec_interface(private_kernel_interface_t *this, - kernel_ipsec_constructor_t constructor) -{ - if (!this->ipsec) - { - this->ipsec = constructor(); - } -} - -/** - * Implementation of kernel_interface_t.remove_ipsec_interface. - */ -static void remove_ipsec_interface(private_kernel_interface_t *this, - kernel_ipsec_constructor_t constructor) -{ - /* TODO: replace if interface currently in use */ -} - -/** - * Implementation of kernel_interface_t.add_net_interface. - */ -static void add_net_interface(private_kernel_interface_t *this, - kernel_net_constructor_t constructor) -{ - if (!this->net) - { - this->net = constructor(); - } -} - -/** - * Implementation of kernel_interface_t.remove_net_interface. - */ -static void remove_net_interface(private_kernel_interface_t *this, - kernel_net_constructor_t constructor) -{ - /* TODO: replace if interface currently in use */ -} - -/** - * Implementation of kernel_interface_t.destroy. - */ -static void destroy(private_kernel_interface_t *this) -{ - DESTROY_IF(this->ipsec); - DESTROY_IF(this->net); - free(this); -} - -/* - * Described in header-file - */ -kernel_interface_t *kernel_interface_create() -{ - private_kernel_interface_t *this = malloc_thing(private_kernel_interface_t); - - this->public.get_spi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; - this->public.get_cpi = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.add_sa = (status_t(*)(kernel_interface_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; - this->public.update_sa = (status_t(*)(kernel_interface_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; - this->public.query_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; - this->public.del_sa = (status_t(*)(kernel_interface_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; - this->public.add_policy = (status_t(*)(kernel_interface_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; - this->public.query_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; - this->public.del_policy = (status_t(*)(kernel_interface_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - - this->public.get_source_addr = (host_t*(*)(kernel_interface_t*, host_t *dest, host_t *src))get_source_addr; - this->public.get_nexthop = (host_t*(*)(kernel_interface_t*, host_t *dest))get_nexthop; - this->public.get_interface = (char*(*)(kernel_interface_t*,host_t*))get_interface; - this->public.create_address_enumerator = (enumerator_t*(*)(kernel_interface_t*,bool,bool))create_address_enumerator; - this->public.add_ip = (status_t(*)(kernel_interface_t*,host_t*,host_t*)) add_ip; - this->public.del_ip = (status_t(*)(kernel_interface_t*,host_t*)) del_ip; - this->public.add_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) add_route; - this->public.del_route = (status_t(*)(kernel_interface_t*,chunk_t,u_int8_t,host_t*,host_t*,char*)) del_route; - - this->public.get_address_by_ts = (status_t(*)(kernel_interface_t*,traffic_selector_t*,host_t**))get_address_by_ts; - - this->public.add_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))add_ipsec_interface; - this->public.remove_ipsec_interface = (void(*)(kernel_interface_t*, kernel_ipsec_constructor_t))remove_ipsec_interface; - this->public.add_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))add_net_interface; - this->public.remove_net_interface = (void(*)(kernel_interface_t*, kernel_net_constructor_t))remove_net_interface; - - this->public.destroy = (void (*)(kernel_interface_t*))destroy; - - this->ipsec = NULL; - this->net = NULL; - - return &this->public; -} diff --git a/src/charon/network/packet.c b/src/charon/network/packet.c deleted file mode 100644 index 19a62603d..000000000 --- a/src/charon/network/packet.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (C) 2005-2006 Martin Willi - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "packet.h" - -typedef struct private_packet_t private_packet_t; - -/** - * Private data of an packet_t object. - */ -struct private_packet_t { - - /** - * Public part of a packet_t object. - */ - packet_t public; - - /** - * source address - */ - host_t *source; - - /** - * destination address - */ - host_t *destination; - - /** - * message data - */ - chunk_t data; -}; - -/** - * Implements packet_t.get_source - */ -static void set_source(private_packet_t *this, host_t *source) -{ - DESTROY_IF(this->source); - this->source = source; -} - -/** - * Implements packet_t.set_destination - */ -static void set_destination(private_packet_t *this, host_t *destination) -{ - DESTROY_IF(this->destination); - this->destination = destination; -} - -/** - * Implements packet_t.get_source - */ -static host_t *get_source(private_packet_t *this) -{ - return this->source; -} - -/** - * Implements packet_t.get_destination - */ -static host_t *get_destination(private_packet_t *this) -{ - return this->destination; -} - -/** - * Implements packet_t.get_data - */ -static chunk_t get_data(private_packet_t *this) -{ - return this->data; -} - -/** - * Implements packet_t.set_data - */ -static void set_data(private_packet_t *this, chunk_t data) -{ - free(this->data.ptr); - this->data = data; -} - -/** - * Implements packet_t.destroy. - */ -static void destroy(private_packet_t *this) -{ - if (this->source != NULL) - { - this->source->destroy(this->source); - } - if (this->destination != NULL) - { - this->destination->destroy(this->destination); - } - free(this->data.ptr); - free(this); -} - -/** - * Implements packet_t.clone. - */ -static packet_t *clone_(private_packet_t *this) -{ - private_packet_t *other = (private_packet_t*)packet_create(); - - if (this->destination != NULL) - { - other->destination = this->destination->clone(this->destination); - } - if (this->source != NULL) - { - other->source = this->source->clone(this->source); - } - if (this->data.ptr != NULL) - { - other->data.ptr = clalloc(this->data.ptr,this->data.len); - other->data.len = this->data.len; - } - return &(other->public); -} - -/* - * Documented in header - */ -packet_t *packet_create(void) -{ - private_packet_t *this = malloc_thing(private_packet_t); - - this->public.set_data = (void(*) (packet_t *,chunk_t)) set_data; - this->public.get_data = (chunk_t(*) (packet_t *)) get_data; - this->public.set_source = (void(*) (packet_t *,host_t*)) set_source; - this->public.get_source = (host_t*(*) (packet_t *)) get_source; - this->public.set_destination = (void(*) (packet_t *,host_t*)) set_destination; - this->public.get_destination = (host_t*(*) (packet_t *)) get_destination; - this->public.clone = (packet_t*(*) (packet_t *))clone_; - this->public.destroy = (void(*) (packet_t *)) destroy; - - this->destination = NULL; - this->source = NULL; - this->data = chunk_empty; - - return &(this->public); -} diff --git a/src/charon/plugins/attr/Makefile.am b/src/charon/plugins/attr/Makefile.am deleted file mode 100644 index b4b3b7da6..000000000 --- a/src/charon/plugins/attr/Makefile.am +++ /dev/null @@ -1,9 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-attr.la -libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \ - attr_provider.h attr_provider.c -libstrongswan_attr_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_aka/Makefile.am b/src/charon/plugins/eap_aka/Makefile.am deleted file mode 100644 index e007f5f00..000000000 --- a/src/charon/plugins/eap_aka/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ - -I$(top_srcdir)/src/libsimaka - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-aka.la - -libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \ - eap_aka_peer.h eap_aka_peer.c \ - eap_aka_server.h eap_aka_server.c -libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la -libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/eap_aka_3gpp2/Makefile.am b/src/charon/plugins/eap_aka_3gpp2/Makefile.am deleted file mode 100644 index 1a4a3765b..000000000 --- a/src/charon/plugins/eap_aka_3gpp2/Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la - -libstrongswan_eap_aka_3gpp2_la_SOURCES = \ - eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \ - eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \ - eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \ - eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c -libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version -libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp - diff --git a/src/charon/plugins/eap_gtc/Makefile.am b/src/charon/plugins/eap_gtc/Makefile.am deleted file mode 100644 index 0d938cacd..000000000 --- a/src/charon/plugins/eap_gtc/Makefile.am +++ /dev/null @@ -1,10 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-gtc.la - -libstrongswan_eap_gtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c -libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam - diff --git a/src/charon/plugins/eap_md5/Makefile.am b/src/charon/plugins/eap_md5/Makefile.am deleted file mode 100644 index f49928cd2..000000000 --- a/src/charon/plugins/eap_md5/Makefile.am +++ /dev/null @@ -1,10 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-md5.la - -libstrongswan_eap_md5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c -libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/eap_radius/Makefile.am b/src/charon/plugins/eap_radius/Makefile.am deleted file mode 100644 index e476fbed6..000000000 --- a/src/charon/plugins/eap_radius/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-radius.la - -libstrongswan_eap_radius_la_SOURCES = \ - eap_radius_plugin.h eap_radius_plugin.c \ - eap_radius.h eap_radius.c \ - radius_client.h radius_client.c \ - radius_message.h radius_message.c -libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/eap_sim/Makefile.am b/src/charon/plugins/eap_sim/Makefile.am deleted file mode 100644 index 74b9bb4e8..000000000 --- a/src/charon/plugins/eap_sim/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ - -I$(top_srcdir)/src/libsimaka - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-sim.la - -libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \ - eap_sim_peer.h eap_sim_peer.c \ - eap_sim_server.h eap_sim_server.c -libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la -libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/eap_sim_file/Makefile.am b/src/charon/plugins/eap_sim_file/Makefile.am deleted file mode 100644 index 350d4244f..000000000 --- a/src/charon/plugins/eap_sim_file/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\" - -plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la - -libstrongswan_eap_sim_file_la_SOURCES = \ - eap_sim_file_plugin.h eap_sim_file_plugin.c \ - eap_sim_file_card.h eap_sim_file_card.c \ - eap_sim_file_provider.h eap_sim_file_provider.c \ - eap_sim_file_triplets.h eap_sim_file_triplets.c -libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/eap_simaka_pseudonym/Makefile.am b/src/charon/plugins/eap_simaka_pseudonym/Makefile.am deleted file mode 100644 index fe87d6d62..000000000 --- a/src/charon/plugins/eap_simaka_pseudonym/Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la - -libstrongswan_eap_simaka_pseudonym_la_SOURCES = \ - eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \ - eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \ - eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c -libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/eap_simaka_reauth/Makefile.am b/src/charon/plugins/eap_simaka_reauth/Makefile.am deleted file mode 100644 index 0ba727136..000000000 --- a/src/charon/plugins/eap_simaka_reauth/Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la - -libstrongswan_eap_simaka_reauth_la_SOURCES = \ - eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \ - eap_simaka_reauth_card.h eap_simaka_reauth_card.c \ - eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c -libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/kernel_klips/Makefile.am b/src/charon/plugins/kernel_klips/Makefile.am deleted file mode 100644 index a7ae06df1..000000000 --- a/src/charon/plugins/kernel_klips/Makefile.am +++ /dev/null @@ -1,10 +0,0 @@ - -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-kernel-klips.la - -libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \ - kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h -libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/load_tester/Makefile.am b/src/charon/plugins/load_tester/Makefile.am deleted file mode 100644 index e6e04229a..000000000 --- a/src/charon/plugins/load_tester/Makefile.am +++ /dev/null @@ -1,17 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-load-tester.la - -libstrongswan_load_tester_la_SOURCES = \ - load_tester_plugin.c load_tester_plugin.h \ - load_tester_config.c load_tester_config.h \ - load_tester_creds.c load_tester_creds.h \ - load_tester_ipsec.c load_tester_ipsec.h \ - load_tester_listener.c load_tester_listener.h \ - load_tester_diffie_hellman.c load_tester_diffie_hellman.h - -libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/medcli/Makefile.am b/src/charon/plugins/medcli/Makefile.am deleted file mode 100644 index a5f018f82..000000000 --- a/src/charon/plugins/medcli/Makefile.am +++ /dev/null @@ -1,12 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-medcli.la -libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \ - medcli_creds.h medcli_creds.c \ - medcli_config.h medcli_config.c \ - medcli_listener.h medcli_listener.c -libstrongswan_medcli_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/medsrv/Makefile.am b/src/charon/plugins/medsrv/Makefile.am deleted file mode 100644 index f3611a79e..000000000 --- a/src/charon/plugins/medsrv/Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-medsrv.la -libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \ - medsrv_creds.h medsrv_creds.c \ - medsrv_config.h medsrv_config.c -libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/nm/Makefile.am b/src/charon/plugins/nm/Makefile.am deleted file mode 100644 index 56eae6e00..000000000 --- a/src/charon/plugins/nm/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFLAGS} - -AM_CFLAGS = -rdynamic \ - -DNM_CA_DIR=\"${nm_ca_dir}\" - -plugin_LTLIBRARIES = libstrongswan-nm.la -libstrongswan_nm_la_SOURCES = \ - nm_plugin.h nm_plugin.c \ - nm_service.h nm_service.c \ - nm_creds.h nm_creds.c \ - nm_handler.h nm_handler.c -libstrongswan_nm_la_LDFLAGS = -module -avoid-version -libstrongswan_nm_la_LIBADD = ${nm_LIBS} diff --git a/src/charon/plugins/stroke/Makefile.am b/src/charon/plugins/stroke/Makefile.am deleted file mode 100644 index 94d311609..000000000 --- a/src/charon/plugins/stroke/Makefile.am +++ /dev/null @@ -1,22 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke - -AM_CFLAGS = \ --rdynamic \ --DIPSEC_CONFDIR=\"${sysconfdir}\" \ --DIPSEC_PIDDIR=\"${piddir}\" - -plugin_LTLIBRARIES = libstrongswan-stroke.la - -libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \ - stroke_socket.h stroke_socket.c \ - stroke_config.h stroke_config.c \ - stroke_control.h stroke_control.c \ - stroke_cred.h stroke_cred.c \ - stroke_ca.h stroke_ca.c \ - stroke_attribute.h stroke_attribute.c \ - stroke_list.h stroke_list.c \ - stroke_shared_key.h stroke_shared_key.c - -libstrongswan_stroke_la_LDFLAGS = -module -avoid-version - diff --git a/src/charon/plugins/stroke/stroke_attribute.c b/src/charon/plugins/stroke/stroke_attribute.c deleted file mode 100644 index 7a5ce683e..000000000 --- a/src/charon/plugins/stroke/stroke_attribute.c +++ /dev/null @@ -1,546 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "stroke_attribute.h" - -#include <daemon.h> -#include <utils/linked_list.h> -#include <utils/hashtable.h> -#include <threading/mutex.h> - -#define POOL_LIMIT (sizeof(uintptr_t)*8) - -typedef struct private_stroke_attribute_t private_stroke_attribute_t; - -/** - * private data of stroke_attribute - */ -struct private_stroke_attribute_t { - - /** - * public functions - */ - stroke_attribute_t public; - - /** - * list of pools, contains pool_t - */ - linked_list_t *pools; - - /** - * mutex to lock access to pools - */ - mutex_t *mutex; -}; - -typedef struct { - /** name of the pool */ - char *name; - /** base address of the pool */ - host_t *base; - /** size of the pool */ - int size; - /** next unused address */ - int unused; - /** hashtable [identity => offset], for online leases */ - hashtable_t *online; - /** hashtable [identity => offset], for offline leases */ - hashtable_t *offline; - /** hashtable [identity => identity], handles identity references */ - hashtable_t *ids; -} pool_t; - -/** - * hashtable hash function for identities - */ -static u_int id_hash(identification_t *id) -{ - return chunk_hash(id->get_encoding(id)); -} - -/** - * hashtable equals function for identities - */ -static bool id_equals(identification_t *a, identification_t *b) -{ - return a->equals(a, b); -} - -/** - * destroy a pool_t - */ -static void pool_destroy(pool_t *this) -{ - enumerator_t *enumerator; - identification_t *id; - - enumerator = this->ids->create_enumerator(this->ids); - while (enumerator->enumerate(enumerator, &id, NULL)) - { - id->destroy(id); - } - enumerator->destroy(enumerator); - this->ids->destroy(this->ids); - this->online->destroy(this->online); - this->offline->destroy(this->offline); - DESTROY_IF(this->base); - free(this->name); - free(this); -} - -/** - * find a pool by name - */ -static pool_t *find_pool(private_stroke_attribute_t *this, char *name) -{ - enumerator_t *enumerator; - pool_t *current, *found = NULL; - - enumerator = this->pools->create_enumerator(this->pools); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (streq(name, current->name)) - { - found = current; - break; - } - } - enumerator->destroy(enumerator); - return found; -} - -/** - * convert an pool offset to an address - */ -host_t* offset2host(pool_t *pool, int offset) -{ - chunk_t addr; - host_t *host; - u_int32_t *pos; - - offset--; - if (offset > pool->size) - { - return NULL; - } - - addr = chunk_clone(pool->base->get_address(pool->base)); - if (pool->base->get_family(pool->base) == AF_INET6) - { - pos = (u_int32_t*)(addr.ptr + 12); - } - else - { - pos = (u_int32_t*)addr.ptr; - } - *pos = htonl(offset + ntohl(*pos)); - host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0); - free(addr.ptr); - return host; -} - -/** - * convert a host to a pool offset - */ -int host2offset(pool_t *pool, host_t *addr) -{ - chunk_t host, base; - u_int32_t hosti, basei; - - if (addr->get_family(addr) != pool->base->get_family(pool->base)) - { - return -1; - } - host = addr->get_address(addr); - base = pool->base->get_address(pool->base); - if (addr->get_family(addr) == AF_INET6) - { - /* only look at last /32 block */ - if (!memeq(host.ptr, base.ptr, 12)) - { - return -1; - } - host = chunk_skip(host, 12); - base = chunk_skip(base, 12); - } - hosti = ntohl(*(u_int32_t*)(host.ptr)); - basei = ntohl(*(u_int32_t*)(base.ptr)); - if (hosti > basei + pool->size) - { - return -1; - } - return hosti - basei + 1; -} - -/** - * Implementation of attribute_provider_t.acquire_address - */ -static host_t* acquire_address(private_stroke_attribute_t *this, - char *name, identification_t *id, - host_t *requested) -{ - pool_t *pool; - uintptr_t offset = 0; - enumerator_t *enumerator; - identification_t *old_id; - - this->mutex->lock(this->mutex); - pool = find_pool(this, name); - while (pool) - { - /* handle %config case by mirroring requested address */ - if (pool->size == 0) - { - this->mutex->unlock(this->mutex); - return requested->clone(requested); - } - - if (!requested->is_anyaddr(requested) && - requested->get_family(requested) != - pool->base->get_family(pool->base)) - { - DBG1(DBG_CFG, "IP pool address family mismatch"); - break; - } - - /* check for a valid offline lease, refresh */ - offset = (uintptr_t)pool->offline->remove(pool->offline, id); - if (offset) - { - id = pool->ids->get(pool->ids, id); - if (id) - { - DBG1(DBG_CFG, "reassigning offline lease to '%Y'", id); - pool->online->put(pool->online, id, (void*)offset); - break; - } - } - - /* check for a valid online lease, reassign */ - offset = (uintptr_t)pool->online->get(pool->online, id); - if (offset && offset == host2offset(pool, requested)) - { - DBG1(DBG_CFG, "reassigning online lease to '%Y'", id); - break; - } - - if (pool->unused < pool->size) - { - /* assigning offset, starting by 1. Handling 0 in hashtable - * is difficult. */ - offset = ++pool->unused; - id = id->clone(id); - pool->ids->put(pool->ids, id, id); - pool->online->put(pool->online, id, (void*)offset); - DBG1(DBG_CFG, "assigning new lease to '%Y'", id); - break; - } - /* no more addresses, replace the first found offline lease */ - enumerator = pool->offline->create_enumerator(pool->offline); - if (enumerator->enumerate(enumerator, &old_id, &offset)) - { - offset = (uintptr_t)pool->offline->remove(pool->offline, old_id); - if (offset) - { - /* destroy reference to old ID */ - old_id = pool->ids->remove(pool->ids, old_id); - DBG1(DBG_CFG, "reassigning existing offline lease by '%Y' to '%Y'", - old_id, id); - if (old_id) - { - old_id->destroy(old_id); - } - id = id->clone(id); - pool->ids->put(pool->ids, id, id); - pool->online->put(pool->online, id, (void*)offset); - enumerator->destroy(enumerator); - break; - } - } - enumerator->destroy(enumerator); - - DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", name); - break; - } - this->mutex->unlock(this->mutex); - if (offset) - { - return offset2host(pool, offset); - } - return NULL; -} - -/** - * Implementation of attribute_provider_t.release_address - */ -static bool release_address(private_stroke_attribute_t *this, - char *name, host_t *address, identification_t *id) -{ - pool_t *pool; - bool found = FALSE; - uintptr_t offset; - - this->mutex->lock(this->mutex); - pool = find_pool(this, name); - if (pool) - { - if (pool->size != 0) - { - offset = (uintptr_t)pool->online->remove(pool->online, id); - if (offset) - { - id = pool->ids->get(pool->ids, id); - if (id) - { - DBG1(DBG_CFG, "lease %H by '%Y' went offline", address, id); - pool->offline->put(pool->offline, id, (void*)offset); - found = TRUE; - } - } - } - } - this->mutex->unlock(this->mutex); - return found; -} - -/** - * Implementation of stroke_attribute_t.add_pool. - */ -static void add_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) -{ - if (msg->add_conn.other.sourceip_mask) - { - pool_t *pool; - - pool = malloc_thing(pool_t); - pool->base = NULL; - pool->size = 0; - pool->unused = 0; - pool->name = strdup(msg->add_conn.name); - pool->online = hashtable_create((hashtable_hash_t)id_hash, - (hashtable_equals_t)id_equals, 16); - pool->offline = hashtable_create((hashtable_hash_t)id_hash, - (hashtable_equals_t)id_equals, 16); - pool->ids = hashtable_create((hashtable_hash_t)id_hash, - (hashtable_equals_t)id_equals, 16); - - /* if %config, add an empty pool, otherwise */ - if (msg->add_conn.other.sourceip) - { - u_int32_t bits; - int family; - - DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", - msg->add_conn.name, msg->add_conn.other.sourceip, - msg->add_conn.other.sourceip_mask); - - pool->base = host_create_from_string(msg->add_conn.other.sourceip, 0); - if (!pool->base) - { - pool_destroy(pool); - DBG1(DBG_CFG, "virtual IP address invalid, discarded"); - return; - } - family = pool->base->get_family(pool->base); - bits = (family == AF_INET ? 32 : 128) - msg->add_conn.other.sourceip_mask; - if (bits > POOL_LIMIT) - { - bits = POOL_LIMIT; - DBG1(DBG_CFG, "virtual IP pool to large, limiting to %s/%d", - msg->add_conn.other.sourceip, - (family == AF_INET ? 32 : 128) - bits); - } - pool->size = 1 << (bits); - - if (pool->size > 2) - { /* do not use first and last addresses of a block */ - pool->unused++; - pool->size--; - } - } - this->mutex->lock(this->mutex); - this->pools->insert_last(this->pools, pool); - this->mutex->unlock(this->mutex); - } -} - -/** - * Implementation of stroke_attribute_t.del_pool. - */ -static void del_pool(private_stroke_attribute_t *this, stroke_msg_t *msg) -{ - enumerator_t *enumerator; - pool_t *pool; - - this->mutex->lock(this->mutex); - enumerator = this->pools->create_enumerator(this->pools); - while (enumerator->enumerate(enumerator, &pool)) - { - if (streq(msg->del_conn.name, pool->name)) - { - this->pools->remove_at(this->pools, enumerator); - pool_destroy(pool); - break; - } - } - enumerator->destroy(enumerator); - this->mutex->unlock(this->mutex); -} - -/** - * Pool enumerator filter function, converts pool_t to name, size, ... - */ -static bool pool_filter(void *mutex, pool_t **poolp, char **name, - void *d1, u_int *size, void *d2, u_int *online, - void *d3, u_int *offline) -{ - pool_t *pool = *poolp; - - *name = pool->name; - *size = pool->size; - *online = pool->online->get_count(pool->online); - *offline = pool->offline->get_count(pool->offline); - return TRUE; -} - -/** - * Implementation of stroke_attribute_t.create_pool_enumerator - */ -static enumerator_t* create_pool_enumerator(private_stroke_attribute_t *this) -{ - this->mutex->lock(this->mutex); - return enumerator_create_filter(this->pools->create_enumerator(this->pools), - (void*)pool_filter, - this->mutex, (void*)this->mutex->unlock); -} - -/** - * lease enumerator - */ -typedef struct { - /** implemented enumerator interface */ - enumerator_t public; - /** inner hash-table enumerator */ - enumerator_t *inner; - /** enumerated pool */ - pool_t *pool; - /** mutex to unlock on destruction */ - mutex_t *mutex; - /** currently enumerated lease address */ - host_t *current; -} lease_enumerator_t; - -/** - * Implementation of lease_enumerator_t.enumerate - */ -static bool lease_enumerate(lease_enumerator_t *this, identification_t **id_out, - host_t **addr_out, bool *online) -{ - identification_t *id; - uintptr_t offset; - - DESTROY_IF(this->current); - this->current = NULL; - - if (this->inner->enumerate(this->inner, &id, NULL)) - { - offset = (uintptr_t)this->pool->online->get(this->pool->online, id); - if (offset) - { - *id_out = id; - *addr_out = this->current = offset2host(this->pool, offset); - *online = TRUE; - return TRUE; - } - offset = (uintptr_t)this->pool->offline->get(this->pool->offline, id); - if (offset) - { - *id_out = id; - *addr_out = this->current = offset2host(this->pool, offset); - *online = FALSE; - return TRUE; - } - } - return FALSE; -} - -/** - * Implementation of lease_enumerator_t.destroy - */ -static void lease_enumerator_destroy(lease_enumerator_t *this) -{ - DESTROY_IF(this->current); - this->inner->destroy(this->inner); - this->mutex->unlock(this->mutex); - free(this); -} - -/** - * Implementation of stroke_attribute_t.create_lease_enumerator - */ -static enumerator_t* create_lease_enumerator(private_stroke_attribute_t *this, - char *pool) -{ - lease_enumerator_t *enumerator; - - this->mutex->lock(this->mutex); - enumerator = malloc_thing(lease_enumerator_t); - enumerator->pool = find_pool(this, pool); - if (!enumerator->pool) - { - this->mutex->unlock(this->mutex); - free(enumerator); - return NULL; - } - enumerator->public.enumerate = (void*)lease_enumerate; - enumerator->public.destroy = (void*)lease_enumerator_destroy; - enumerator->inner = enumerator->pool->ids->create_enumerator(enumerator->pool->ids); - enumerator->mutex = this->mutex; - enumerator->current = NULL; - return &enumerator->public; -} - -/** - * Implementation of stroke_attribute_t.destroy - */ -static void destroy(private_stroke_attribute_t *this) -{ - this->mutex->destroy(this->mutex); - this->pools->destroy_function(this->pools, (void*)pool_destroy); - free(this); -} - -/* - * see header file - */ -stroke_attribute_t *stroke_attribute_create() -{ - private_stroke_attribute_t *this = malloc_thing(private_stroke_attribute_t); - - this->public.provider.acquire_address = (host_t*(*)(attribute_provider_t *this, char*, identification_t *,host_t *))acquire_address; - this->public.provider.release_address = (bool(*)(attribute_provider_t *this, char*,host_t *, identification_t*))release_address; - this->public.provider.create_attribute_enumerator = (enumerator_t*(*)(attribute_provider_t*, identification_t *id, host_t *vip))enumerator_create_empty; - this->public.add_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))add_pool; - this->public.del_pool = (void(*)(stroke_attribute_t*, stroke_msg_t *msg))del_pool; - this->public.create_pool_enumerator = (enumerator_t*(*)(stroke_attribute_t*))create_pool_enumerator; - this->public.create_lease_enumerator = (enumerator_t*(*)(stroke_attribute_t*, char *pool))create_lease_enumerator; - this->public.destroy = (void(*)(stroke_attribute_t*))destroy; - - this->pools = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - - return &this->public; -} - diff --git a/src/charon/plugins/uci/Makefile.am b/src/charon/plugins/uci/Makefile.am deleted file mode 100644 index 9fdbfb709..000000000 --- a/src/charon/plugins/uci/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-uci.la -libstrongswan_uci_la_SOURCES = \ - uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \ - uci_config.h uci_config.c uci_creds.h uci_creds.c \ - uci_control.h uci_control.c -libstrongswan_uci_la_LDFLAGS = -module -avoid-version -libstrongswan_uci_la_LIBADD = -luci - - diff --git a/src/charon/plugins/unit_tester/Makefile.am b/src/charon/plugins/unit_tester/Makefile.am deleted file mode 100644 index 64846f995..000000000 --- a/src/charon/plugins/unit_tester/Makefile.am +++ /dev/null @@ -1,24 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon - -AM_CFLAGS = -rdynamic - -plugin_LTLIBRARIES = libstrongswan-unit-tester.la - -libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \ - tests/test_enumerator.c \ - tests/test_auth_info.c \ - tests/test_curl.c \ - tests/test_mysql.c \ - tests/test_sqlite.c \ - tests/test_mutex.c \ - tests/test_rsa_gen.c \ - tests/test_cert.c \ - tests/test_med_db.c \ - tests/test_chunk.c \ - tests/test_pool.c \ - tests/test_agent.c \ - tests/test_id.c - -libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version - diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index d0413e64e..27d615dab 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -5,17 +5,28 @@ nodist_libchecksum_la_SOURCES = checksum.c libchecksum_la_LDFLAGS = -module -avoid-version checksum_builder_SOURCES = checksum_builder.c -checksum_builder_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +checksum_builder_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(DLLIB) BUILT_SOURCES = checksum.c CLEANFILES = checksum.c INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -libs = $(shell find $(top_builddir)/src/libstrongswan $(top_builddir)/src/charon \ +libs = $(shell find $(top_builddir)/src/libstrongswan \ + $(top_builddir)/src/libcharon \ + $(top_builddir)/src/libhydra \ -name 'libstrongswan*.so') +if USE_LIBHYDRA + libs += $(top_builddir)/src/libhydra/.libs/libhydra.so +endif + if USE_CHARON + libs += $(top_builddir)/src/libcharon/.libs/libcharon.so libs += $(top_builddir)/src/charon/.libs/charon endif @@ -30,7 +41,7 @@ if USE_TOOLS endif if USE_ATTR_SQL - libs += $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool + libs += $(top_builddir)/src/libhydra/plugins/attr_sql/.libs/pool endif checksum.c : checksum_builder $(libs) diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 6769c2601..3e0ab1e69 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -36,13 +36,15 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ noinst_PROGRAMS = checksum_builder$(EXEEXT) -@USE_CHARON_TRUE@am__append_1 = $(top_builddir)/src/charon/.libs/charon -@USE_PLUTO_TRUE@am__append_2 = $(top_builddir)/src/pluto/.libs/pluto -@USE_TOOLS_TRUE@am__append_3 = \ +@USE_LIBHYDRA_TRUE@am__append_1 = $(top_builddir)/src/libhydra/.libs/libhydra.so +@USE_CHARON_TRUE@am__append_2 = $(top_builddir)/src/libcharon/.libs/libcharon.so \ +@USE_CHARON_TRUE@ $(top_builddir)/src/charon/.libs/charon +@USE_PLUTO_TRUE@am__append_3 = $(top_builddir)/src/pluto/.libs/pluto +@USE_TOOLS_TRUE@am__append_4 = \ @USE_TOOLS_TRUE@ $(top_builddir)/src/openac/.libs/openac \ @USE_TOOLS_TRUE@ $(top_builddir)/src/pki/.libs/pki \ @USE_TOOLS_TRUE@ $(top_builddir)/src/scepclient/.libs/scepclient -@USE_ATTR_SQL_TRUE@am__append_4 = $(top_builddir)/src/libstrongswan/plugins/attr_sql/.libs/pool +@USE_ATTR_SQL_TRUE@am__append_5 = $(top_builddir)/src/libhydra/plugins/attr_sql/.libs/pool subdir = src/checksum DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -91,8 +93,12 @@ libchecksum_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ PROGRAMS = $(noinst_PROGRAMS) am_checksum_builder_OBJECTS = checksum_builder.$(OBJEXT) checksum_builder_OBJECTS = $(am_checksum_builder_OBJECTS) +am__DEPENDENCIES_1 = checksum_builder_DEPENDENCIES = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -231,6 +237,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -269,15 +276,20 @@ ipsec_LTLIBRARIES = libchecksum.la nodist_libchecksum_la_SOURCES = checksum.c libchecksum_la_LDFLAGS = -module -avoid-version checksum_builder_SOURCES = checksum_builder.c -checksum_builder_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +checksum_builder_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libhydra/libhydra.la \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(DLLIB) + BUILT_SOURCES = checksum.c CLEANFILES = checksum.c INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic libs = $(shell find $(top_builddir)/src/libstrongswan \ - $(top_builddir)/src/charon -name 'libstrongswan*.so') \ - $(am__append_1) $(am__append_2) $(am__append_3) \ - $(am__append_4) + $(top_builddir)/src/libcharon $(top_builddir)/src/libhydra \ + -name 'libstrongswan*.so') $(am__append_1) $(am__append_2) \ + $(am__append_3) $(am__append_4) $(am__append_5) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c index 54f4539ff..b68a25a19 100644 --- a/src/checksum/checksum_builder.c +++ b/src/checksum/checksum_builder.c @@ -13,17 +13,13 @@ * for more details. */ +#define _GNU_SOURCE #include <stdlib.h> #include <stdio.h> #include <dlfcn.h> #include <library.h> -/* we need to fake some charon symbols to dlopen() its plugins */ -void *charon, *eap_type_names, *auth_class_names, *protocol_id_names, -*action_names, *ipsec_mode_names, *ike_sa_state_names, *child_sa_state_names, -*policy_dir_names, *ipcomp_transform_names, *debug_names, *controller_cb_empty; - int main(int argc, char* argv[]) { int i; @@ -62,12 +58,30 @@ int main(int argc, char* argv[]) name[strlen(name) - 3] = '"'; name[strlen(name) - 2] = ','; name[strlen(name) - 1] = '\0'; - sname = "plugin_create"; + if (asprintf(&sname, "%.*s_plugin_create", strlen(name) - 2, + name) < 0) + { + fprintf(stderr, "failed to format plugin constructor " + "for '%s', ignored", path); + free(name); + continue; + } + translate(sname, "-", "_"); } else if (strstr(path, "libstrongswan.so")) { name = strdup("libstrongswan\","); - sname = "library_init"; + sname = strdup("library_init"); + } + else if (strstr(path, "libhydra.so")) + { + name = strdup("libhydra\","); + sname = strdup("libhydra_init"); + } + else if (strstr(path, "libcharon.so")) + { + name = strdup("libcharon\","); + sname = strdup("libcharon_init"); } else if (strstr(path, "pool")) { @@ -126,6 +140,7 @@ int main(int argc, char* argv[]) name, fsize, fsum, ssize, ssum); fprintf(stderr, "\"%-20s%7u / 0x%08x %6u / 0x%08x\n", name, fsize, fsum, ssize, ssum); + free(sname); free(name); } printf("};\n"); diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index 8bc08e2c1..36fdbff28 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -226,6 +226,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c index 592fecefd..9c63beed9 100644 --- a/src/dumm/bridge.c +++ b/src/dumm/bridge.c @@ -69,8 +69,8 @@ static bool disconnect_iface(private_bridge_t *this, iface_t *iface) { if (br_del_interface(this->name, iface->get_hostif(iface)) != 0) { - DBG1("removing iface '%s' from bridge '%s' in kernel failed: %m", - iface->get_hostif(iface), this->name); + DBG1(DBG_LIB, "removing iface '%s' from bridge '%s' in kernel" + " failed: %m", iface->get_hostif(iface), this->name); } else { @@ -83,8 +83,8 @@ static bool disconnect_iface(private_bridge_t *this, iface_t *iface) } if (iface != current) { - DBG1("iface '%s' not found on bridge '%s'", iface->get_hostif(iface), - this->name); + DBG1(DBG_LIB, "iface '%s' not found on bridge '%s'", + iface->get_hostif(iface), this->name); } enumerator->destroy(enumerator); return good; @@ -97,7 +97,7 @@ static bool connect_iface(private_bridge_t *this, iface_t *iface) { if (br_add_interface(this->name, iface->get_hostif(iface)) != 0) { - DBG1("adding iface '%s' to bridge '%s' failed: %m", + DBG1(DBG_LIB, "adding iface '%s' to bridge '%s' failed: %m", iface->get_hostif(iface), this->name); return FALSE; } @@ -124,7 +124,8 @@ static void destroy(private_bridge_t *this) { if (br_del_interface(this->name, iface->get_hostif(iface)) != 0) { - DBG1("disconnecting iface '%s' failed: %m", iface->get_hostif(iface)); + DBG1(DBG_LIB, "disconnecting iface '%s' failed: %m", + iface->get_hostif(iface)); } iface->set_bridge(iface, NULL); } @@ -133,7 +134,8 @@ static void destroy(private_bridge_t *this) iface_control(this->name, FALSE); if (br_del_bridge(this->name) != 0) { - DBG1("deleting bridge '%s' from kernel failed: %m", this->name); + DBG1(DBG_LIB, "deleting bridge '%s' from kernel failed: %m", + this->name); } free(this->name); free(this); @@ -154,7 +156,7 @@ bridge_t *bridge_create(char *name) { if (br_init() != 0) { - DBG1("libbridge initialization failed: %m"); + DBG1(DBG_LIB, "libbridge initialization failed: %m"); return NULL; } } @@ -168,13 +170,13 @@ bridge_t *bridge_create(char *name) if (br_add_bridge(name) != 0) { - DBG1("creating bridge '%s' failed: %m", name); + DBG1(DBG_LIB, "creating bridge '%s' failed: %m", name); free(this); return NULL; } if (!iface_control(name, TRUE)) { - DBG1("bringing bridge '%s' up failed: %m", name); + DBG1(DBG_LIB, "bringing bridge '%s' up failed: %m", name); } this->name = strdup(name); diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c index f7b6b0cf3..70767890b 100644 --- a/src/dumm/cowfs.c +++ b/src/dumm/cowfs.c @@ -493,12 +493,12 @@ static int cowfs_link(const char *from, const char *to) if (!clone_path(rd, wr, to)) { - DBG1("cloning path '%s' failed", to); + DBG1(DBG_LIB, "cloning path '%s' failed", to); return -errno; } if (linkat(rd, from, wr, to, 0) < 0) { - DBG1("linking '%s' to '%s' failed", from, to); + DBG1(DBG_LIB, "linking '%s' to '%s' failed", from, to); return -errno; } return 0; @@ -777,7 +777,7 @@ static bool set_overlay(private_cowfs_t *this, char *path) this->over_fd = open(path, O_RDONLY | O_DIRECTORY); if (this->over_fd < 0) { - DBG1("failed to open overlay directory '%s': %m", path); + DBG1(DBG_LIB, "failed to open overlay directory '%s': %m", path); return FALSE; } this->over = strdup(path); @@ -821,14 +821,14 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) this->master_fd = open(master, O_RDONLY | O_DIRECTORY); if (this->master_fd < 0) { - DBG1("failed to open master filesystem '%s'", master); + DBG1(DBG_LIB, "failed to open master filesystem '%s'", master); free(this); return NULL; } this->host_fd = open(host, O_RDONLY | O_DIRECTORY); if (this->host_fd < 0) { - DBG1("failed to open host filesystem '%s'", host); + DBG1(DBG_LIB, "failed to open host filesystem '%s'", host); close(this->master_fd); free(this); return NULL; @@ -838,7 +838,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) this->chan = fuse_mount(mount, &args); if (this->chan == NULL) { - DBG1("mounting cowfs FUSE on '%s' failed", mount); + DBG1(DBG_LIB, "mounting cowfs FUSE on '%s' failed", mount); close(this->master_fd); close(this->host_fd); free(this); @@ -849,7 +849,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) sizeof(cowfs_operations), this); if (this->fuse == NULL) { - DBG1("creating cowfs FUSE handle failed"); + DBG1(DBG_LIB, "creating cowfs FUSE handle failed"); close(this->master_fd); close(this->host_fd); fuse_unmount(mount, this->chan); @@ -865,7 +865,7 @@ cowfs_t *cowfs_create(char *master, char *host, char *mount) this->thread = thread_create((thread_main_t)fuse_loop, this->fuse); if (!this->thread) { - DBG1("creating thread to handle FUSE failed"); + DBG1(DBG_LIB, "creating thread to handle FUSE failed"); fuse_unmount(mount, this->chan); free(this->mount); free(this->master); diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c index 0e8ab43f3..7ec340089 100644 --- a/src/dumm/dumm.c +++ b/src/dumm/dumm.c @@ -162,7 +162,7 @@ static bool load_template(private_dumm_t *this, char *dir) } if (strlen(dir) > PATH_MAX) { - DBG1("template directory string '%s' is too long", dir); + DBG1(DBG_LIB, "template directory string '%s' is too long", dir); return FALSE; } @@ -175,7 +175,8 @@ static bool load_template(private_dumm_t *this, char *dir) { /* does not exist, create template */ if (!mkdir_p(this->template, PERME)) { - DBG1("creating template directory '%s' failed: %m", this->template); + DBG1(DBG_LIB, "creating template directory '%s' failed: %m", + this->template); return FALSE; } } @@ -302,7 +303,8 @@ static void load_guests(private_dumm_t *this) } else { - DBG1("loading guest in directory '%s' failed, skipped", ent->d_name); + DBG1(DBG_LIB, "loading guest in directory '%s' failed, skipped", + ent->d_name); } } closedir(dir); @@ -360,7 +362,8 @@ dumm_t *dumm_create(char *dir) if (this->dir == NULL || this->guest_dir == NULL || (mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST)) { - DBG1("creating guest directory '%s' failed: %m", this->guest_dir); + DBG1(DBG_LIB, "creating guest directory '%s' failed: %m", + this->guest_dir); destroy(this); return NULL; } diff --git a/src/dumm/guest.c b/src/dumm/guest.c index 112adb441..ebd87769a 100644 --- a/src/dumm/guest.c +++ b/src/dumm/guest.c @@ -100,7 +100,8 @@ static iface_t* create_iface(private_guest_t *this, char *name) if (this->state != GUEST_RUNNING) { - DBG1("guest '%s' not running, unable to add interface", this->name); + DBG1(DBG_LIB, "guest '%s' not running, unable to add interface", + this->name); return NULL; } @@ -109,7 +110,8 @@ static iface_t* create_iface(private_guest_t *this, char *name) { if (streq(name, iface->get_guestif(iface))) { - DBG1("guest '%s' already has an interface '%s'", this->name, name); + DBG1(DBG_LIB, "guest '%s' already has an interface '%s'", + this->name, name); enumerator->destroy(enumerator); return NULL; } @@ -251,7 +253,8 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data, if (this->state != GUEST_STOPPED) { - DBG1("unable to start guest in state %N", guest_state_names, this->state); + DBG1(DBG_LIB, "unable to start guest in state %N", guest_state_names, + this->state); return FALSE; } this->state = GUEST_STARTING; @@ -284,7 +287,7 @@ static bool start(private_guest_t *this, invoke_function_t invoke, void* data, this->mconsole = mconsole_create(notify, idle); if (this->mconsole == NULL) { - DBG1("opening mconsole at '%s' failed, stopping guest", buf); + DBG1(DBG_LIB, "opening mconsole at '%s' failed, stopping guest", buf); stop(this, NULL); return FALSE; } @@ -315,7 +318,8 @@ static bool load_template(private_guest_t *this, char *path) { if (!mkdir_p(dir, PERME)) { - DBG1("creating overlay for guest '%s' failed: %m", this->name); + DBG1(DBG_LIB, "creating overlay for guest '%s' failed: %m", + this->name); return FALSE; } } @@ -595,7 +599,7 @@ static private_guest_t *guest_create_generic(char *parent, char *name, this->dir = open(this->dirname, O_DIRECTORY, PERME); if (this->dir < 0) { - DBG1("opening guest directory '%s' failed: %m", this->dirname); + DBG1(DBG_LIB, "opening guest directory '%s' failed: %m", this->dirname); free(this->dirname); free(this); return NULL; @@ -647,7 +651,7 @@ guest_t *guest_create(char *parent, char *name, char *kernel, if (!make_symlink(this, master, MASTER_DIR) || !make_symlink(this, kernel, KERNEL_FILE)) { - DBG1("creating master/kernel symlink failed: %m"); + DBG1(DBG_LIB, "creating master/kernel symlink failed: %m"); destroy(this); return NULL; } @@ -655,7 +659,7 @@ guest_t *guest_create(char *parent, char *name, char *kernel, if (mkdirat(this->dir, UNION_DIR, PERME) != 0 || mkdirat(this->dir, DIFF_DIR, PERME) != 0) { - DBG1("unable to create directories for '%s': %m", name); + DBG1(DBG_LIB, "unable to create directories for '%s': %m", name); destroy(this); return NULL; } diff --git a/src/dumm/iface.c b/src/dumm/iface.c index 9910c392e..1b5b7d717 100644 --- a/src/dumm/iface.c +++ b/src/dumm/iface.c @@ -196,7 +196,7 @@ static bool destroy_tap(private_iface_t *this) if (!iface_control(this->hostif, FALSE)) { - DBG1("bringing iface down failed: %m"); + DBG1(DBG_LIB, "bringing iface down failed: %m"); } memset(&ifr, 0, sizeof(ifr)); ifr.ifr_flags = IFF_TAP | IFF_NO_PI; @@ -205,13 +205,13 @@ static bool destroy_tap(private_iface_t *this) tap = open(TAP_DEVICE, O_RDWR); if (tap < 0) { - DBG1("unable to open tap device %s: %m", TAP_DEVICE); + DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE); return FALSE; } if (ioctl(tap, TUNSETIFF, &ifr) < 0 || ioctl(tap, TUNSETPERSIST, 0) < 0) { - DBG1("removing %s failed: %m", this->hostif); + DBG1(DBG_LIB, "removing %s failed: %m", this->hostif); close(tap); return FALSE; } @@ -235,14 +235,14 @@ static char* create_tap(private_iface_t *this) tap = open(TAP_DEVICE, O_RDWR); if (tap < 0) { - DBG1("unable to open tap device %s: %m", TAP_DEVICE); + DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE); return NULL; } if (ioctl(tap, TUNSETIFF, &ifr) < 0 || ioctl(tap, TUNSETPERSIST, 1) < 0 || ioctl(tap, TUNSETOWNER, 0)) { - DBG1("creating new tap device failed: %m"); + DBG1(DBG_LIB, "creating new tap device failed: %m"); close(tap); return NULL; } @@ -299,7 +299,7 @@ iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole) } if (!this->mconsole->add_iface(this->mconsole, this->guestif, this->hostif)) { - DBG1("creating interface '%s' in guest failed", this->guestif); + DBG1(DBG_LIB, "creating interface '%s' in guest failed", this->guestif); destroy_tap(this); free(this->guestif); free(this->hostif); @@ -308,7 +308,7 @@ iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole) } if (!iface_control(this->hostif, TRUE)) { - DBG1("bringing iface '%s' up failed: %m", this->hostif); + DBG1(DBG_LIB, "bringing iface '%s' up failed: %m", this->hostif); } return &this->public; } diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c index 35984bdd5..7d982a54c 100644 --- a/src/dumm/mconsole.c +++ b/src/dumm/mconsole.c @@ -120,7 +120,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t), if (len < 0) { - DBG1("sending mconsole command to UML failed: %m"); + DBG1(DBG_LIB, "sending mconsole command to UML failed: %m"); return -1; } do @@ -136,7 +136,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t), } if (len < 0) { - DBG1("receiving from mconsole failed: %m"); + DBG1(DBG_LIB, "receiving from mconsole failed: %m"); return -1; } if (len > 0) @@ -149,7 +149,7 @@ static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t), { if (reply.len && *reply.data) { - DBG1("received mconsole error %d: %.*s", + DBG1(DBG_LIB, "received mconsole error %d: %.*s", reply.err, reply.len, reply.data); } break; @@ -245,7 +245,7 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock) this->notify = socket(AF_UNIX, SOCK_DGRAM, 0); if (this->notify < 0) { - DBG1("opening mconsole notify socket failed: %m"); + DBG1(DBG_LIB, "opening mconsole notify socket failed: %m"); return FALSE; } memset(&addr, 0, sizeof(addr)); @@ -253,7 +253,8 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock) strncpy(addr.sun_path, nsock, sizeof(addr.sun_path)); if (bind(this->notify, (struct sockaddr*)&addr, sizeof(addr)) < 0) { - DBG1("binding mconsole notify socket to '%s' failed: %m", nsock); + DBG1(DBG_LIB, "binding mconsole notify socket to '%s' failed: %m", + nsock); close(this->notify); return FALSE; } @@ -273,7 +274,7 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock) if (len < 0 || len >= sizeof(notify)) { - DBG1("reading from mconsole notify socket failed: %m"); + DBG1(DBG_LIB, "reading from mconsole notify socket failed: %m"); close(this->notify); unlink(nsock); return FALSE; @@ -282,8 +283,8 @@ static bool wait_for_notify(private_mconsole_t *this, char *nsock) notify.version != MCONSOLE_VERSION || notify.type != MCONSOLE_SOCKET) { - DBG1("received unexpected message from mconsole notify socket: %b", - ¬ify, sizeof(notify)); + DBG1(DBG_LIB, "received unexpected message from mconsole notify" + " socket: %b", ¬ify, sizeof(notify)); close(this->notify); unlink(nsock); return FALSE; @@ -304,7 +305,7 @@ static bool setup_console(private_mconsole_t *this) this->console = socket(AF_UNIX, SOCK_DGRAM, 0); if (this->console < 0) { - DBG1("opening mconsole socket failed: %m"); + DBG1(DBG_LIB, "opening mconsole socket failed: %m"); return FALSE; } memset(&addr, 0, sizeof(addr)); @@ -313,7 +314,8 @@ static bool setup_console(private_mconsole_t *this) getpid(), this->console); if (bind(this->console, (struct sockaddr*)&addr, sizeof(addr)) < 0) { - DBG1("binding mconsole socket to '%s' failed: %m", &addr.sun_path[1]); + DBG1(DBG_LIB, "binding mconsole socket to '%s' failed: %m", + &addr.sun_path[1]); close(this->console); return FALSE; } diff --git a/src/include/Makefile.am b/src/include/Makefile.am index 6aeb84bae..9edad1141 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -1,3 +1,3 @@ EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \ - sys/queue.h + linux/jhash.h sys/queue.h diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 762b32649..720ba3a11 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -172,6 +172,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -208,7 +209,7 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ EXTRA_DIST = linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ linux/pfkeyv2.h linux/udp.h linux/xfrm.h linux/types.h \ - sys/queue.h + linux/jhash.h sys/queue.h all: all-am diff --git a/src/include/linux/jhash.h b/src/include/linux/jhash.h new file mode 100644 index 000000000..2a2f99fbc --- /dev/null +++ b/src/include/linux/jhash.h @@ -0,0 +1,143 @@ +#ifndef _LINUX_JHASH_H +#define _LINUX_JHASH_H + +/* jhash.h: Jenkins hash support. + * + * Copyright (C) 1996 Bob Jenkins (bob_jenkins@burtleburtle.net) + * + * http://burtleburtle.net/bob/hash/ + * + * These are the credits from Bob's sources: + * + * lookup2.c, by Bob Jenkins, December 1996, Public Domain. + * hash(), hash2(), hash3, and mix() are externally useful functions. + * Routines to test the hash are included if SELF_TEST is defined. + * You can use this free for any purpose. It has no warranty. + * + * Copyright (C) 2003 David S. Miller (davem@redhat.com) + * + * I've modified Bob's hash to be useful in the Linux kernel, and + * any bugs present are surely my fault. -DaveM + */ + +/* NOTE: Arguments are modified. */ +#define __jhash_mix(a, b, c) \ +{ \ + a -= b; a -= c; a ^= (c>>13); \ + b -= c; b -= a; b ^= (a<<8); \ + c -= a; c -= b; c ^= (b>>13); \ + a -= b; a -= c; a ^= (c>>12); \ + b -= c; b -= a; b ^= (a<<16); \ + c -= a; c -= b; c ^= (b>>5); \ + a -= b; a -= c; a ^= (c>>3); \ + b -= c; b -= a; b ^= (a<<10); \ + c -= a; c -= b; c ^= (b>>15); \ +} + +/* The golden ration: an arbitrary value */ +#define JHASH_GOLDEN_RATIO 0x9e3779b9 + +/* The most generic version, hashes an arbitrary sequence + * of bytes. No alignment or length assumptions are made about + * the input key. + */ +static inline u32 jhash(const void *key, u32 length, u32 initval) +{ + u32 a, b, c, len; + const u8 *k = key; + + len = length; + a = b = JHASH_GOLDEN_RATIO; + c = initval; + + while (len >= 12) { + a += (k[0] +((u32)k[1]<<8) +((u32)k[2]<<16) +((u32)k[3]<<24)); + b += (k[4] +((u32)k[5]<<8) +((u32)k[6]<<16) +((u32)k[7]<<24)); + c += (k[8] +((u32)k[9]<<8) +((u32)k[10]<<16)+((u32)k[11]<<24)); + + __jhash_mix(a,b,c); + + k += 12; + len -= 12; + } + + c += length; + switch (len) { + case 11: c += ((u32)k[10]<<24); + case 10: c += ((u32)k[9]<<16); + case 9 : c += ((u32)k[8]<<8); + case 8 : b += ((u32)k[7]<<24); + case 7 : b += ((u32)k[6]<<16); + case 6 : b += ((u32)k[5]<<8); + case 5 : b += k[4]; + case 4 : a += ((u32)k[3]<<24); + case 3 : a += ((u32)k[2]<<16); + case 2 : a += ((u32)k[1]<<8); + case 1 : a += k[0]; + }; + + __jhash_mix(a,b,c); + + return c; +} + +/* A special optimized version that handles 1 or more of u32s. + * The length parameter here is the number of u32s in the key. + */ +static inline u32 jhash2(const u32 *k, u32 length, u32 initval) +{ + u32 a, b, c, len; + + a = b = JHASH_GOLDEN_RATIO; + c = initval; + len = length; + + while (len >= 3) { + a += k[0]; + b += k[1]; + c += k[2]; + __jhash_mix(a, b, c); + k += 3; len -= 3; + } + + c += length * 4; + + switch (len) { + case 2 : b += k[1]; + case 1 : a += k[0]; + }; + + __jhash_mix(a,b,c); + + return c; +} + + +/* A special ultra-optimized versions that knows they are hashing exactly + * 3, 2 or 1 word(s). + * + * NOTE: In partilar the "c += length; __jhash_mix(a,b,c);" normally + * done at the end is not done here. + */ +static inline u32 jhash_3words(u32 a, u32 b, u32 c, u32 initval) +{ + a += JHASH_GOLDEN_RATIO; + b += JHASH_GOLDEN_RATIO; + c += initval; + + __jhash_mix(a, b, c); + + return c; +} + +static inline u32 jhash_2words(u32 a, u32 b, u32 initval) +{ + return jhash_3words(a, b, 0, initval); +} + +static inline u32 jhash_1word(u32 a, u32 initval) +{ + return jhash_3words(a, 0, 0, initval); +} + +#endif /* _LINUX_JHASH_H */ diff --git a/src/include/linux/pfkeyv2.h b/src/include/linux/pfkeyv2.h index b4b0712a4..7379d1a94 100644 --- a/src/include/linux/pfkeyv2.h +++ b/src/include/linux/pfkeyv2.h @@ -315,6 +315,7 @@ struct sadb_x_kmaddress { #define SADB_X_EALG_AES_GCM_ICV12 19 #define SADB_X_EALG_AES_GCM_ICV16 20 #define SADB_X_EALG_CAMELLIACBC 22 +#define SADB_X_EALG_NULL_AES_GMAC 23 #define SADB_EALG_MAX 253 /* last EALG */ /* private allocations should use 249-255 (RFC2407) */ #define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */ diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index ff88ed1ff..3834b672a 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -200,6 +200,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/src/ipsec/ipsec.in b/src/ipsec/ipsec.in index 1da3c2d90..0bddc201a 100755 --- a/src/ipsec/ipsec.in +++ b/src/ipsec/ipsec.in @@ -2,13 +2,13 @@ # prefix command to run stuff from our programs directory # Copyright (C) 1998-2002 Henry Spencer. # Copyright (C) 2006 Andreas Steffen -# Copyright (C) 2006 Martin Willi -# +# Copyright (C) 2006 Martin Willi +# # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -# +# # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License @@ -67,7 +67,7 @@ case "$1" in echo " rereadacerts|rereadcrls|rereadall" echo " purgeocsp|purgeike" echo " scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]" - echo " openac" + echo " openac" echo " pluto" echo " scepclient" echo " secrets" @@ -138,17 +138,26 @@ listcards|rereadgroups) $IPSEC_WHACK "$@" "--$op" rc="$?" fi - if [ -e $IPSEC_CHARON_PID ] - then - exit 3 - else - exit 7 - fi + if [ -e $IPSEC_CHARON_PID ] + then + exit 3 + else + exit 7 + fi ;; leases) op="$1" rc=7 shift + if [ -e $IPSEC_PLUTO_PID ] + then + case "$#" in + 0) $IPSEC_WHACK "--$op" ;; + 1) $IPSEC_WHACK "--$op" --name "$1" ;; + *) $IPSEC_WHACK "--$op" --name "$1" --lease-addr "$2" ;; + esac + rc="$?" + fi if [ -e $IPSEC_CHARON_PID ] then case "$#" in @@ -330,7 +339,7 @@ stop) fi fi else - echo "Stopping strongSwan IPsec failed: starter is not running" >&2 + echo "Stopping strongSwan IPsec failed: starter is not running" >&2 fi if [ -d /var/lock/subsys ]; then rm -f /var/lock/subsys/ipsec diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk new file mode 100644 index 000000000..d473b455e --- /dev/null +++ b/src/libcharon/Android.mk @@ -0,0 +1,174 @@ +LOCAL_PATH := $(call my-dir) +include $(CLEAR_VARS) + +# copy-n-paste from Makefile.am +LOCAL_SRC_FILES := \ +bus/bus.c bus/bus.h \ +bus/listeners/listener.h \ +bus/listeners/file_logger.c bus/listeners/file_logger.h \ +bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ +config/backend_manager.c config/backend_manager.h config/backend.h \ +config/child_cfg.c config/child_cfg.h \ +config/ike_cfg.c config/ike_cfg.h \ +config/peer_cfg.c config/peer_cfg.h \ +config/proposal.c config/proposal.h \ +config/auth_cfg.c config/auth_cfg.h \ +control/controller.c control/controller.h \ +daemon.c daemon.h \ +encoding/generator.c encoding/generator.h \ +encoding/message.c encoding/message.h \ +encoding/parser.c encoding/parser.h \ +encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \ +encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \ +encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \ +encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \ +encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ +encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \ +encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \ +encoding/payloads/encodings.c encoding/payloads/encodings.h \ +encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \ +encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ +encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ +encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ +encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \ +encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \ +encoding/payloads/payload.c encoding/payloads/payload.h \ +encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \ +encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \ +encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \ +encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \ +encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \ +encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \ +encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \ +encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \ +kernel/kernel_interface.c kernel/kernel_interface.h \ +kernel/kernel_ipsec.c kernel/kernel_ipsec.h \ +kernel/kernel_net.h \ +network/packet.c network/packet.h \ +network/receiver.c network/receiver.h \ +network/sender.c network/sender.h \ +network/socket_manager.c network/socket_manager.h network/socket.h \ +processing/jobs/job.h \ +processing/jobs/acquire_job.c processing/jobs/acquire_job.h \ +processing/jobs/callback_job.c processing/jobs/callback_job.h \ +processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \ +processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \ +processing/jobs/migrate_job.c processing/jobs/migrate_job.h \ +processing/jobs/process_message_job.c processing/jobs/process_message_job.h \ +processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \ +processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \ +processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \ +processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ +processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \ +processing/jobs/roam_job.c processing/jobs/roam_job.h \ +processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ +processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ +processing/scheduler.c processing/scheduler.h \ +processing/processor.c processing/processor.h \ +sa/authenticators/authenticator.c sa/authenticators/authenticator.h \ +sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \ +sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \ +sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \ +sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \ +sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \ +sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \ +sa/child_sa.c sa/child_sa.h \ +sa/ike_sa.c sa/ike_sa.h \ +sa/ike_sa_id.c sa/ike_sa_id.h \ +sa/ike_sa_manager.c sa/ike_sa_manager.h \ +sa/task_manager.c sa/task_manager.h \ +sa/keymat.c sa/keymat.h \ +sa/trap_manager.c sa/trap_manager.h \ +sa/tasks/child_create.c sa/tasks/child_create.h \ +sa/tasks/child_delete.c sa/tasks/child_delete.h \ +sa/tasks/child_rekey.c sa/tasks/child_rekey.h \ +sa/tasks/ike_auth.c sa/tasks/ike_auth.h \ +sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \ +sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \ +sa/tasks/ike_config.c sa/tasks/ike_config.h \ +sa/tasks/ike_delete.c sa/tasks/ike_delete.h \ +sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \ +sa/tasks/ike_init.c sa/tasks/ike_init.h \ +sa/tasks/ike_natd.c sa/tasks/ike_natd.h \ +sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \ +sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \ +sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ +sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ +sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ +sa/tasks/task.c sa/tasks/task.h \ +credentials/credential_manager.c credentials/credential_manager.h \ +credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \ +credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \ +credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ +credentials/credential_set.h + +# adding the plugin source files + +LOCAL_SRC_FILES += $(call add_plugin, android) +ifneq ($(call plugin_enabled, android)),) +LOCAL_SHARED_LIBRARIES += libcutils +endif + +LOCAL_SRC_FILES += $(call add_plugin, attr) + +LOCAL_SRC_FILES += $(call add_plugin, eap-aka) + +LOCAL_SRC_FILES += $(call add_plugin, eap-aka-3gpp2) +ifneq ($(call plugin_enabled, eap-aka-3gpp2)),) +LOCAL_C_INCLUDES += $(libgmp_PATH) +LOCAL_SHARED_LIBRARIES += libgmp +endif + +LOCAL_SRC_FILES += $(call add_plugin, eap-gtc) + +LOCAL_SRC_FILES += $(call add_plugin, eap-identity) + +LOCAL_SRC_FILES += $(call add_plugin, eap-md5) + +LOCAL_SRC_FILES += $(call add_plugin, eap-mschapv2) + +LOCAL_SRC_FILES += $(call add_plugin, eap-sim) + +LOCAL_SRC_FILES += $(call add_plugin, eap-simaka-pseudonym) + +LOCAL_SRC_FILES += $(call add_plugin, eap-simaka-reauth) + +LOCAL_SRC_FILES += $(call add_plugin, eap-sim-file) + +# adding libakasim if either eap-aka or eap-sim is enabled +ifneq ($(or $(call plugin_enabled, eap-aka), $(call plugin_enabled, eap-sim)),) +LOCAL_C_INCLUDES += $(LOCAL_PATH)/../libsimaka/ +LOCAL_SRC_FILES += $(addprefix ../libsimaka/, \ + simaka_message.h simaka_message.c \ + simaka_crypto.h simaka_crypto.c \ + ) +endif + +LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink) + +LOCAL_SRC_FILES += $(call add_plugin, load-tester) + +LOCAL_SRC_FILES += $(call add_plugin, socket-default) + +LOCAL_SRC_FILES += $(call add_plugin, socket-dynamic) + +# build libcharon -------------------------------------------------------------- + +LOCAL_C_INCLUDES += \ + $(libvstr_PATH) \ + $(strongswan_PATH)/src/include \ + $(strongswan_PATH)/src/libhydra \ + $(strongswan_PATH)/src/libstrongswan + +LOCAL_CFLAGS := $(strongswan_CFLAGS) + +LOCAL_MODULE := libcharon + +LOCAL_ARM_MODE := arm + +LOCAL_PRELINK_MODULE := false + +LOCAL_SHARED_LIBRARIES += libstrongswan libhydra + +include $(BUILD_SHARED_LIBRARY) + diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am new file mode 100644 index 000000000..0eaccf7a0 --- /dev/null +++ b/src/libcharon/Makefile.am @@ -0,0 +1,418 @@ +lib_LTLIBRARIES = libcharon.la + +libcharon_la_SOURCES = \ +bus/bus.c bus/bus.h \ +bus/listeners/listener.h \ +bus/listeners/file_logger.c bus/listeners/file_logger.h \ +bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ +config/backend_manager.c config/backend_manager.h config/backend.h \ +config/child_cfg.c config/child_cfg.h \ +config/ike_cfg.c config/ike_cfg.h \ +config/peer_cfg.c config/peer_cfg.h \ +config/proposal.c config/proposal.h \ +config/auth_cfg.c config/auth_cfg.h \ +control/controller.c control/controller.h \ +daemon.c daemon.h \ +encoding/generator.c encoding/generator.h \ +encoding/message.c encoding/message.h \ +encoding/parser.c encoding/parser.h \ +encoding/payloads/auth_payload.c encoding/payloads/auth_payload.h \ +encoding/payloads/cert_payload.c encoding/payloads/cert_payload.h \ +encoding/payloads/certreq_payload.c encoding/payloads/certreq_payload.h \ +encoding/payloads/configuration_attribute.c encoding/payloads/configuration_attribute.h \ +encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ +encoding/payloads/delete_payload.c encoding/payloads/delete_payload.h \ +encoding/payloads/eap_payload.c encoding/payloads/eap_payload.h \ +encoding/payloads/encodings.c encoding/payloads/encodings.h \ +encoding/payloads/encryption_payload.c encoding/payloads/encryption_payload.h \ +encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ +encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ +encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ +encoding/payloads/nonce_payload.c encoding/payloads/nonce_payload.h \ +encoding/payloads/notify_payload.c encoding/payloads/notify_payload.h \ +encoding/payloads/payload.c encoding/payloads/payload.h \ +encoding/payloads/proposal_substructure.c encoding/payloads/proposal_substructure.h \ +encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \ +encoding/payloads/traffic_selector_substructure.c encoding/payloads/traffic_selector_substructure.h \ +encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \ +encoding/payloads/transform_substructure.c encoding/payloads/transform_substructure.h \ +encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \ +encoding/payloads/unknown_payload.c encoding/payloads/unknown_payload.h \ +encoding/payloads/vendor_id_payload.c encoding/payloads/vendor_id_payload.h \ +kernel/kernel_interface.c kernel/kernel_interface.h \ +kernel/kernel_ipsec.c kernel/kernel_ipsec.h \ +kernel/kernel_net.h \ +network/packet.c network/packet.h \ +network/receiver.c network/receiver.h \ +network/sender.c network/sender.h \ +network/socket_manager.c network/socket_manager.h network/socket.h \ +processing/jobs/job.h \ +processing/jobs/acquire_job.c processing/jobs/acquire_job.h \ +processing/jobs/callback_job.c processing/jobs/callback_job.h \ +processing/jobs/delete_child_sa_job.c processing/jobs/delete_child_sa_job.h \ +processing/jobs/delete_ike_sa_job.c processing/jobs/delete_ike_sa_job.h \ +processing/jobs/migrate_job.c processing/jobs/migrate_job.h \ +processing/jobs/process_message_job.c processing/jobs/process_message_job.h \ +processing/jobs/rekey_child_sa_job.c processing/jobs/rekey_child_sa_job.h \ +processing/jobs/rekey_ike_sa_job.c processing/jobs/rekey_ike_sa_job.h \ +processing/jobs/retransmit_job.c processing/jobs/retransmit_job.h \ +processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ +processing/jobs/send_keepalive_job.c processing/jobs/send_keepalive_job.h \ +processing/jobs/roam_job.c processing/jobs/roam_job.h \ +processing/jobs/update_sa_job.c processing/jobs/update_sa_job.h \ +processing/jobs/inactivity_job.c processing/jobs/inactivity_job.h \ +processing/scheduler.c processing/scheduler.h \ +processing/processor.c processing/processor.h \ +sa/authenticators/authenticator.c sa/authenticators/authenticator.h \ +sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \ +sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \ +sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \ +sa/authenticators/eap/sim_manager.c sa/authenticators/eap/sim_manager.h \ +sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \ +sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \ +sa/child_sa.c sa/child_sa.h \ +sa/ike_sa.c sa/ike_sa.h \ +sa/ike_sa_id.c sa/ike_sa_id.h \ +sa/ike_sa_manager.c sa/ike_sa_manager.h \ +sa/task_manager.c sa/task_manager.h \ +sa/keymat.c sa/keymat.h \ +sa/trap_manager.c sa/trap_manager.h \ +sa/tasks/child_create.c sa/tasks/child_create.h \ +sa/tasks/child_delete.c sa/tasks/child_delete.h \ +sa/tasks/child_rekey.c sa/tasks/child_rekey.h \ +sa/tasks/ike_auth.c sa/tasks/ike_auth.h \ +sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \ +sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \ +sa/tasks/ike_config.c sa/tasks/ike_config.h \ +sa/tasks/ike_delete.c sa/tasks/ike_delete.h \ +sa/tasks/ike_dpd.c sa/tasks/ike_dpd.h \ +sa/tasks/ike_init.c sa/tasks/ike_init.h \ +sa/tasks/ike_natd.c sa/tasks/ike_natd.h \ +sa/tasks/ike_mobike.c sa/tasks/ike_mobike.h \ +sa/tasks/ike_rekey.c sa/tasks/ike_rekey.h \ +sa/tasks/ike_reauth.c sa/tasks/ike_reauth.h \ +sa/tasks/ike_auth_lifetime.c sa/tasks/ike_auth_lifetime.h \ +sa/tasks/ike_vendor.c sa/tasks/ike_vendor.h \ +sa/tasks/task.c sa/tasks/task.h \ +credentials/credential_manager.c credentials/credential_manager.h \ +credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \ +credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \ +credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ +credentials/credential_set.h + +daemon.lo : $(top_builddir)/config.status + +INCLUDES = \ + -I${linux_headers} \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = \ + -DIPSEC_DIR=\"${ipsecdir}\" \ + -DIPSEC_PIDDIR=\"${piddir}\" + +libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) + +EXTRA_DIST = Android.mk + +# compile options +################# + +if USE_ME + libcharon_la_SOURCES += encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \ + processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \ + processing/jobs/mediation_job.c processing/jobs/mediation_job.h \ + sa/connect_manager.c sa/connect_manager.h \ + sa/mediation_manager.c sa/mediation_manager.h \ + sa/tasks/ike_me.c sa/tasks/ike_me.h +endif + +if USE_CAPABILITIES + libcharon_la_LIBADD += -lcap +endif + +# build optional plugins +######################## + +if MONOLITHIC +SUBDIRS = +else +SUBDIRS = . +endif + +PLUGINS = ${libstrongswan_plugins} ${libhydra_plugins} + +if USE_LOAD_TESTER + SUBDIRS += plugins/load_tester + PLUGINS += load-tester +if MONOLITHIC + libcharon_la_LIBADD += plugins/load_tester/libstrongswan-load-tester.la +endif +endif + +if USE_KERNEL_PFKEY + SUBDIRS += plugins/kernel_pfkey + PLUGINS += kernel-pfkey +if MONOLITHIC + libcharon_la_LIBADD += plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la +endif +endif + +if USE_KERNEL_PFROUTE + SUBDIRS += plugins/kernel_pfroute + PLUGINS += kernel-pfroute +if MONOLITHIC + libcharon_la_LIBADD += plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la +endif +endif + +if USE_KERNEL_KLIPS + SUBDIRS += plugins/kernel_klips + PLUGINS += kernel-klips +if MONOLITHIC + libcharon_la_LIBADD += plugins/kernel_klips/libstrongswan-kernel-klips.la +endif +endif + +if USE_KERNEL_NETLINK + SUBDIRS += plugins/kernel_netlink + PLUGINS += kernel-netlink +if MONOLITHIC + libcharon_la_LIBADD += plugins/kernel_netlink/libstrongswan-kernel-netlink.la +endif +endif + +if USE_SOCKET_DEFAULT + SUBDIRS += plugins/socket_default + PLUGINS += socket-default +if MONOLITHIC + libcharon_la_LIBADD += plugins/socket_default/libstrongswan-socket-default.la +endif +endif + +if USE_SOCKET_RAW + SUBDIRS += plugins/socket_raw + PLUGINS += socket-raw +if MONOLITHIC + libcharon_la_LIBADD += plugins/socket_raw/libstrongswan-socket-raw.la +endif +endif + +if USE_SOCKET_DYNAMIC + SUBDIRS += plugins/socket_dynamic + PLUGINS += socket-dynamic +if MONOLITHIC + libcharon_la_LIBADD += plugins/socket_dynamic/libstrongswan-socket-dynamic.la +endif +endif + +if USE_FARP + SUBDIRS += plugins/farp + PLUGINS += farp +if MONOLITHIC + libcharon_la_LIBADD += plugins/farp/libstrongswan-farp.la +endif +endif + +if USE_STROKE + SUBDIRS += plugins/stroke + PLUGINS += stroke +if MONOLITHIC + libcharon_la_LIBADD += plugins/stroke/libstrongswan-stroke.la +endif +endif + +if USE_SMP + SUBDIRS += plugins/smp + PLUGINS += smp +if MONOLITHIC + libcharon_la_LIBADD += plugins/smp/libstrongswan-smp.la +endif +endif + +if USE_SQL + SUBDIRS += plugins/sql + PLUGINS += sql +if MONOLITHIC + libcharon_la_LIBADD += plugins/sql/libstrongswan-sql.la +endif +endif + +if USE_UPDOWN + SUBDIRS += plugins/updown + PLUGINS += updown +if MONOLITHIC + libcharon_la_LIBADD += plugins/updown/libstrongswan-updown.la +endif +endif + +if USE_EAP_IDENTITY + SUBDIRS += plugins/eap_identity + PLUGINS += eap-identity +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_identity/libstrongswan-eap-identity.la +endif +endif + +if USE_EAP_SIM + SUBDIRS += plugins/eap_sim + PLUGINS += eap-sim +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_sim/libstrongswan-eap-sim.la +endif +endif + +if USE_EAP_SIM_FILE + SUBDIRS += plugins/eap_sim_file + PLUGINS += eap-sim-file +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_sim_file/libstrongswan-eap-sim-file.la +endif +endif + +if USE_EAP_SIMAKA_PSEUDONYM + SUBDIRS += plugins/eap_simaka_pseudonym + PLUGINS += eap-simaka-pseudonym +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la +endif +endif + +if USE_EAP_SIMAKA_REAUTH + SUBDIRS += plugins/eap_simaka_reauth + PLUGINS += eap-simaka-reauth +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la +endif +endif + +if USE_EAP_AKA + SUBDIRS += plugins/eap_aka + PLUGINS += eap-aka +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_aka/libstrongswan-eap-aka.la +endif +endif + +if USE_EAP_AKA_3GPP2 + SUBDIRS += plugins/eap_aka_3gpp2 + PLUGINS += eap-aka-3gpp2 +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la +endif +endif + +if USE_SIMAKA +if MONOLITHIC + # otherwise this library is linked to both the eap_aka and the eap_sim plugin + libcharon_la_LIBADD += $(top_builddir)/src/libsimaka/libsimaka.la +endif +endif + +if USE_EAP_MD5 + SUBDIRS += plugins/eap_md5 + PLUGINS += eap-md5 +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_md5/libstrongswan-eap-md5.la +endif +endif + +if USE_EAP_GTC + SUBDIRS += plugins/eap_gtc + PLUGINS += eap-gtc +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_gtc/libstrongswan-eap-gtc.la +endif +endif + +if USE_EAP_MSCHAPV2 + SUBDIRS += plugins/eap_mschapv2 + PLUGINS += eap-mschapv2 +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la +endif +endif + +if USE_EAP_RADIUS + SUBDIRS += plugins/eap_radius + PLUGINS += eap-radius +if MONOLITHIC + libcharon_la_LIBADD += plugins/eap_radius/libstrongswan-eap-radius.la +endif +endif + +if USE_MEDSRV + SUBDIRS += plugins/medsrv + PLUGINS += medsrv +if MONOLITHIC + libcharon_la_LIBADD += plugins/medsrv/libstrongswan-medsrv.la +endif +endif + +if USE_MEDCLI + SUBDIRS += plugins/medcli + PLUGINS += medcli +if MONOLITHIC + libcharon_la_LIBADD += plugins/medcli/libstrongswan-medcli.la +endif +endif + +if USE_NM + SUBDIRS += plugins/nm + PLUGINS += nm +if MONOLITHIC + libcharon_la_LIBADD += plugins/nm/libstrongswan-nm.la +endif +endif + +if USE_DHCP + SUBDIRS += plugins/dhcp + PLUGINS += dhcp +if MONOLITHIC + libcharon_la_LIBADD += plugins/dhcp/libstrongswan-dhcp.la +endif +endif + +if USE_RESOLVE + SUBDIRS += plugins/resolve + PLUGINS += resolve +if MONOLITHIC + libcharon_la_LIBADD += plugins/resolve/libstrongswan-resolve.la +endif +endif + +if USE_ANDROID + SUBDIRS += plugins/android + PLUGINS += android +if MONOLITHIC + libcharon_la_LIBADD += plugins/android/libstrongswan-android.la +endif +endif + +if USE_HA + SUBDIRS += plugins/ha + PLUGINS += ha +if MONOLITHIC + libcharon_la_LIBADD += plugins/ha/libstrongswan-ha.la +endif +endif + +if USE_UCI + SUBDIRS += plugins/uci + PLUGINS += uci +if MONOLITHIC + libcharon_la_LIBADD += plugins/uci/libstrongswan-uci.la +endif +endif + +if USE_UNIT_TESTS + SUBDIRS += plugins/unit_tester + PLUGINS += unit-tester +if MONOLITHIC + libcharon_la_LIBADD += plugins/unit_tester/libstrongswan-unit-tester.la +endif +endif + +AM_CFLAGS += -DPLUGINS=\""${PLUGINS}\"" + diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in new file mode 100644 index 000000000..0eb6f36f4 --- /dev/null +++ b/src/libcharon/Makefile.in @@ -0,0 +1,1994 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ + +# compile options +################# +@USE_ME_TRUE@am__append_1 = encoding/payloads/endpoint_notify.c encoding/payloads/endpoint_notify.h \ +@USE_ME_TRUE@ processing/jobs/initiate_mediation_job.c processing/jobs/initiate_mediation_job.h \ +@USE_ME_TRUE@ processing/jobs/mediation_job.c processing/jobs/mediation_job.h \ +@USE_ME_TRUE@ sa/connect_manager.c sa/connect_manager.h \ +@USE_ME_TRUE@ sa/mediation_manager.c sa/mediation_manager.h \ +@USE_ME_TRUE@ sa/tasks/ike_me.c sa/tasks/ike_me.h + +@USE_CAPABILITIES_TRUE@am__append_2 = -lcap +@USE_LOAD_TESTER_TRUE@am__append_3 = plugins/load_tester +@USE_LOAD_TESTER_TRUE@am__append_4 = load-tester +@MONOLITHIC_TRUE@@USE_LOAD_TESTER_TRUE@am__append_5 = plugins/load_tester/libstrongswan-load-tester.la +@USE_KERNEL_PFKEY_TRUE@am__append_6 = plugins/kernel_pfkey +@USE_KERNEL_PFKEY_TRUE@am__append_7 = kernel-pfkey +@MONOLITHIC_TRUE@@USE_KERNEL_PFKEY_TRUE@am__append_8 = plugins/kernel_pfkey/libstrongswan-kernel-pfkey.la +@USE_KERNEL_PFROUTE_TRUE@am__append_9 = plugins/kernel_pfroute +@USE_KERNEL_PFROUTE_TRUE@am__append_10 = kernel-pfroute +@MONOLITHIC_TRUE@@USE_KERNEL_PFROUTE_TRUE@am__append_11 = plugins/kernel_pfroute/libstrongswan-kernel-pfroute.la +@USE_KERNEL_KLIPS_TRUE@am__append_12 = plugins/kernel_klips +@USE_KERNEL_KLIPS_TRUE@am__append_13 = kernel-klips +@MONOLITHIC_TRUE@@USE_KERNEL_KLIPS_TRUE@am__append_14 = plugins/kernel_klips/libstrongswan-kernel-klips.la +@USE_KERNEL_NETLINK_TRUE@am__append_15 = plugins/kernel_netlink +@USE_KERNEL_NETLINK_TRUE@am__append_16 = kernel-netlink +@MONOLITHIC_TRUE@@USE_KERNEL_NETLINK_TRUE@am__append_17 = plugins/kernel_netlink/libstrongswan-kernel-netlink.la +@USE_SOCKET_DEFAULT_TRUE@am__append_18 = plugins/socket_default +@USE_SOCKET_DEFAULT_TRUE@am__append_19 = socket-default +@MONOLITHIC_TRUE@@USE_SOCKET_DEFAULT_TRUE@am__append_20 = plugins/socket_default/libstrongswan-socket-default.la +@USE_SOCKET_RAW_TRUE@am__append_21 = plugins/socket_raw +@USE_SOCKET_RAW_TRUE@am__append_22 = socket-raw +@MONOLITHIC_TRUE@@USE_SOCKET_RAW_TRUE@am__append_23 = plugins/socket_raw/libstrongswan-socket-raw.la +@USE_SOCKET_DYNAMIC_TRUE@am__append_24 = plugins/socket_dynamic +@USE_SOCKET_DYNAMIC_TRUE@am__append_25 = socket-dynamic +@MONOLITHIC_TRUE@@USE_SOCKET_DYNAMIC_TRUE@am__append_26 = plugins/socket_dynamic/libstrongswan-socket-dynamic.la +@USE_FARP_TRUE@am__append_27 = plugins/farp +@USE_FARP_TRUE@am__append_28 = farp +@MONOLITHIC_TRUE@@USE_FARP_TRUE@am__append_29 = plugins/farp/libstrongswan-farp.la +@USE_STROKE_TRUE@am__append_30 = plugins/stroke +@USE_STROKE_TRUE@am__append_31 = stroke +@MONOLITHIC_TRUE@@USE_STROKE_TRUE@am__append_32 = plugins/stroke/libstrongswan-stroke.la +@USE_SMP_TRUE@am__append_33 = plugins/smp +@USE_SMP_TRUE@am__append_34 = smp +@MONOLITHIC_TRUE@@USE_SMP_TRUE@am__append_35 = plugins/smp/libstrongswan-smp.la +@USE_SQL_TRUE@am__append_36 = plugins/sql +@USE_SQL_TRUE@am__append_37 = sql +@MONOLITHIC_TRUE@@USE_SQL_TRUE@am__append_38 = plugins/sql/libstrongswan-sql.la +@USE_UPDOWN_TRUE@am__append_39 = plugins/updown +@USE_UPDOWN_TRUE@am__append_40 = updown +@MONOLITHIC_TRUE@@USE_UPDOWN_TRUE@am__append_41 = plugins/updown/libstrongswan-updown.la +@USE_EAP_IDENTITY_TRUE@am__append_42 = plugins/eap_identity +@USE_EAP_IDENTITY_TRUE@am__append_43 = eap-identity +@MONOLITHIC_TRUE@@USE_EAP_IDENTITY_TRUE@am__append_44 = plugins/eap_identity/libstrongswan-eap-identity.la +@USE_EAP_SIM_TRUE@am__append_45 = plugins/eap_sim +@USE_EAP_SIM_TRUE@am__append_46 = eap-sim +@MONOLITHIC_TRUE@@USE_EAP_SIM_TRUE@am__append_47 = plugins/eap_sim/libstrongswan-eap-sim.la +@USE_EAP_SIM_FILE_TRUE@am__append_48 = plugins/eap_sim_file +@USE_EAP_SIM_FILE_TRUE@am__append_49 = eap-sim-file +@MONOLITHIC_TRUE@@USE_EAP_SIM_FILE_TRUE@am__append_50 = plugins/eap_sim_file/libstrongswan-eap-sim-file.la +@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_51 = plugins/eap_simaka_pseudonym +@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_52 = eap-simaka-pseudonym +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_PSEUDONYM_TRUE@am__append_53 = plugins/eap_simaka_pseudonym/libstrongswan-eap-simaka-pseudonym.la +@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_54 = plugins/eap_simaka_reauth +@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_55 = eap-simaka-reauth +@MONOLITHIC_TRUE@@USE_EAP_SIMAKA_REAUTH_TRUE@am__append_56 = plugins/eap_simaka_reauth/libstrongswan-eap-simaka-reauth.la +@USE_EAP_AKA_TRUE@am__append_57 = plugins/eap_aka +@USE_EAP_AKA_TRUE@am__append_58 = eap-aka +@MONOLITHIC_TRUE@@USE_EAP_AKA_TRUE@am__append_59 = plugins/eap_aka/libstrongswan-eap-aka.la +@USE_EAP_AKA_3GPP2_TRUE@am__append_60 = plugins/eap_aka_3gpp2 +@USE_EAP_AKA_3GPP2_TRUE@am__append_61 = eap-aka-3gpp2 +@MONOLITHIC_TRUE@@USE_EAP_AKA_3GPP2_TRUE@am__append_62 = plugins/eap_aka_3gpp2/libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@am__append_63 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_EAP_MD5_TRUE@am__append_64 = plugins/eap_md5 +@USE_EAP_MD5_TRUE@am__append_65 = eap-md5 +@MONOLITHIC_TRUE@@USE_EAP_MD5_TRUE@am__append_66 = plugins/eap_md5/libstrongswan-eap-md5.la +@USE_EAP_GTC_TRUE@am__append_67 = plugins/eap_gtc +@USE_EAP_GTC_TRUE@am__append_68 = eap-gtc +@MONOLITHIC_TRUE@@USE_EAP_GTC_TRUE@am__append_69 = plugins/eap_gtc/libstrongswan-eap-gtc.la +@USE_EAP_MSCHAPV2_TRUE@am__append_70 = plugins/eap_mschapv2 +@USE_EAP_MSCHAPV2_TRUE@am__append_71 = eap-mschapv2 +@MONOLITHIC_TRUE@@USE_EAP_MSCHAPV2_TRUE@am__append_72 = plugins/eap_mschapv2/libstrongswan-eap-mschapv2.la +@USE_EAP_RADIUS_TRUE@am__append_73 = plugins/eap_radius +@USE_EAP_RADIUS_TRUE@am__append_74 = eap-radius +@MONOLITHIC_TRUE@@USE_EAP_RADIUS_TRUE@am__append_75 = plugins/eap_radius/libstrongswan-eap-radius.la +@USE_MEDSRV_TRUE@am__append_76 = plugins/medsrv +@USE_MEDSRV_TRUE@am__append_77 = medsrv +@MONOLITHIC_TRUE@@USE_MEDSRV_TRUE@am__append_78 = plugins/medsrv/libstrongswan-medsrv.la +@USE_MEDCLI_TRUE@am__append_79 = plugins/medcli +@USE_MEDCLI_TRUE@am__append_80 = medcli +@MONOLITHIC_TRUE@@USE_MEDCLI_TRUE@am__append_81 = plugins/medcli/libstrongswan-medcli.la +@USE_NM_TRUE@am__append_82 = plugins/nm +@USE_NM_TRUE@am__append_83 = nm +@MONOLITHIC_TRUE@@USE_NM_TRUE@am__append_84 = plugins/nm/libstrongswan-nm.la +@USE_DHCP_TRUE@am__append_85 = plugins/dhcp +@USE_DHCP_TRUE@am__append_86 = dhcp +@MONOLITHIC_TRUE@@USE_DHCP_TRUE@am__append_87 = plugins/dhcp/libstrongswan-dhcp.la +@USE_RESOLVE_TRUE@am__append_88 = plugins/resolve +@USE_RESOLVE_TRUE@am__append_89 = resolve +@MONOLITHIC_TRUE@@USE_RESOLVE_TRUE@am__append_90 = plugins/resolve/libstrongswan-resolve.la +@USE_ANDROID_TRUE@am__append_91 = plugins/android +@USE_ANDROID_TRUE@am__append_92 = android +@MONOLITHIC_TRUE@@USE_ANDROID_TRUE@am__append_93 = plugins/android/libstrongswan-android.la +@USE_HA_TRUE@am__append_94 = plugins/ha +@USE_HA_TRUE@am__append_95 = ha +@MONOLITHIC_TRUE@@USE_HA_TRUE@am__append_96 = plugins/ha/libstrongswan-ha.la +@USE_UCI_TRUE@am__append_97 = plugins/uci +@USE_UCI_TRUE@am__append_98 = uci +@MONOLITHIC_TRUE@@USE_UCI_TRUE@am__append_99 = plugins/uci/libstrongswan-uci.la +@USE_UNIT_TESTS_TRUE@am__append_100 = plugins/unit_tester +@USE_UNIT_TESTS_TRUE@am__append_101 = unit-tester +@MONOLITHIC_TRUE@@USE_UNIT_TESTS_TRUE@am__append_102 = plugins/unit_tester/libstrongswan-unit-tester.la +subdir = src/libcharon +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" +LTLIBRARIES = $(lib_LTLIBRARIES) +am__DEPENDENCIES_1 = +libcharon_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__append_5) $(am__append_8) \ + $(am__append_11) $(am__append_14) $(am__append_17) \ + $(am__append_20) $(am__append_23) $(am__append_26) \ + $(am__append_29) $(am__append_32) $(am__append_35) \ + $(am__append_38) $(am__append_41) $(am__append_44) \ + $(am__append_47) $(am__append_50) $(am__append_53) \ + $(am__append_56) $(am__append_59) $(am__append_62) \ + $(am__append_63) $(am__append_66) $(am__append_69) \ + $(am__append_72) $(am__append_75) $(am__append_78) \ + $(am__append_81) $(am__append_84) $(am__append_87) \ + $(am__append_90) $(am__append_93) $(am__append_96) \ + $(am__append_99) $(am__append_102) +am__libcharon_la_SOURCES_DIST = bus/bus.c bus/bus.h \ + bus/listeners/listener.h bus/listeners/file_logger.c \ + bus/listeners/file_logger.h bus/listeners/sys_logger.c \ + bus/listeners/sys_logger.h config/backend_manager.c \ + config/backend_manager.h config/backend.h config/child_cfg.c \ + config/child_cfg.h config/ike_cfg.c config/ike_cfg.h \ + config/peer_cfg.c config/peer_cfg.h config/proposal.c \ + config/proposal.h config/auth_cfg.c config/auth_cfg.h \ + control/controller.c control/controller.h daemon.c daemon.h \ + encoding/generator.c encoding/generator.h encoding/message.c \ + encoding/message.h encoding/parser.c encoding/parser.h \ + encoding/payloads/auth_payload.c \ + encoding/payloads/auth_payload.h \ + encoding/payloads/cert_payload.c \ + encoding/payloads/cert_payload.h \ + encoding/payloads/certreq_payload.c \ + encoding/payloads/certreq_payload.h \ + encoding/payloads/configuration_attribute.c \ + encoding/payloads/configuration_attribute.h \ + encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ + encoding/payloads/delete_payload.c \ + encoding/payloads/delete_payload.h \ + encoding/payloads/eap_payload.c \ + encoding/payloads/eap_payload.h encoding/payloads/encodings.c \ + encoding/payloads/encodings.h \ + encoding/payloads/encryption_payload.c \ + encoding/payloads/encryption_payload.h \ + encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ + encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ + encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ + encoding/payloads/nonce_payload.c \ + encoding/payloads/nonce_payload.h \ + encoding/payloads/notify_payload.c \ + encoding/payloads/notify_payload.h encoding/payloads/payload.c \ + encoding/payloads/payload.h \ + encoding/payloads/proposal_substructure.c \ + encoding/payloads/proposal_substructure.h \ + encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \ + encoding/payloads/traffic_selector_substructure.c \ + encoding/payloads/traffic_selector_substructure.h \ + encoding/payloads/transform_attribute.c \ + encoding/payloads/transform_attribute.h \ + encoding/payloads/transform_substructure.c \ + encoding/payloads/transform_substructure.h \ + encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \ + encoding/payloads/unknown_payload.c \ + encoding/payloads/unknown_payload.h \ + encoding/payloads/vendor_id_payload.c \ + encoding/payloads/vendor_id_payload.h \ + kernel/kernel_interface.c kernel/kernel_interface.h \ + kernel/kernel_ipsec.c kernel/kernel_ipsec.h \ + kernel/kernel_net.h network/packet.c network/packet.h \ + network/receiver.c network/receiver.h network/sender.c \ + network/sender.h network/socket_manager.c \ + network/socket_manager.h network/socket.h \ + processing/jobs/job.h processing/jobs/acquire_job.c \ + processing/jobs/acquire_job.h processing/jobs/callback_job.c \ + processing/jobs/callback_job.h \ + processing/jobs/delete_child_sa_job.c \ + processing/jobs/delete_child_sa_job.h \ + processing/jobs/delete_ike_sa_job.c \ + processing/jobs/delete_ike_sa_job.h \ + processing/jobs/migrate_job.c processing/jobs/migrate_job.h \ + processing/jobs/process_message_job.c \ + processing/jobs/process_message_job.h \ + processing/jobs/rekey_child_sa_job.c \ + processing/jobs/rekey_child_sa_job.h \ + processing/jobs/rekey_ike_sa_job.c \ + processing/jobs/rekey_ike_sa_job.h \ + processing/jobs/retransmit_job.c \ + processing/jobs/retransmit_job.h \ + processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ + processing/jobs/send_keepalive_job.c \ + processing/jobs/send_keepalive_job.h \ + processing/jobs/roam_job.c processing/jobs/roam_job.h \ + processing/jobs/update_sa_job.c \ + processing/jobs/update_sa_job.h \ + processing/jobs/inactivity_job.c \ + processing/jobs/inactivity_job.h processing/scheduler.c \ + processing/scheduler.h processing/processor.c \ + processing/processor.h sa/authenticators/authenticator.c \ + sa/authenticators/authenticator.h \ + sa/authenticators/eap_authenticator.c \ + sa/authenticators/eap_authenticator.h \ + sa/authenticators/eap/eap_method.c \ + sa/authenticators/eap/eap_method.h \ + sa/authenticators/eap/eap_manager.c \ + sa/authenticators/eap/eap_manager.h \ + sa/authenticators/eap/sim_manager.c \ + sa/authenticators/eap/sim_manager.h \ + sa/authenticators/psk_authenticator.c \ + sa/authenticators/psk_authenticator.h \ + sa/authenticators/pubkey_authenticator.c \ + sa/authenticators/pubkey_authenticator.h sa/child_sa.c \ + sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \ + sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \ + sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \ + sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \ + sa/tasks/child_create.h sa/tasks/child_delete.c \ + sa/tasks/child_delete.h sa/tasks/child_rekey.c \ + sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \ + sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \ + sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \ + sa/tasks/ike_config.c sa/tasks/ike_config.h \ + sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \ + sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \ + sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \ + sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \ + sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \ + sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ + sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ + sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ + credentials/credential_manager.c \ + credentials/credential_manager.h \ + credentials/sets/auth_cfg_wrapper.c \ + credentials/sets/auth_cfg_wrapper.h \ + credentials/sets/ocsp_response_wrapper.c \ + credentials/sets/ocsp_response_wrapper.h \ + credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ + credentials/credential_set.h \ + encoding/payloads/endpoint_notify.c \ + encoding/payloads/endpoint_notify.h \ + processing/jobs/initiate_mediation_job.c \ + processing/jobs/initiate_mediation_job.h \ + processing/jobs/mediation_job.c \ + processing/jobs/mediation_job.h sa/connect_manager.c \ + sa/connect_manager.h sa/mediation_manager.c \ + sa/mediation_manager.h sa/tasks/ike_me.c sa/tasks/ike_me.h +@USE_ME_TRUE@am__objects_1 = endpoint_notify.lo \ +@USE_ME_TRUE@ initiate_mediation_job.lo mediation_job.lo \ +@USE_ME_TRUE@ connect_manager.lo mediation_manager.lo ike_me.lo +am_libcharon_la_OBJECTS = bus.lo file_logger.lo sys_logger.lo \ + backend_manager.lo child_cfg.lo ike_cfg.lo peer_cfg.lo \ + proposal.lo auth_cfg.lo controller.lo daemon.lo generator.lo \ + message.lo parser.lo auth_payload.lo cert_payload.lo \ + certreq_payload.lo configuration_attribute.lo cp_payload.lo \ + delete_payload.lo eap_payload.lo encodings.lo \ + encryption_payload.lo id_payload.lo ike_header.lo \ + ke_payload.lo nonce_payload.lo notify_payload.lo payload.lo \ + proposal_substructure.lo sa_payload.lo \ + traffic_selector_substructure.lo transform_attribute.lo \ + transform_substructure.lo ts_payload.lo unknown_payload.lo \ + vendor_id_payload.lo kernel_interface.lo kernel_ipsec.lo \ + packet.lo receiver.lo sender.lo socket_manager.lo \ + acquire_job.lo callback_job.lo delete_child_sa_job.lo \ + delete_ike_sa_job.lo migrate_job.lo process_message_job.lo \ + rekey_child_sa_job.lo rekey_ike_sa_job.lo retransmit_job.lo \ + send_dpd_job.lo send_keepalive_job.lo roam_job.lo \ + update_sa_job.lo inactivity_job.lo scheduler.lo processor.lo \ + authenticator.lo eap_authenticator.lo eap_method.lo \ + eap_manager.lo sim_manager.lo psk_authenticator.lo \ + pubkey_authenticator.lo child_sa.lo ike_sa.lo ike_sa_id.lo \ + ike_sa_manager.lo task_manager.lo keymat.lo trap_manager.lo \ + child_create.lo child_delete.lo child_rekey.lo ike_auth.lo \ + ike_cert_pre.lo ike_cert_post.lo ike_config.lo ike_delete.lo \ + ike_dpd.lo ike_init.lo ike_natd.lo ike_mobike.lo ike_rekey.lo \ + ike_reauth.lo ike_auth_lifetime.lo ike_vendor.lo task.lo \ + credential_manager.lo auth_cfg_wrapper.lo \ + ocsp_response_wrapper.lo cert_cache.lo $(am__objects_1) +libcharon_la_OBJECTS = $(am_libcharon_la_OBJECTS) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libcharon_la_SOURCES) +DIST_SOURCES = $(am__libcharon_la_SOURCES_DIST) +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = . plugins/load_tester plugins/kernel_pfkey \ + plugins/kernel_pfroute plugins/kernel_klips \ + plugins/kernel_netlink plugins/socket_default \ + plugins/socket_raw plugins/socket_dynamic plugins/farp \ + plugins/stroke plugins/smp plugins/sql plugins/updown \ + plugins/eap_identity plugins/eap_sim plugins/eap_sim_file \ + plugins/eap_simaka_pseudonym plugins/eap_simaka_reauth \ + plugins/eap_aka plugins/eap_aka_3gpp2 plugins/eap_md5 \ + plugins/eap_gtc plugins/eap_mschapv2 plugins/eap_radius \ + plugins/medsrv plugins/medcli plugins/nm plugins/dhcp \ + plugins/resolve plugins/android plugins/ha plugins/uci \ + plugins/unit_tester +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +lib_LTLIBRARIES = libcharon.la +libcharon_la_SOURCES = bus/bus.c bus/bus.h bus/listeners/listener.h \ + bus/listeners/file_logger.c bus/listeners/file_logger.h \ + bus/listeners/sys_logger.c bus/listeners/sys_logger.h \ + config/backend_manager.c config/backend_manager.h \ + config/backend.h config/child_cfg.c config/child_cfg.h \ + config/ike_cfg.c config/ike_cfg.h config/peer_cfg.c \ + config/peer_cfg.h config/proposal.c config/proposal.h \ + config/auth_cfg.c config/auth_cfg.h control/controller.c \ + control/controller.h daemon.c daemon.h encoding/generator.c \ + encoding/generator.h encoding/message.c encoding/message.h \ + encoding/parser.c encoding/parser.h \ + encoding/payloads/auth_payload.c \ + encoding/payloads/auth_payload.h \ + encoding/payloads/cert_payload.c \ + encoding/payloads/cert_payload.h \ + encoding/payloads/certreq_payload.c \ + encoding/payloads/certreq_payload.h \ + encoding/payloads/configuration_attribute.c \ + encoding/payloads/configuration_attribute.h \ + encoding/payloads/cp_payload.c encoding/payloads/cp_payload.h \ + encoding/payloads/delete_payload.c \ + encoding/payloads/delete_payload.h \ + encoding/payloads/eap_payload.c \ + encoding/payloads/eap_payload.h encoding/payloads/encodings.c \ + encoding/payloads/encodings.h \ + encoding/payloads/encryption_payload.c \ + encoding/payloads/encryption_payload.h \ + encoding/payloads/id_payload.c encoding/payloads/id_payload.h \ + encoding/payloads/ike_header.c encoding/payloads/ike_header.h \ + encoding/payloads/ke_payload.c encoding/payloads/ke_payload.h \ + encoding/payloads/nonce_payload.c \ + encoding/payloads/nonce_payload.h \ + encoding/payloads/notify_payload.c \ + encoding/payloads/notify_payload.h encoding/payloads/payload.c \ + encoding/payloads/payload.h \ + encoding/payloads/proposal_substructure.c \ + encoding/payloads/proposal_substructure.h \ + encoding/payloads/sa_payload.c encoding/payloads/sa_payload.h \ + encoding/payloads/traffic_selector_substructure.c \ + encoding/payloads/traffic_selector_substructure.h \ + encoding/payloads/transform_attribute.c \ + encoding/payloads/transform_attribute.h \ + encoding/payloads/transform_substructure.c \ + encoding/payloads/transform_substructure.h \ + encoding/payloads/ts_payload.c encoding/payloads/ts_payload.h \ + encoding/payloads/unknown_payload.c \ + encoding/payloads/unknown_payload.h \ + encoding/payloads/vendor_id_payload.c \ + encoding/payloads/vendor_id_payload.h \ + kernel/kernel_interface.c kernel/kernel_interface.h \ + kernel/kernel_ipsec.c kernel/kernel_ipsec.h \ + kernel/kernel_net.h network/packet.c network/packet.h \ + network/receiver.c network/receiver.h network/sender.c \ + network/sender.h network/socket_manager.c \ + network/socket_manager.h network/socket.h \ + processing/jobs/job.h processing/jobs/acquire_job.c \ + processing/jobs/acquire_job.h processing/jobs/callback_job.c \ + processing/jobs/callback_job.h \ + processing/jobs/delete_child_sa_job.c \ + processing/jobs/delete_child_sa_job.h \ + processing/jobs/delete_ike_sa_job.c \ + processing/jobs/delete_ike_sa_job.h \ + processing/jobs/migrate_job.c processing/jobs/migrate_job.h \ + processing/jobs/process_message_job.c \ + processing/jobs/process_message_job.h \ + processing/jobs/rekey_child_sa_job.c \ + processing/jobs/rekey_child_sa_job.h \ + processing/jobs/rekey_ike_sa_job.c \ + processing/jobs/rekey_ike_sa_job.h \ + processing/jobs/retransmit_job.c \ + processing/jobs/retransmit_job.h \ + processing/jobs/send_dpd_job.c processing/jobs/send_dpd_job.h \ + processing/jobs/send_keepalive_job.c \ + processing/jobs/send_keepalive_job.h \ + processing/jobs/roam_job.c processing/jobs/roam_job.h \ + processing/jobs/update_sa_job.c \ + processing/jobs/update_sa_job.h \ + processing/jobs/inactivity_job.c \ + processing/jobs/inactivity_job.h processing/scheduler.c \ + processing/scheduler.h processing/processor.c \ + processing/processor.h sa/authenticators/authenticator.c \ + sa/authenticators/authenticator.h \ + sa/authenticators/eap_authenticator.c \ + sa/authenticators/eap_authenticator.h \ + sa/authenticators/eap/eap_method.c \ + sa/authenticators/eap/eap_method.h \ + sa/authenticators/eap/eap_manager.c \ + sa/authenticators/eap/eap_manager.h \ + sa/authenticators/eap/sim_manager.c \ + sa/authenticators/eap/sim_manager.h \ + sa/authenticators/psk_authenticator.c \ + sa/authenticators/psk_authenticator.h \ + sa/authenticators/pubkey_authenticator.c \ + sa/authenticators/pubkey_authenticator.h sa/child_sa.c \ + sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_id.c \ + sa/ike_sa_id.h sa/ike_sa_manager.c sa/ike_sa_manager.h \ + sa/task_manager.c sa/task_manager.h sa/keymat.c sa/keymat.h \ + sa/trap_manager.c sa/trap_manager.h sa/tasks/child_create.c \ + sa/tasks/child_create.h sa/tasks/child_delete.c \ + sa/tasks/child_delete.h sa/tasks/child_rekey.c \ + sa/tasks/child_rekey.h sa/tasks/ike_auth.c sa/tasks/ike_auth.h \ + sa/tasks/ike_cert_pre.c sa/tasks/ike_cert_pre.h \ + sa/tasks/ike_cert_post.c sa/tasks/ike_cert_post.h \ + sa/tasks/ike_config.c sa/tasks/ike_config.h \ + sa/tasks/ike_delete.c sa/tasks/ike_delete.h sa/tasks/ike_dpd.c \ + sa/tasks/ike_dpd.h sa/tasks/ike_init.c sa/tasks/ike_init.h \ + sa/tasks/ike_natd.c sa/tasks/ike_natd.h sa/tasks/ike_mobike.c \ + sa/tasks/ike_mobike.h sa/tasks/ike_rekey.c \ + sa/tasks/ike_rekey.h sa/tasks/ike_reauth.c \ + sa/tasks/ike_reauth.h sa/tasks/ike_auth_lifetime.c \ + sa/tasks/ike_auth_lifetime.h sa/tasks/ike_vendor.c \ + sa/tasks/ike_vendor.h sa/tasks/task.c sa/tasks/task.h \ + credentials/credential_manager.c \ + credentials/credential_manager.h \ + credentials/sets/auth_cfg_wrapper.c \ + credentials/sets/auth_cfg_wrapper.h \ + credentials/sets/ocsp_response_wrapper.c \ + credentials/sets/ocsp_response_wrapper.h \ + credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ + credentials/credential_set.h $(am__append_1) +INCLUDES = \ + -I${linux_headers} \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_PIDDIR=\"${piddir}\" \ + -DPLUGINS=\""${PLUGINS}\"" +libcharon_la_LIBADD = -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) \ + $(am__append_2) $(am__append_5) $(am__append_8) \ + $(am__append_11) $(am__append_14) $(am__append_17) \ + $(am__append_20) $(am__append_23) $(am__append_26) \ + $(am__append_29) $(am__append_32) $(am__append_35) \ + $(am__append_38) $(am__append_41) $(am__append_44) \ + $(am__append_47) $(am__append_50) $(am__append_53) \ + $(am__append_56) $(am__append_59) $(am__append_62) \ + $(am__append_63) $(am__append_66) $(am__append_69) \ + $(am__append_72) $(am__append_75) $(am__append_78) \ + $(am__append_81) $(am__append_84) $(am__append_87) \ + $(am__append_90) $(am__append_93) $(am__append_96) \ + $(am__append_99) $(am__append_102) +EXTRA_DIST = Android.mk +@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3) $(am__append_6) \ +@MONOLITHIC_FALSE@ $(am__append_9) $(am__append_12) \ +@MONOLITHIC_FALSE@ $(am__append_15) $(am__append_18) \ +@MONOLITHIC_FALSE@ $(am__append_21) $(am__append_24) \ +@MONOLITHIC_FALSE@ $(am__append_27) $(am__append_30) \ +@MONOLITHIC_FALSE@ $(am__append_33) $(am__append_36) \ +@MONOLITHIC_FALSE@ $(am__append_39) $(am__append_42) \ +@MONOLITHIC_FALSE@ $(am__append_45) $(am__append_48) \ +@MONOLITHIC_FALSE@ $(am__append_51) $(am__append_54) \ +@MONOLITHIC_FALSE@ $(am__append_57) $(am__append_60) \ +@MONOLITHIC_FALSE@ $(am__append_64) $(am__append_67) \ +@MONOLITHIC_FALSE@ $(am__append_70) $(am__append_73) \ +@MONOLITHIC_FALSE@ $(am__append_76) $(am__append_79) \ +@MONOLITHIC_FALSE@ $(am__append_82) $(am__append_85) \ +@MONOLITHIC_FALSE@ $(am__append_88) $(am__append_91) \ +@MONOLITHIC_FALSE@ $(am__append_94) $(am__append_97) \ +@MONOLITHIC_FALSE@ $(am__append_100) + +# build optional plugins +######################## +@MONOLITHIC_TRUE@SUBDIRS = $(am__append_3) $(am__append_6) \ +@MONOLITHIC_TRUE@ $(am__append_9) $(am__append_12) \ +@MONOLITHIC_TRUE@ $(am__append_15) $(am__append_18) \ +@MONOLITHIC_TRUE@ $(am__append_21) $(am__append_24) \ +@MONOLITHIC_TRUE@ $(am__append_27) $(am__append_30) \ +@MONOLITHIC_TRUE@ $(am__append_33) $(am__append_36) \ +@MONOLITHIC_TRUE@ $(am__append_39) $(am__append_42) \ +@MONOLITHIC_TRUE@ $(am__append_45) $(am__append_48) \ +@MONOLITHIC_TRUE@ $(am__append_51) $(am__append_54) \ +@MONOLITHIC_TRUE@ $(am__append_57) $(am__append_60) \ +@MONOLITHIC_TRUE@ $(am__append_64) $(am__append_67) \ +@MONOLITHIC_TRUE@ $(am__append_70) $(am__append_73) \ +@MONOLITHIC_TRUE@ $(am__append_76) $(am__append_79) \ +@MONOLITHIC_TRUE@ $(am__append_82) $(am__append_85) \ +@MONOLITHIC_TRUE@ $(am__append_88) $(am__append_91) \ +@MONOLITHIC_TRUE@ $(am__append_94) $(am__append_97) \ +@MONOLITHIC_TRUE@ $(am__append_100) +PLUGINS = ${libstrongswan_plugins} ${libhydra_plugins} $(am__append_4) \ + $(am__append_7) $(am__append_10) $(am__append_13) \ + $(am__append_16) $(am__append_19) $(am__append_22) \ + $(am__append_25) $(am__append_28) $(am__append_31) \ + $(am__append_34) $(am__append_37) $(am__append_40) \ + $(am__append_43) $(am__append_46) $(am__append_49) \ + $(am__append_52) $(am__append_55) $(am__append_58) \ + $(am__append_61) $(am__append_65) $(am__append_68) \ + $(am__append_71) $(am__append_74) $(am__append_77) \ + $(am__append_80) $(am__append_83) $(am__append_86) \ + $(am__append_89) $(am__append_92) $(am__append_95) \ + $(am__append_98) $(am__append_101) +all: all-recursive + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libcharon.la: $(libcharon_la_OBJECTS) $(libcharon_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libcharon_la_OBJECTS) $(libcharon_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/acquire_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authenticator.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backend_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bus.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_cache.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certreq_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_cfg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_create.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_delete.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_rekey.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/child_sa.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/configuration_attribute.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/connect_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/controller.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cp_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/credential_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/daemon.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_child_sa_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_ike_sa_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/delete_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_authenticator.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_method.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encodings.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encryption_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/endpoint_notify.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file_logger.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generator.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_auth_lifetime.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_post.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cert_pre.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_cfg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_config.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_delete.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_dpd.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_header.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_init.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_me.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_mobike.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_natd.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_reauth.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_rekey.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_id.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_sa_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ike_vendor.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inactivity_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/initiate_mediation_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ke_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_ipsec.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keymat.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mediation_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/migrate_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nonce_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response_wrapper.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/packet.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/peer_cfg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process_message_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/processor.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_substructure.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/psk_authenticator.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey_authenticator.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/receiver.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_child_sa_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rekey_ike_sa_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/retransmit_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/roam_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sa_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scheduler.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_dpd_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/send_keepalive_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sender.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sim_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sys_logger.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/task_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector_substructure.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_attribute.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform_substructure.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/trap_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ts_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/unknown_payload.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/update_sa_job.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor_id_payload.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +bus.lo: bus/bus.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bus.lo -MD -MP -MF $(DEPDIR)/bus.Tpo -c -o bus.lo `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bus.Tpo $(DEPDIR)/bus.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/bus.c' object='bus.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bus.lo `test -f 'bus/bus.c' || echo '$(srcdir)/'`bus/bus.c + +file_logger.lo: bus/listeners/file_logger.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT file_logger.lo -MD -MP -MF $(DEPDIR)/file_logger.Tpo -c -o file_logger.lo `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/file_logger.Tpo $(DEPDIR)/file_logger.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/file_logger.c' object='file_logger.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o file_logger.lo `test -f 'bus/listeners/file_logger.c' || echo '$(srcdir)/'`bus/listeners/file_logger.c + +sys_logger.lo: bus/listeners/sys_logger.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sys_logger.lo -MD -MP -MF $(DEPDIR)/sys_logger.Tpo -c -o sys_logger.lo `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sys_logger.Tpo $(DEPDIR)/sys_logger.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bus/listeners/sys_logger.c' object='sys_logger.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sys_logger.lo `test -f 'bus/listeners/sys_logger.c' || echo '$(srcdir)/'`bus/listeners/sys_logger.c + +backend_manager.lo: config/backend_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT backend_manager.lo -MD -MP -MF $(DEPDIR)/backend_manager.Tpo -c -o backend_manager.lo `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/backend_manager.Tpo $(DEPDIR)/backend_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/backend_manager.c' object='backend_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backend_manager.lo `test -f 'config/backend_manager.c' || echo '$(srcdir)/'`config/backend_manager.c + +child_cfg.lo: config/child_cfg.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_cfg.lo -MD -MP -MF $(DEPDIR)/child_cfg.Tpo -c -o child_cfg.lo `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_cfg.Tpo $(DEPDIR)/child_cfg.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/child_cfg.c' object='child_cfg.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_cfg.lo `test -f 'config/child_cfg.c' || echo '$(srcdir)/'`config/child_cfg.c + +ike_cfg.lo: config/ike_cfg.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cfg.lo -MD -MP -MF $(DEPDIR)/ike_cfg.Tpo -c -o ike_cfg.lo `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cfg.Tpo $(DEPDIR)/ike_cfg.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/ike_cfg.c' object='ike_cfg.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cfg.lo `test -f 'config/ike_cfg.c' || echo '$(srcdir)/'`config/ike_cfg.c + +peer_cfg.lo: config/peer_cfg.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT peer_cfg.lo -MD -MP -MF $(DEPDIR)/peer_cfg.Tpo -c -o peer_cfg.lo `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/peer_cfg.Tpo $(DEPDIR)/peer_cfg.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/peer_cfg.c' object='peer_cfg.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o peer_cfg.lo `test -f 'config/peer_cfg.c' || echo '$(srcdir)/'`config/peer_cfg.c + +proposal.lo: config/proposal.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal.lo -MD -MP -MF $(DEPDIR)/proposal.Tpo -c -o proposal.lo `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal.Tpo $(DEPDIR)/proposal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/proposal.c' object='proposal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal.lo `test -f 'config/proposal.c' || echo '$(srcdir)/'`config/proposal.c + +auth_cfg.lo: config/auth_cfg.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.lo -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.lo `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='config/auth_cfg.c' object='auth_cfg.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.lo `test -f 'config/auth_cfg.c' || echo '$(srcdir)/'`config/auth_cfg.c + +controller.lo: control/controller.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT controller.lo -MD -MP -MF $(DEPDIR)/controller.Tpo -c -o controller.lo `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/controller.Tpo $(DEPDIR)/controller.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='control/controller.c' object='controller.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o controller.lo `test -f 'control/controller.c' || echo '$(srcdir)/'`control/controller.c + +generator.lo: encoding/generator.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT generator.lo -MD -MP -MF $(DEPDIR)/generator.Tpo -c -o generator.lo `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/generator.Tpo $(DEPDIR)/generator.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/generator.c' object='generator.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o generator.lo `test -f 'encoding/generator.c' || echo '$(srcdir)/'`encoding/generator.c + +message.lo: encoding/message.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT message.lo -MD -MP -MF $(DEPDIR)/message.Tpo -c -o message.lo `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/message.Tpo $(DEPDIR)/message.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/message.c' object='message.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o message.lo `test -f 'encoding/message.c' || echo '$(srcdir)/'`encoding/message.c + +parser.lo: encoding/parser.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT parser.lo -MD -MP -MF $(DEPDIR)/parser.Tpo -c -o parser.lo `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/parser.Tpo $(DEPDIR)/parser.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/parser.c' object='parser.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o parser.lo `test -f 'encoding/parser.c' || echo '$(srcdir)/'`encoding/parser.c + +auth_payload.lo: encoding/payloads/auth_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_payload.lo -MD -MP -MF $(DEPDIR)/auth_payload.Tpo -c -o auth_payload.lo `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_payload.Tpo $(DEPDIR)/auth_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/auth_payload.c' object='auth_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_payload.lo `test -f 'encoding/payloads/auth_payload.c' || echo '$(srcdir)/'`encoding/payloads/auth_payload.c + +cert_payload.lo: encoding/payloads/cert_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_payload.lo -MD -MP -MF $(DEPDIR)/cert_payload.Tpo -c -o cert_payload.lo `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_payload.Tpo $(DEPDIR)/cert_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cert_payload.c' object='cert_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_payload.lo `test -f 'encoding/payloads/cert_payload.c' || echo '$(srcdir)/'`encoding/payloads/cert_payload.c + +certreq_payload.lo: encoding/payloads/certreq_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certreq_payload.lo -MD -MP -MF $(DEPDIR)/certreq_payload.Tpo -c -o certreq_payload.lo `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/certreq_payload.Tpo $(DEPDIR)/certreq_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/certreq_payload.c' object='certreq_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certreq_payload.lo `test -f 'encoding/payloads/certreq_payload.c' || echo '$(srcdir)/'`encoding/payloads/certreq_payload.c + +configuration_attribute.lo: encoding/payloads/configuration_attribute.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT configuration_attribute.lo -MD -MP -MF $(DEPDIR)/configuration_attribute.Tpo -c -o configuration_attribute.lo `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/configuration_attribute.Tpo $(DEPDIR)/configuration_attribute.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/configuration_attribute.c' object='configuration_attribute.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o configuration_attribute.lo `test -f 'encoding/payloads/configuration_attribute.c' || echo '$(srcdir)/'`encoding/payloads/configuration_attribute.c + +cp_payload.lo: encoding/payloads/cp_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cp_payload.lo -MD -MP -MF $(DEPDIR)/cp_payload.Tpo -c -o cp_payload.lo `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cp_payload.Tpo $(DEPDIR)/cp_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/cp_payload.c' object='cp_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cp_payload.lo `test -f 'encoding/payloads/cp_payload.c' || echo '$(srcdir)/'`encoding/payloads/cp_payload.c + +delete_payload.lo: encoding/payloads/delete_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_payload.lo -MD -MP -MF $(DEPDIR)/delete_payload.Tpo -c -o delete_payload.lo `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_payload.Tpo $(DEPDIR)/delete_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/delete_payload.c' object='delete_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_payload.lo `test -f 'encoding/payloads/delete_payload.c' || echo '$(srcdir)/'`encoding/payloads/delete_payload.c + +eap_payload.lo: encoding/payloads/eap_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_payload.lo -MD -MP -MF $(DEPDIR)/eap_payload.Tpo -c -o eap_payload.lo `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_payload.Tpo $(DEPDIR)/eap_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/eap_payload.c' object='eap_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_payload.lo `test -f 'encoding/payloads/eap_payload.c' || echo '$(srcdir)/'`encoding/payloads/eap_payload.c + +encodings.lo: encoding/payloads/encodings.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encodings.lo -MD -MP -MF $(DEPDIR)/encodings.Tpo -c -o encodings.lo `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encodings.Tpo $(DEPDIR)/encodings.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encodings.c' object='encodings.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encodings.lo `test -f 'encoding/payloads/encodings.c' || echo '$(srcdir)/'`encoding/payloads/encodings.c + +encryption_payload.lo: encoding/payloads/encryption_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT encryption_payload.lo -MD -MP -MF $(DEPDIR)/encryption_payload.Tpo -c -o encryption_payload.lo `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/encryption_payload.Tpo $(DEPDIR)/encryption_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/encryption_payload.c' object='encryption_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o encryption_payload.lo `test -f 'encoding/payloads/encryption_payload.c' || echo '$(srcdir)/'`encoding/payloads/encryption_payload.c + +id_payload.lo: encoding/payloads/id_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT id_payload.lo -MD -MP -MF $(DEPDIR)/id_payload.Tpo -c -o id_payload.lo `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/id_payload.Tpo $(DEPDIR)/id_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/id_payload.c' object='id_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o id_payload.lo `test -f 'encoding/payloads/id_payload.c' || echo '$(srcdir)/'`encoding/payloads/id_payload.c + +ike_header.lo: encoding/payloads/ike_header.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_header.lo -MD -MP -MF $(DEPDIR)/ike_header.Tpo -c -o ike_header.lo `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_header.Tpo $(DEPDIR)/ike_header.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ike_header.c' object='ike_header.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_header.lo `test -f 'encoding/payloads/ike_header.c' || echo '$(srcdir)/'`encoding/payloads/ike_header.c + +ke_payload.lo: encoding/payloads/ke_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ke_payload.lo -MD -MP -MF $(DEPDIR)/ke_payload.Tpo -c -o ke_payload.lo `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ke_payload.Tpo $(DEPDIR)/ke_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ke_payload.c' object='ke_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ke_payload.lo `test -f 'encoding/payloads/ke_payload.c' || echo '$(srcdir)/'`encoding/payloads/ke_payload.c + +nonce_payload.lo: encoding/payloads/nonce_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT nonce_payload.lo -MD -MP -MF $(DEPDIR)/nonce_payload.Tpo -c -o nonce_payload.lo `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/nonce_payload.Tpo $(DEPDIR)/nonce_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/nonce_payload.c' object='nonce_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o nonce_payload.lo `test -f 'encoding/payloads/nonce_payload.c' || echo '$(srcdir)/'`encoding/payloads/nonce_payload.c + +notify_payload.lo: encoding/payloads/notify_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT notify_payload.lo -MD -MP -MF $(DEPDIR)/notify_payload.Tpo -c -o notify_payload.lo `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/notify_payload.Tpo $(DEPDIR)/notify_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/notify_payload.c' object='notify_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o notify_payload.lo `test -f 'encoding/payloads/notify_payload.c' || echo '$(srcdir)/'`encoding/payloads/notify_payload.c + +payload.lo: encoding/payloads/payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT payload.lo -MD -MP -MF $(DEPDIR)/payload.Tpo -c -o payload.lo `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/payload.Tpo $(DEPDIR)/payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/payload.c' object='payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o payload.lo `test -f 'encoding/payloads/payload.c' || echo '$(srcdir)/'`encoding/payloads/payload.c + +proposal_substructure.lo: encoding/payloads/proposal_substructure.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_substructure.lo -MD -MP -MF $(DEPDIR)/proposal_substructure.Tpo -c -o proposal_substructure.lo `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/proposal_substructure.Tpo $(DEPDIR)/proposal_substructure.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/proposal_substructure.c' object='proposal_substructure.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_substructure.lo `test -f 'encoding/payloads/proposal_substructure.c' || echo '$(srcdir)/'`encoding/payloads/proposal_substructure.c + +sa_payload.lo: encoding/payloads/sa_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sa_payload.lo -MD -MP -MF $(DEPDIR)/sa_payload.Tpo -c -o sa_payload.lo `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sa_payload.Tpo $(DEPDIR)/sa_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/sa_payload.c' object='sa_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sa_payload.lo `test -f 'encoding/payloads/sa_payload.c' || echo '$(srcdir)/'`encoding/payloads/sa_payload.c + +traffic_selector_substructure.lo: encoding/payloads/traffic_selector_substructure.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector_substructure.lo -MD -MP -MF $(DEPDIR)/traffic_selector_substructure.Tpo -c -o traffic_selector_substructure.lo `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector_substructure.Tpo $(DEPDIR)/traffic_selector_substructure.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/traffic_selector_substructure.c' object='traffic_selector_substructure.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o traffic_selector_substructure.lo `test -f 'encoding/payloads/traffic_selector_substructure.c' || echo '$(srcdir)/'`encoding/payloads/traffic_selector_substructure.c + +transform_attribute.lo: encoding/payloads/transform_attribute.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_attribute.lo -MD -MP -MF $(DEPDIR)/transform_attribute.Tpo -c -o transform_attribute.lo `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_attribute.Tpo $(DEPDIR)/transform_attribute.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_attribute.c' object='transform_attribute.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_attribute.lo `test -f 'encoding/payloads/transform_attribute.c' || echo '$(srcdir)/'`encoding/payloads/transform_attribute.c + +transform_substructure.lo: encoding/payloads/transform_substructure.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform_substructure.lo -MD -MP -MF $(DEPDIR)/transform_substructure.Tpo -c -o transform_substructure.lo `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform_substructure.Tpo $(DEPDIR)/transform_substructure.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/transform_substructure.c' object='transform_substructure.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform_substructure.lo `test -f 'encoding/payloads/transform_substructure.c' || echo '$(srcdir)/'`encoding/payloads/transform_substructure.c + +ts_payload.lo: encoding/payloads/ts_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ts_payload.lo -MD -MP -MF $(DEPDIR)/ts_payload.Tpo -c -o ts_payload.lo `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ts_payload.Tpo $(DEPDIR)/ts_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/ts_payload.c' object='ts_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ts_payload.lo `test -f 'encoding/payloads/ts_payload.c' || echo '$(srcdir)/'`encoding/payloads/ts_payload.c + +unknown_payload.lo: encoding/payloads/unknown_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT unknown_payload.lo -MD -MP -MF $(DEPDIR)/unknown_payload.Tpo -c -o unknown_payload.lo `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unknown_payload.Tpo $(DEPDIR)/unknown_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/unknown_payload.c' object='unknown_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o unknown_payload.lo `test -f 'encoding/payloads/unknown_payload.c' || echo '$(srcdir)/'`encoding/payloads/unknown_payload.c + +vendor_id_payload.lo: encoding/payloads/vendor_id_payload.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT vendor_id_payload.lo -MD -MP -MF $(DEPDIR)/vendor_id_payload.Tpo -c -o vendor_id_payload.lo `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/vendor_id_payload.Tpo $(DEPDIR)/vendor_id_payload.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/vendor_id_payload.c' object='vendor_id_payload.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o vendor_id_payload.lo `test -f 'encoding/payloads/vendor_id_payload.c' || echo '$(srcdir)/'`encoding/payloads/vendor_id_payload.c + +kernel_interface.lo: kernel/kernel_interface.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_interface.lo -MD -MP -MF $(DEPDIR)/kernel_interface.Tpo -c -o kernel_interface.lo `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_interface.Tpo $(DEPDIR)/kernel_interface.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_interface.c' object='kernel_interface.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_interface.lo `test -f 'kernel/kernel_interface.c' || echo '$(srcdir)/'`kernel/kernel_interface.c + +kernel_ipsec.lo: kernel/kernel_ipsec.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT kernel_ipsec.lo -MD -MP -MF $(DEPDIR)/kernel_ipsec.Tpo -c -o kernel_ipsec.lo `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/kernel_ipsec.Tpo $(DEPDIR)/kernel_ipsec.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kernel/kernel_ipsec.c' object='kernel_ipsec.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o kernel_ipsec.lo `test -f 'kernel/kernel_ipsec.c' || echo '$(srcdir)/'`kernel/kernel_ipsec.c + +packet.lo: network/packet.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT packet.lo -MD -MP -MF $(DEPDIR)/packet.Tpo -c -o packet.lo `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/packet.Tpo $(DEPDIR)/packet.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/packet.c' object='packet.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o packet.lo `test -f 'network/packet.c' || echo '$(srcdir)/'`network/packet.c + +receiver.lo: network/receiver.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT receiver.lo -MD -MP -MF $(DEPDIR)/receiver.Tpo -c -o receiver.lo `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/receiver.Tpo $(DEPDIR)/receiver.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/receiver.c' object='receiver.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o receiver.lo `test -f 'network/receiver.c' || echo '$(srcdir)/'`network/receiver.c + +sender.lo: network/sender.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sender.lo -MD -MP -MF $(DEPDIR)/sender.Tpo -c -o sender.lo `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sender.Tpo $(DEPDIR)/sender.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/sender.c' object='sender.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sender.lo `test -f 'network/sender.c' || echo '$(srcdir)/'`network/sender.c + +socket_manager.lo: network/socket_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT socket_manager.lo -MD -MP -MF $(DEPDIR)/socket_manager.Tpo -c -o socket_manager.lo `test -f 'network/socket_manager.c' || echo '$(srcdir)/'`network/socket_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/socket_manager.Tpo $(DEPDIR)/socket_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='network/socket_manager.c' object='socket_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o socket_manager.lo `test -f 'network/socket_manager.c' || echo '$(srcdir)/'`network/socket_manager.c + +acquire_job.lo: processing/jobs/acquire_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT acquire_job.lo -MD -MP -MF $(DEPDIR)/acquire_job.Tpo -c -o acquire_job.lo `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/acquire_job.Tpo $(DEPDIR)/acquire_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/acquire_job.c' object='acquire_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o acquire_job.lo `test -f 'processing/jobs/acquire_job.c' || echo '$(srcdir)/'`processing/jobs/acquire_job.c + +callback_job.lo: processing/jobs/callback_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.lo -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c + +delete_child_sa_job.lo: processing/jobs/delete_child_sa_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_child_sa_job.lo -MD -MP -MF $(DEPDIR)/delete_child_sa_job.Tpo -c -o delete_child_sa_job.lo `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_child_sa_job.Tpo $(DEPDIR)/delete_child_sa_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_child_sa_job.c' object='delete_child_sa_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_child_sa_job.lo `test -f 'processing/jobs/delete_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_child_sa_job.c + +delete_ike_sa_job.lo: processing/jobs/delete_ike_sa_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT delete_ike_sa_job.lo -MD -MP -MF $(DEPDIR)/delete_ike_sa_job.Tpo -c -o delete_ike_sa_job.lo `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/delete_ike_sa_job.Tpo $(DEPDIR)/delete_ike_sa_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/delete_ike_sa_job.c' object='delete_ike_sa_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o delete_ike_sa_job.lo `test -f 'processing/jobs/delete_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/delete_ike_sa_job.c + +migrate_job.lo: processing/jobs/migrate_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT migrate_job.lo -MD -MP -MF $(DEPDIR)/migrate_job.Tpo -c -o migrate_job.lo `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/migrate_job.Tpo $(DEPDIR)/migrate_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/migrate_job.c' object='migrate_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o migrate_job.lo `test -f 'processing/jobs/migrate_job.c' || echo '$(srcdir)/'`processing/jobs/migrate_job.c + +process_message_job.lo: processing/jobs/process_message_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT process_message_job.lo -MD -MP -MF $(DEPDIR)/process_message_job.Tpo -c -o process_message_job.lo `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/process_message_job.Tpo $(DEPDIR)/process_message_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/process_message_job.c' object='process_message_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o process_message_job.lo `test -f 'processing/jobs/process_message_job.c' || echo '$(srcdir)/'`processing/jobs/process_message_job.c + +rekey_child_sa_job.lo: processing/jobs/rekey_child_sa_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_child_sa_job.lo -MD -MP -MF $(DEPDIR)/rekey_child_sa_job.Tpo -c -o rekey_child_sa_job.lo `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_child_sa_job.Tpo $(DEPDIR)/rekey_child_sa_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_child_sa_job.c' object='rekey_child_sa_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_child_sa_job.lo `test -f 'processing/jobs/rekey_child_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_child_sa_job.c + +rekey_ike_sa_job.lo: processing/jobs/rekey_ike_sa_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rekey_ike_sa_job.lo -MD -MP -MF $(DEPDIR)/rekey_ike_sa_job.Tpo -c -o rekey_ike_sa_job.lo `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/rekey_ike_sa_job.Tpo $(DEPDIR)/rekey_ike_sa_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/rekey_ike_sa_job.c' object='rekey_ike_sa_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rekey_ike_sa_job.lo `test -f 'processing/jobs/rekey_ike_sa_job.c' || echo '$(srcdir)/'`processing/jobs/rekey_ike_sa_job.c + +retransmit_job.lo: processing/jobs/retransmit_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT retransmit_job.lo -MD -MP -MF $(DEPDIR)/retransmit_job.Tpo -c -o retransmit_job.lo `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/retransmit_job.Tpo $(DEPDIR)/retransmit_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/retransmit_job.c' object='retransmit_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o retransmit_job.lo `test -f 'processing/jobs/retransmit_job.c' || echo '$(srcdir)/'`processing/jobs/retransmit_job.c + +send_dpd_job.lo: processing/jobs/send_dpd_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_dpd_job.lo -MD -MP -MF $(DEPDIR)/send_dpd_job.Tpo -c -o send_dpd_job.lo `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_dpd_job.Tpo $(DEPDIR)/send_dpd_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_dpd_job.c' object='send_dpd_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_dpd_job.lo `test -f 'processing/jobs/send_dpd_job.c' || echo '$(srcdir)/'`processing/jobs/send_dpd_job.c + +send_keepalive_job.lo: processing/jobs/send_keepalive_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT send_keepalive_job.lo -MD -MP -MF $(DEPDIR)/send_keepalive_job.Tpo -c -o send_keepalive_job.lo `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/send_keepalive_job.Tpo $(DEPDIR)/send_keepalive_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/send_keepalive_job.c' object='send_keepalive_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o send_keepalive_job.lo `test -f 'processing/jobs/send_keepalive_job.c' || echo '$(srcdir)/'`processing/jobs/send_keepalive_job.c + +roam_job.lo: processing/jobs/roam_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT roam_job.lo -MD -MP -MF $(DEPDIR)/roam_job.Tpo -c -o roam_job.lo `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/roam_job.Tpo $(DEPDIR)/roam_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/roam_job.c' object='roam_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o roam_job.lo `test -f 'processing/jobs/roam_job.c' || echo '$(srcdir)/'`processing/jobs/roam_job.c + +update_sa_job.lo: processing/jobs/update_sa_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT update_sa_job.lo -MD -MP -MF $(DEPDIR)/update_sa_job.Tpo -c -o update_sa_job.lo `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/update_sa_job.Tpo $(DEPDIR)/update_sa_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/update_sa_job.c' object='update_sa_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o update_sa_job.lo `test -f 'processing/jobs/update_sa_job.c' || echo '$(srcdir)/'`processing/jobs/update_sa_job.c + +inactivity_job.lo: processing/jobs/inactivity_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT inactivity_job.lo -MD -MP -MF $(DEPDIR)/inactivity_job.Tpo -c -o inactivity_job.lo `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/inactivity_job.Tpo $(DEPDIR)/inactivity_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/inactivity_job.c' object='inactivity_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o inactivity_job.lo `test -f 'processing/jobs/inactivity_job.c' || echo '$(srcdir)/'`processing/jobs/inactivity_job.c + +scheduler.lo: processing/scheduler.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.lo -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.lo `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.lo `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c + +processor.lo: processing/processor.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.lo -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.lo `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.lo `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c + +authenticator.lo: sa/authenticators/authenticator.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT authenticator.lo -MD -MP -MF $(DEPDIR)/authenticator.Tpo -c -o authenticator.lo `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/authenticator.Tpo $(DEPDIR)/authenticator.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/authenticator.c' object='authenticator.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o authenticator.lo `test -f 'sa/authenticators/authenticator.c' || echo '$(srcdir)/'`sa/authenticators/authenticator.c + +eap_authenticator.lo: sa/authenticators/eap_authenticator.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_authenticator.lo -MD -MP -MF $(DEPDIR)/eap_authenticator.Tpo -c -o eap_authenticator.lo `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_authenticator.Tpo $(DEPDIR)/eap_authenticator.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap_authenticator.c' object='eap_authenticator.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_authenticator.lo `test -f 'sa/authenticators/eap_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/eap_authenticator.c + +eap_method.lo: sa/authenticators/eap/eap_method.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_method.lo -MD -MP -MF $(DEPDIR)/eap_method.Tpo -c -o eap_method.lo `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_method.Tpo $(DEPDIR)/eap_method.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_method.c' object='eap_method.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_method.lo `test -f 'sa/authenticators/eap/eap_method.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_method.c + +eap_manager.lo: sa/authenticators/eap/eap_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap_manager.lo -MD -MP -MF $(DEPDIR)/eap_manager.Tpo -c -o eap_manager.lo `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap_manager.Tpo $(DEPDIR)/eap_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/eap_manager.c' object='eap_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap_manager.lo `test -f 'sa/authenticators/eap/eap_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/eap_manager.c + +sim_manager.lo: sa/authenticators/eap/sim_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sim_manager.lo -MD -MP -MF $(DEPDIR)/sim_manager.Tpo -c -o sim_manager.lo `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/sim_manager.Tpo $(DEPDIR)/sim_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/eap/sim_manager.c' object='sim_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sim_manager.lo `test -f 'sa/authenticators/eap/sim_manager.c' || echo '$(srcdir)/'`sa/authenticators/eap/sim_manager.c + +psk_authenticator.lo: sa/authenticators/psk_authenticator.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT psk_authenticator.lo -MD -MP -MF $(DEPDIR)/psk_authenticator.Tpo -c -o psk_authenticator.lo `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/psk_authenticator.Tpo $(DEPDIR)/psk_authenticator.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/psk_authenticator.c' object='psk_authenticator.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o psk_authenticator.lo `test -f 'sa/authenticators/psk_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/psk_authenticator.c + +pubkey_authenticator.lo: sa/authenticators/pubkey_authenticator.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pubkey_authenticator.lo -MD -MP -MF $(DEPDIR)/pubkey_authenticator.Tpo -c -o pubkey_authenticator.lo `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pubkey_authenticator.Tpo $(DEPDIR)/pubkey_authenticator.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/authenticators/pubkey_authenticator.c' object='pubkey_authenticator.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pubkey_authenticator.lo `test -f 'sa/authenticators/pubkey_authenticator.c' || echo '$(srcdir)/'`sa/authenticators/pubkey_authenticator.c + +child_sa.lo: sa/child_sa.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_sa.lo -MD -MP -MF $(DEPDIR)/child_sa.Tpo -c -o child_sa.lo `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_sa.Tpo $(DEPDIR)/child_sa.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/child_sa.c' object='child_sa.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_sa.lo `test -f 'sa/child_sa.c' || echo '$(srcdir)/'`sa/child_sa.c + +ike_sa.lo: sa/ike_sa.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa.lo -MD -MP -MF $(DEPDIR)/ike_sa.Tpo -c -o ike_sa.lo `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa.Tpo $(DEPDIR)/ike_sa.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa.c' object='ike_sa.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa.lo `test -f 'sa/ike_sa.c' || echo '$(srcdir)/'`sa/ike_sa.c + +ike_sa_id.lo: sa/ike_sa_id.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_id.lo -MD -MP -MF $(DEPDIR)/ike_sa_id.Tpo -c -o ike_sa_id.lo `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_id.Tpo $(DEPDIR)/ike_sa_id.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_id.c' object='ike_sa_id.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_id.lo `test -f 'sa/ike_sa_id.c' || echo '$(srcdir)/'`sa/ike_sa_id.c + +ike_sa_manager.lo: sa/ike_sa_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_sa_manager.lo -MD -MP -MF $(DEPDIR)/ike_sa_manager.Tpo -c -o ike_sa_manager.lo `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_sa_manager.Tpo $(DEPDIR)/ike_sa_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/ike_sa_manager.c' object='ike_sa_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_sa_manager.lo `test -f 'sa/ike_sa_manager.c' || echo '$(srcdir)/'`sa/ike_sa_manager.c + +task_manager.lo: sa/task_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task_manager.lo -MD -MP -MF $(DEPDIR)/task_manager.Tpo -c -o task_manager.lo `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task_manager.Tpo $(DEPDIR)/task_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/task_manager.c' object='task_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task_manager.lo `test -f 'sa/task_manager.c' || echo '$(srcdir)/'`sa/task_manager.c + +keymat.lo: sa/keymat.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keymat.lo -MD -MP -MF $(DEPDIR)/keymat.Tpo -c -o keymat.lo `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/keymat.Tpo $(DEPDIR)/keymat.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/keymat.c' object='keymat.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keymat.lo `test -f 'sa/keymat.c' || echo '$(srcdir)/'`sa/keymat.c + +trap_manager.lo: sa/trap_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT trap_manager.lo -MD -MP -MF $(DEPDIR)/trap_manager.Tpo -c -o trap_manager.lo `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/trap_manager.Tpo $(DEPDIR)/trap_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/trap_manager.c' object='trap_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o trap_manager.lo `test -f 'sa/trap_manager.c' || echo '$(srcdir)/'`sa/trap_manager.c + +child_create.lo: sa/tasks/child_create.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_create.lo -MD -MP -MF $(DEPDIR)/child_create.Tpo -c -o child_create.lo `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_create.Tpo $(DEPDIR)/child_create.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_create.c' object='child_create.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_create.lo `test -f 'sa/tasks/child_create.c' || echo '$(srcdir)/'`sa/tasks/child_create.c + +child_delete.lo: sa/tasks/child_delete.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_delete.lo -MD -MP -MF $(DEPDIR)/child_delete.Tpo -c -o child_delete.lo `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_delete.Tpo $(DEPDIR)/child_delete.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_delete.c' object='child_delete.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_delete.lo `test -f 'sa/tasks/child_delete.c' || echo '$(srcdir)/'`sa/tasks/child_delete.c + +child_rekey.lo: sa/tasks/child_rekey.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT child_rekey.lo -MD -MP -MF $(DEPDIR)/child_rekey.Tpo -c -o child_rekey.lo `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/child_rekey.Tpo $(DEPDIR)/child_rekey.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/child_rekey.c' object='child_rekey.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o child_rekey.lo `test -f 'sa/tasks/child_rekey.c' || echo '$(srcdir)/'`sa/tasks/child_rekey.c + +ike_auth.lo: sa/tasks/ike_auth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth.lo -MD -MP -MF $(DEPDIR)/ike_auth.Tpo -c -o ike_auth.lo `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth.Tpo $(DEPDIR)/ike_auth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth.c' object='ike_auth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth.lo `test -f 'sa/tasks/ike_auth.c' || echo '$(srcdir)/'`sa/tasks/ike_auth.c + +ike_cert_pre.lo: sa/tasks/ike_cert_pre.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_pre.lo -MD -MP -MF $(DEPDIR)/ike_cert_pre.Tpo -c -o ike_cert_pre.lo `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_pre.Tpo $(DEPDIR)/ike_cert_pre.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_pre.c' object='ike_cert_pre.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_pre.lo `test -f 'sa/tasks/ike_cert_pre.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_pre.c + +ike_cert_post.lo: sa/tasks/ike_cert_post.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_cert_post.lo -MD -MP -MF $(DEPDIR)/ike_cert_post.Tpo -c -o ike_cert_post.lo `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_cert_post.Tpo $(DEPDIR)/ike_cert_post.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_cert_post.c' object='ike_cert_post.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_cert_post.lo `test -f 'sa/tasks/ike_cert_post.c' || echo '$(srcdir)/'`sa/tasks/ike_cert_post.c + +ike_config.lo: sa/tasks/ike_config.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_config.lo -MD -MP -MF $(DEPDIR)/ike_config.Tpo -c -o ike_config.lo `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_config.Tpo $(DEPDIR)/ike_config.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_config.c' object='ike_config.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_config.lo `test -f 'sa/tasks/ike_config.c' || echo '$(srcdir)/'`sa/tasks/ike_config.c + +ike_delete.lo: sa/tasks/ike_delete.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_delete.lo -MD -MP -MF $(DEPDIR)/ike_delete.Tpo -c -o ike_delete.lo `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_delete.Tpo $(DEPDIR)/ike_delete.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_delete.c' object='ike_delete.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_delete.lo `test -f 'sa/tasks/ike_delete.c' || echo '$(srcdir)/'`sa/tasks/ike_delete.c + +ike_dpd.lo: sa/tasks/ike_dpd.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_dpd.lo -MD -MP -MF $(DEPDIR)/ike_dpd.Tpo -c -o ike_dpd.lo `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_dpd.Tpo $(DEPDIR)/ike_dpd.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_dpd.c' object='ike_dpd.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_dpd.lo `test -f 'sa/tasks/ike_dpd.c' || echo '$(srcdir)/'`sa/tasks/ike_dpd.c + +ike_init.lo: sa/tasks/ike_init.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_init.lo -MD -MP -MF $(DEPDIR)/ike_init.Tpo -c -o ike_init.lo `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_init.Tpo $(DEPDIR)/ike_init.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_init.c' object='ike_init.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_init.lo `test -f 'sa/tasks/ike_init.c' || echo '$(srcdir)/'`sa/tasks/ike_init.c + +ike_natd.lo: sa/tasks/ike_natd.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_natd.lo -MD -MP -MF $(DEPDIR)/ike_natd.Tpo -c -o ike_natd.lo `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_natd.Tpo $(DEPDIR)/ike_natd.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_natd.c' object='ike_natd.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_natd.lo `test -f 'sa/tasks/ike_natd.c' || echo '$(srcdir)/'`sa/tasks/ike_natd.c + +ike_mobike.lo: sa/tasks/ike_mobike.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_mobike.lo -MD -MP -MF $(DEPDIR)/ike_mobike.Tpo -c -o ike_mobike.lo `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_mobike.Tpo $(DEPDIR)/ike_mobike.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_mobike.c' object='ike_mobike.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_mobike.lo `test -f 'sa/tasks/ike_mobike.c' || echo '$(srcdir)/'`sa/tasks/ike_mobike.c + +ike_rekey.lo: sa/tasks/ike_rekey.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_rekey.lo -MD -MP -MF $(DEPDIR)/ike_rekey.Tpo -c -o ike_rekey.lo `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_rekey.Tpo $(DEPDIR)/ike_rekey.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_rekey.c' object='ike_rekey.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_rekey.lo `test -f 'sa/tasks/ike_rekey.c' || echo '$(srcdir)/'`sa/tasks/ike_rekey.c + +ike_reauth.lo: sa/tasks/ike_reauth.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_reauth.lo -MD -MP -MF $(DEPDIR)/ike_reauth.Tpo -c -o ike_reauth.lo `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_reauth.Tpo $(DEPDIR)/ike_reauth.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_reauth.c' object='ike_reauth.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_reauth.lo `test -f 'sa/tasks/ike_reauth.c' || echo '$(srcdir)/'`sa/tasks/ike_reauth.c + +ike_auth_lifetime.lo: sa/tasks/ike_auth_lifetime.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_auth_lifetime.lo -MD -MP -MF $(DEPDIR)/ike_auth_lifetime.Tpo -c -o ike_auth_lifetime.lo `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_auth_lifetime.Tpo $(DEPDIR)/ike_auth_lifetime.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_auth_lifetime.c' object='ike_auth_lifetime.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_auth_lifetime.lo `test -f 'sa/tasks/ike_auth_lifetime.c' || echo '$(srcdir)/'`sa/tasks/ike_auth_lifetime.c + +ike_vendor.lo: sa/tasks/ike_vendor.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_vendor.lo -MD -MP -MF $(DEPDIR)/ike_vendor.Tpo -c -o ike_vendor.lo `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_vendor.Tpo $(DEPDIR)/ike_vendor.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_vendor.c' object='ike_vendor.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_vendor.lo `test -f 'sa/tasks/ike_vendor.c' || echo '$(srcdir)/'`sa/tasks/ike_vendor.c + +task.lo: sa/tasks/task.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT task.lo -MD -MP -MF $(DEPDIR)/task.Tpo -c -o task.lo `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/task.Tpo $(DEPDIR)/task.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/task.c' object='task.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o task.lo `test -f 'sa/tasks/task.c' || echo '$(srcdir)/'`sa/tasks/task.c + +credential_manager.lo: credentials/credential_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_manager.lo -MD -MP -MF $(DEPDIR)/credential_manager.Tpo -c -o credential_manager.lo `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/credential_manager.Tpo $(DEPDIR)/credential_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/credential_manager.c' object='credential_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o credential_manager.lo `test -f 'credentials/credential_manager.c' || echo '$(srcdir)/'`credentials/credential_manager.c + +auth_cfg_wrapper.lo: credentials/sets/auth_cfg_wrapper.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg_wrapper.lo -MD -MP -MF $(DEPDIR)/auth_cfg_wrapper.Tpo -c -o auth_cfg_wrapper.lo `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg_wrapper.Tpo $(DEPDIR)/auth_cfg_wrapper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/auth_cfg_wrapper.c' object='auth_cfg_wrapper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg_wrapper.lo `test -f 'credentials/sets/auth_cfg_wrapper.c' || echo '$(srcdir)/'`credentials/sets/auth_cfg_wrapper.c + +ocsp_response_wrapper.lo: credentials/sets/ocsp_response_wrapper.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp_response_wrapper.lo -MD -MP -MF $(DEPDIR)/ocsp_response_wrapper.Tpo -c -o ocsp_response_wrapper.lo `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ocsp_response_wrapper.Tpo $(DEPDIR)/ocsp_response_wrapper.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/ocsp_response_wrapper.c' object='ocsp_response_wrapper.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response_wrapper.lo `test -f 'credentials/sets/ocsp_response_wrapper.c' || echo '$(srcdir)/'`credentials/sets/ocsp_response_wrapper.c + +cert_cache.lo: credentials/sets/cert_cache.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cert_cache.lo -MD -MP -MF $(DEPDIR)/cert_cache.Tpo -c -o cert_cache.lo `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cert_cache.Tpo $(DEPDIR)/cert_cache.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/cert_cache.c' object='cert_cache.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.lo `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c + +endpoint_notify.lo: encoding/payloads/endpoint_notify.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT endpoint_notify.lo -MD -MP -MF $(DEPDIR)/endpoint_notify.Tpo -c -o endpoint_notify.lo `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/endpoint_notify.Tpo $(DEPDIR)/endpoint_notify.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='encoding/payloads/endpoint_notify.c' object='endpoint_notify.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o endpoint_notify.lo `test -f 'encoding/payloads/endpoint_notify.c' || echo '$(srcdir)/'`encoding/payloads/endpoint_notify.c + +initiate_mediation_job.lo: processing/jobs/initiate_mediation_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT initiate_mediation_job.lo -MD -MP -MF $(DEPDIR)/initiate_mediation_job.Tpo -c -o initiate_mediation_job.lo `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/initiate_mediation_job.Tpo $(DEPDIR)/initiate_mediation_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/initiate_mediation_job.c' object='initiate_mediation_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o initiate_mediation_job.lo `test -f 'processing/jobs/initiate_mediation_job.c' || echo '$(srcdir)/'`processing/jobs/initiate_mediation_job.c + +mediation_job.lo: processing/jobs/mediation_job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_job.lo -MD -MP -MF $(DEPDIR)/mediation_job.Tpo -c -o mediation_job.lo `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_job.Tpo $(DEPDIR)/mediation_job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/mediation_job.c' object='mediation_job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_job.lo `test -f 'processing/jobs/mediation_job.c' || echo '$(srcdir)/'`processing/jobs/mediation_job.c + +connect_manager.lo: sa/connect_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT connect_manager.lo -MD -MP -MF $(DEPDIR)/connect_manager.Tpo -c -o connect_manager.lo `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/connect_manager.Tpo $(DEPDIR)/connect_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/connect_manager.c' object='connect_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o connect_manager.lo `test -f 'sa/connect_manager.c' || echo '$(srcdir)/'`sa/connect_manager.c + +mediation_manager.lo: sa/mediation_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mediation_manager.lo -MD -MP -MF $(DEPDIR)/mediation_manager.Tpo -c -o mediation_manager.lo `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mediation_manager.Tpo $(DEPDIR)/mediation_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/mediation_manager.c' object='mediation_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mediation_manager.lo `test -f 'sa/mediation_manager.c' || echo '$(srcdir)/'`sa/mediation_manager.c + +ike_me.lo: sa/tasks/ike_me.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ike_me.lo -MD -MP -MF $(DEPDIR)/ike_me.Tpo -c -o ike_me.lo `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/ike_me.Tpo $(DEPDIR)/ike_me.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sa/tasks/ike_me.c' object='ike_me.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ike_me.lo `test -f 'sa/tasks/ike_me.c' || echo '$(srcdir)/'`sa/tasks/ike_me.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile $(LTLIBRARIES) +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(libdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-recursive + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-libLTLIBRARIES + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs installdirs-am \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ + uninstall-libLTLIBRARIES + + +daemon.lo : $(top_builddir)/config.status + +@MONOLITHIC_TRUE@@USE_SIMAKA_TRUE@ # otherwise this library is linked to both the eap_aka and the eap_sim plugin + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/charon/bus/bus.c b/src/libcharon/bus/bus.c index 524a77682..764744a41 100644 --- a/src/charon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -23,32 +23,6 @@ #include <threading/condvar.h> #include <threading/mutex.h> -ENUM(debug_names, DBG_DMN, DBG_LIB, - "DMN", - "MGR", - "IKE", - "CHD", - "JOB", - "CFG", - "KNL", - "NET", - "ENC", - "LIB", -); - -ENUM(debug_lower_names, DBG_DMN, DBG_LIB, - "dmn", - "mgr", - "ike", - "chd", - "job", - "cfg", - "knl", - "net", - "enc", - "lib", -); - typedef struct private_bus_t private_bus_t; /** diff --git a/src/charon/bus/bus.h b/src/libcharon/bus/bus.h index af59a14a1..8cf392eae 100644 --- a/src/charon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -15,81 +15,29 @@ /** * @defgroup bus bus - * @{ @ingroup charon + * @{ @ingroup libcharon */ #ifndef BUS_H_ #define BUS_H_ -typedef enum debug_t debug_t; -typedef enum level_t level_t; typedef enum alert_t alert_t; typedef struct bus_t bus_t; #include <stdarg.h> +#include <debug.h> #include <sa/ike_sa.h> #include <sa/child_sa.h> #include <processing/jobs/job.h> #include <bus/listeners/listener.h> -/** - * Debug message group. - */ -enum debug_t { - /** daemon main loop */ - DBG_DMN, - /** IKE_SA_MANAGER */ - DBG_MGR, - /** IKE_SA */ - DBG_IKE, - /** CHILD_SA */ - DBG_CHD, - /** job processing */ - DBG_JOB, - /** configuration backends */ - DBG_CFG, - /** kernel interface */ - DBG_KNL, - /** networking/sockets */ - DBG_NET, - /** message encoding/decoding */ - DBG_ENC, - /** libstrongswan via logging hook */ - DBG_LIB, - /** number of groups */ - DBG_MAX, - /** pseudo group with all groups */ - DBG_ANY = DBG_MAX, -}; - -/** - * short names of debug message group. - */ -extern enum_name_t *debug_names; - -/** - * short names of debug message group, lower case. - */ -extern enum_name_t *debug_lower_names; - -/** - * Debug levels used to control output verbosity. - */ -enum level_t { - /** absolutely silent */ - LEVEL_SILENT = -1, - /** most important auditing logs */ - LEVEL_AUDIT = 0, - /** control flow */ - LEVEL_CTRL = 1, - /** diagnose problems */ - LEVEL_DIAG = 2, - /** raw binary blobs */ - LEVEL_RAW = 3, - /** including sensitive data (private keys) */ - LEVEL_PRIVATE = 4, -}; +/* undefine the definitions from libstrongswan */ +#undef DBG0 +#undef DBG1 +#undef DBG2 +#undef DBG3 +#undef DBG4 #ifndef DEBUG_LEVEL # define DEBUG_LEVEL 4 diff --git a/src/charon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c index 12587deaf..12587deaf 100644 --- a/src/charon/bus/listeners/file_logger.c +++ b/src/libcharon/bus/listeners/file_logger.c diff --git a/src/charon/bus/listeners/file_logger.h b/src/libcharon/bus/listeners/file_logger.h index bd443fdb8..bd443fdb8 100644 --- a/src/charon/bus/listeners/file_logger.h +++ b/src/libcharon/bus/listeners/file_logger.h diff --git a/src/charon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h index 67e36beeb..9a51a2ef4 100644 --- a/src/charon/bus/listeners/listener.h +++ b/src/libcharon/bus/listeners/listener.h @@ -44,7 +44,7 @@ struct listener_t { * @param ike_sa IKE_SA associated to the event * @param format printf() style format string * @param args vprintf() style va_list argument list - " @return TRUE to stay registered, FALSE to unregister + * @return TRUE to stay registered, FALSE to unregister */ bool (*log)(listener_t *this, debug_t group, level_t level, int thread, ike_sa_t *ike_sa, char* format, va_list args); @@ -55,7 +55,7 @@ struct listener_t { * @param ike_sa IKE_SA associated to the alert, if any * @param alert kind of alert * @param ... alert specific argument list - " @return TRUE to stay registered, FALSE to unregister + * @return TRUE to stay registered, FALSE to unregister */ bool (*alert)(listener_t *this, ike_sa_t *ike_sa, alert_t alert, va_list args); diff --git a/src/charon/bus/listeners/sys_logger.c b/src/libcharon/bus/listeners/sys_logger.c index 11421ad05..11421ad05 100644 --- a/src/charon/bus/listeners/sys_logger.c +++ b/src/libcharon/bus/listeners/sys_logger.c diff --git a/src/charon/bus/listeners/sys_logger.h b/src/libcharon/bus/listeners/sys_logger.h index 730890d68..730890d68 100644 --- a/src/charon/bus/listeners/sys_logger.h +++ b/src/libcharon/bus/listeners/sys_logger.h diff --git a/src/charon/config/auth_cfg.c b/src/libcharon/config/auth_cfg.c index 94362c756..94362c756 100644 --- a/src/charon/config/auth_cfg.c +++ b/src/libcharon/config/auth_cfg.c diff --git a/src/charon/config/auth_cfg.h b/src/libcharon/config/auth_cfg.h index 5e6215a4a..5e6215a4a 100644 --- a/src/charon/config/auth_cfg.h +++ b/src/libcharon/config/auth_cfg.h diff --git a/src/charon/config/backend.h b/src/libcharon/config/backend.h index 458abc37f..458abc37f 100644 --- a/src/charon/config/backend.h +++ b/src/libcharon/config/backend.h diff --git a/src/charon/config/backend_manager.c b/src/libcharon/config/backend_manager.c index 90ef58563..90ef58563 100644 --- a/src/charon/config/backend_manager.c +++ b/src/libcharon/config/backend_manager.c diff --git a/src/charon/config/backend_manager.h b/src/libcharon/config/backend_manager.h index 5b394f791..5b394f791 100644 --- a/src/charon/config/backend_manager.h +++ b/src/libcharon/config/backend_manager.h diff --git a/src/charon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 8410b3fe5..8410b3fe5 100644 --- a/src/charon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c diff --git a/src/charon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index c6186ea36..c6186ea36 100644 --- a/src/charon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h diff --git a/src/charon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index 2e748f511..89dcd8022 100644 --- a/src/charon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -49,6 +49,16 @@ struct private_ike_cfg_t { char *other; /** + * our source port + */ + u_int16_t my_port; + + /** + * destination port + */ + u_int16_t other_port; + + /** * should we send a certificate request? */ bool certreq; @@ -64,71 +74,69 @@ struct private_ike_cfg_t { linked_list_t *proposals; }; -/** - * Implementation of ike_cfg_t.certreq. - */ -static bool send_certreq(private_ike_cfg_t *this) +METHOD(ike_cfg_t, send_certreq, bool, + private_ike_cfg_t *this) { return this->certreq; } -/** - * Implementation of ike_cfg_t.force_encap. - */ -static bool force_encap_meth(private_ike_cfg_t *this) +METHOD(ike_cfg_t, force_encap_, bool, + private_ike_cfg_t *this) { return this->force_encap; } -/** - * Implementation of ike_cfg_t.get_my_addr. - */ -static char *get_my_addr(private_ike_cfg_t *this) +METHOD(ike_cfg_t, get_my_addr, char*, + private_ike_cfg_t *this) { return this->me; } -/** - * Implementation of ike_cfg_t.get_other_addr. - */ -static char *get_other_addr(private_ike_cfg_t *this) +METHOD(ike_cfg_t, get_other_addr, char*, + private_ike_cfg_t *this) { return this->other; } -/** - * Implementation of ike_cfg_t.add_proposal. - */ -static void add_proposal(private_ike_cfg_t *this, proposal_t *proposal) +METHOD(ike_cfg_t, get_my_port, u_int16_t, + private_ike_cfg_t *this) +{ + return this->my_port; +} + +METHOD(ike_cfg_t, get_other_port, u_int16_t, + private_ike_cfg_t *this) +{ + return this->other_port; +} + +METHOD(ike_cfg_t, add_proposal, void, + private_ike_cfg_t *this, proposal_t *proposal) { this->proposals->insert_last(this->proposals, proposal); } -/** - * Implementation of ike_cfg_t.get_proposals. - */ -static linked_list_t* get_proposals(private_ike_cfg_t *this) +METHOD(ike_cfg_t, get_proposals, linked_list_t*, + private_ike_cfg_t *this) { - iterator_t *iterator; + enumerator_t *enumerator; proposal_t *current; - linked_list_t *proposals = linked_list_create(); + linked_list_t *proposals; - iterator = this->proposals->create_iterator(this->proposals, TRUE); - while (iterator->iterate(iterator, (void**)¤t)) + proposals = linked_list_create(); + enumerator = this->proposals->create_enumerator(this->proposals); + while (enumerator->enumerate(enumerator, ¤t)) { current = current->clone(current); - proposals->insert_last(proposals, (void*)current); + proposals->insert_last(proposals, current); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); return proposals; } -/** - * Implementation of ike_cfg_t.select_proposal. - */ -static proposal_t *select_proposal(private_ike_cfg_t *this, - linked_list_t *proposals, bool private) +METHOD(ike_cfg_t, select_proposal, proposal_t*, + private_ike_cfg_t *this, linked_list_t *proposals, bool private) { iterator_t *stored_iter, *supplied_iter; proposal_t *stored, *supplied, *selected; @@ -166,10 +174,8 @@ static proposal_t *select_proposal(private_ike_cfg_t *this, return NULL; } -/** - * Implementation of ike_cfg_t.get_dh_group. - */ -static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this) +METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t, + private_ike_cfg_t *this) { enumerator_t *enumerator; proposal_t *proposal; @@ -187,11 +193,10 @@ static diffie_hellman_group_t get_dh_group(private_ike_cfg_t *this) return dh_group; } -/** - * Implementation of ike_cfg_t.equals. - */ -static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other) +METHOD(ike_cfg_t, equals, bool, + private_ike_cfg_t *this, ike_cfg_t *other_public) { + private_ike_cfg_t *other = (private_ike_cfg_t*)other_public; enumerator_t *e1, *e2; proposal_t *p1, *p2; bool eq = TRUE; @@ -226,22 +231,20 @@ static bool equals(private_ike_cfg_t *this, private_ike_cfg_t *other) this->certreq == other->certreq && this->force_encap == other->force_encap && streq(this->me, other->me) && - streq(this->other, other->other)); + streq(this->other, other->other) && + this->my_port == other->my_port && + this->other_port == other->other_port); } -/** - * Implementation of ike_cfg_t.get_ref. - */ -static ike_cfg_t* get_ref(private_ike_cfg_t *this) +METHOD(ike_cfg_t, get_ref, ike_cfg_t*, + private_ike_cfg_t *this) { ref_get(&this->refcount); return &this->public; } -/** - * Implementation of ike_cfg_t.destroy. - */ -static void destroy(private_ike_cfg_t *this) +METHOD(ike_cfg_t, destroy, void, + private_ike_cfg_t *this) { if (ref_put(&this->refcount)) { @@ -257,30 +260,35 @@ static void destroy(private_ike_cfg_t *this) * Described in header. */ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, - char *me, char *other) + char *me, u_int16_t my_port, char *other, u_int16_t other_port) { - private_ike_cfg_t *this = malloc_thing(private_ike_cfg_t); - - /* public functions */ - this->public.send_certreq = (bool(*)(ike_cfg_t*))send_certreq; - this->public.force_encap = (bool (*) (ike_cfg_t *))force_encap_meth; - this->public.get_my_addr = (char*(*)(ike_cfg_t*))get_my_addr; - this->public.get_other_addr = (char*(*)(ike_cfg_t*))get_other_addr; - this->public.add_proposal = (void(*)(ike_cfg_t*, proposal_t*)) add_proposal; - this->public.get_proposals = (linked_list_t*(*)(ike_cfg_t*))get_proposals; - this->public.select_proposal = (proposal_t*(*)(ike_cfg_t*,linked_list_t*,bool))select_proposal; - this->public.get_dh_group = (diffie_hellman_group_t(*)(ike_cfg_t*)) get_dh_group; - this->public.equals = (bool(*)(ike_cfg_t*,ike_cfg_t*)) equals; - this->public.get_ref = (ike_cfg_t*(*)(ike_cfg_t*))get_ref; - this->public.destroy = (void(*)(ike_cfg_t*))destroy; - - /* private variables */ - this->refcount = 1; - this->certreq = certreq; - this->force_encap = force_encap; - this->me = strdup(me); - this->other = strdup(other); - this->proposals = linked_list_create(); + private_ike_cfg_t *this; + + INIT(this, + .public = { + .send_certreq = _send_certreq, + .force_encap = _force_encap_, + .get_my_addr = _get_my_addr, + .get_other_addr = _get_other_addr, + .get_my_port = _get_my_port, + .get_other_port = _get_other_port, + .add_proposal = _add_proposal, + .get_proposals = _get_proposals, + .select_proposal = _select_proposal, + .get_dh_group = _get_dh_group, + .equals = _equals, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .refcount = 1, + .certreq = certreq, + .force_encap = force_encap, + .me = strdup(me), + .other = strdup(other), + .my_port = my_port, + .other_port = other_port, + .proposals = linked_list_create(), + ); return &this->public; } diff --git a/src/charon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index eaac321b9..f1edde255 100644 --- a/src/charon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -53,6 +53,20 @@ struct ike_cfg_t { char* (*get_other_addr) (ike_cfg_t *this); /** + * Get the port to use as our source port. + * + * @return source address port, host order + */ + u_int16_t (*get_my_port)(ike_cfg_t *this); + + /** + * Get the port to use as destination port. + * + * @return destination address, host order + */ + u_int16_t (*get_other_port)(ike_cfg_t *this); + + /** * Adds a proposal to the list. * * The first added proposal has the highest priority, the last @@ -136,10 +150,12 @@ struct ike_cfg_t { * @param certreq TRUE to send a certificate request * @param force_encap enforce UDP encapsulation by faking NATD notify * @param me address/DNS name of local peer + * @param my_port IKE port to use as source, 500 uses IKEv2 port floating * @param other address/DNS name of remote peer + * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating * @return ike_cfg_t object. */ ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap, - char *me, char *other); + char *me, u_int16_t my_port, char *other, u_int16_t other_port); #endif /** IKE_CFG_H_ @}*/ diff --git a/src/charon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index 9df14c9ae..9df14c9ae 100644 --- a/src/charon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c diff --git a/src/charon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index 6855276f8..6855276f8 100644 --- a/src/charon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h diff --git a/src/charon/config/proposal.c b/src/libcharon/config/proposal.c index 6b3500b6e..e86393028 100644 --- a/src/charon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -269,6 +269,7 @@ static bool is_authenticated_encryption(u_int16_t alg) case ENCR_CAMELLIA_CCM_ICV8: case ENCR_CAMELLIA_CCM_ICV12: case ENCR_CAMELLIA_CCM_ICV16: + case ENCR_NULL_AUTH_AES_GMAC: return TRUE; } return FALSE; @@ -857,6 +858,9 @@ static void proposal_add_supported_ike(private_proposal_t *this) case ECP_256_BIT: case ECP_384_BIT: case ECP_521_BIT: + case MODP_1024_160: + case MODP_2048_224: + case MODP_2048_256: case ECP_192_BIT: case ECP_224_BIT: add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); diff --git a/src/charon/config/proposal.h b/src/libcharon/config/proposal.h index 30f63b80d..30f63b80d 100644 --- a/src/charon/config/proposal.h +++ b/src/libcharon/config/proposal.h diff --git a/src/charon/control/controller.c b/src/libcharon/control/controller.c index 94c64028c..94c64028c 100644 --- a/src/charon/control/controller.c +++ b/src/libcharon/control/controller.c diff --git a/src/charon/control/controller.h b/src/libcharon/control/controller.h index 31b69c78c..31b69c78c 100644 --- a/src/charon/control/controller.h +++ b/src/libcharon/control/controller.h diff --git a/src/charon/credentials/credential_manager.c b/src/libcharon/credentials/credential_manager.c index adea0b4be..adea0b4be 100644 --- a/src/charon/credentials/credential_manager.c +++ b/src/libcharon/credentials/credential_manager.c diff --git a/src/charon/credentials/credential_manager.h b/src/libcharon/credentials/credential_manager.h index 0448da992..0448da992 100644 --- a/src/charon/credentials/credential_manager.h +++ b/src/libcharon/credentials/credential_manager.h diff --git a/src/charon/credentials/credential_set.h b/src/libcharon/credentials/credential_set.h index 274eb3feb..274eb3feb 100644 --- a/src/charon/credentials/credential_set.h +++ b/src/libcharon/credentials/credential_set.h diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.c b/src/libcharon/credentials/sets/auth_cfg_wrapper.c index 82e33d283..82e33d283 100644 --- a/src/charon/credentials/sets/auth_cfg_wrapper.c +++ b/src/libcharon/credentials/sets/auth_cfg_wrapper.c diff --git a/src/charon/credentials/sets/auth_cfg_wrapper.h b/src/libcharon/credentials/sets/auth_cfg_wrapper.h index 7653fcdbf..7653fcdbf 100644 --- a/src/charon/credentials/sets/auth_cfg_wrapper.h +++ b/src/libcharon/credentials/sets/auth_cfg_wrapper.h diff --git a/src/charon/credentials/sets/cert_cache.c b/src/libcharon/credentials/sets/cert_cache.c index 176accce2..176accce2 100644 --- a/src/charon/credentials/sets/cert_cache.c +++ b/src/libcharon/credentials/sets/cert_cache.c diff --git a/src/charon/credentials/sets/cert_cache.h b/src/libcharon/credentials/sets/cert_cache.h index d2721866e..d2721866e 100644 --- a/src/charon/credentials/sets/cert_cache.h +++ b/src/libcharon/credentials/sets/cert_cache.h diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.c b/src/libcharon/credentials/sets/ocsp_response_wrapper.c index 82079209a..82079209a 100644 --- a/src/charon/credentials/sets/ocsp_response_wrapper.c +++ b/src/libcharon/credentials/sets/ocsp_response_wrapper.c diff --git a/src/charon/credentials/sets/ocsp_response_wrapper.h b/src/libcharon/credentials/sets/ocsp_response_wrapper.h index dc4b451df..dc4b451df 100644 --- a/src/charon/credentials/sets/ocsp_response_wrapper.h +++ b/src/libcharon/credentials/sets/ocsp_response_wrapper.h diff --git a/src/charon/daemon.c b/src/libcharon/daemon.c index e71225fd1..11c94beb9 100644 --- a/src/charon/daemon.c +++ b/src/libcharon/daemon.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2009 Tobias Brunner + * Copyright (C) 2006-2010 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -17,22 +17,10 @@ */ #include <stdio.h> -#ifdef HAVE_PRCTL -#include <sys/prctl.h> -#endif -#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */ -#include <signal.h> -#undef _POSIX_PTHREAD_SEMANTICS -#include <pthread.h> -#include <sys/stat.h> #include <sys/types.h> #include <unistd.h> #include <time.h> -#include <string.h> -#include <getopt.h> #include <errno.h> -#include <pwd.h> -#include <grp.h> #ifdef CAPABILITIES #include <sys/capability.h> #endif /* CAPABILITIES */ @@ -40,8 +28,6 @@ #include "daemon.h" #include <library.h> -#include <utils/backtrace.h> -#include <threading/thread.h> #include <selectors/traffic_selector.h> #include <config/proposal.h> @@ -60,16 +46,6 @@ struct private_daemon_t { */ daemon_t public; - /** - * Signal set used for signal handling. - */ - sigset_t signal_set; - - /** - * Reference to main thread. - */ - thread_t *main_thread; - #ifdef CAPABILITIES /** * capabilities to keep @@ -86,88 +62,23 @@ daemon_t *charon; /** * hook in library for debugging messages */ -extern void (*dbg) (int level, char *fmt, ...); +extern void (*dbg) (debug_t group, level_t level, char *fmt, ...); /** - * Logging hook for library logs, spreads debug message over bus + * we store the previous debug function so we can reset it */ -static void dbg_bus(int level, char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - charon->bus->vlog(charon->bus, DBG_LIB, level, fmt, args); - va_end(args); -} +static void (*dbg_old) (debug_t group, level_t level, char *fmt, ...); /** - * Logging hook for library logs, using stderr output + * Logging hook for library logs, spreads debug message over bus */ -static void dbg_stderr(int level, char *fmt, ...) +static void dbg_bus(debug_t group, level_t level, char *fmt, ...) { va_list args; - if (level <= 1) - { - va_start(args, fmt); - fprintf(stderr, "00[LIB] "); - vfprintf(stderr, fmt, args); - fprintf(stderr, "\n"); - va_end(args); - } -} - -/** - * Run the daemon and handle unix signals - */ -static void run(private_daemon_t *this) -{ - sigset_t set; - - /* handle SIGINT, SIGHUP ans SIGTERM in this handler */ - sigemptyset(&set); - sigaddset(&set, SIGINT); - sigaddset(&set, SIGHUP); - sigaddset(&set, SIGTERM); - sigprocmask(SIG_BLOCK, &set, NULL); - - while (TRUE) - { - int sig; - int error; - - error = sigwait(&set, &sig); - if (error) - { - DBG1(DBG_DMN, "error %d while waiting for a signal", error); - return; - } - switch (sig) - { - case SIGHUP: - { - DBG1(DBG_DMN, "signal of type SIGHUP received. Ignored"); - break; - } - case SIGINT: - { - DBG1(DBG_DMN, "signal of type SIGINT received. Shutting down"); - charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig); - return; - } - case SIGTERM: - { - DBG1(DBG_DMN, "signal of type SIGTERM received. Shutting down"); - charon->bus->alert(charon->bus, ALERT_SHUTDOWN_SIGNAL, sig); - return; - } - default: - { - DBG1(DBG_DMN, "unknown signal %d received. Ignored", sig); - break; - } - } - } + va_start(args, fmt); + charon->bus->vlog(charon->bus, group, level, fmt, args); + va_end(args); } /** @@ -185,6 +96,7 @@ static void destroy(private_daemon_t *this) { this->public.ike_sa_manager->flush(this->public.ike_sa_manager); } + DESTROY_IF(this->public.receiver); /* unload plugins to release threads */ lib->plugins->unload(lib->plugins); #ifdef CAPABILITIES @@ -204,13 +116,12 @@ static void destroy(private_daemon_t *this) DESTROY_IF(this->public.backends); DESTROY_IF(this->public.credentials); DESTROY_IF(this->public.sender); - DESTROY_IF(this->public.receiver); DESTROY_IF(this->public.socket); /* wait until all threads are gone */ DESTROY_IF(this->public.processor); /* rehook library logging, shutdown logging */ - dbg = dbg_stderr; + dbg = dbg_old; DESTROY_IF(this->public.bus); this->public.file_loggers->destroy_offset(this->public.file_loggers, offsetof(file_logger_t, destroy)); @@ -219,65 +130,8 @@ static void destroy(private_daemon_t *this) free(this); } -/** - * Enforce daemon shutdown, with a given reason to do so. - */ -static void kill_daemon(private_daemon_t *this, char *reason) -{ - /* we send SIGTERM, so the daemon can cleanly shut down */ - if (this->public.bus) - { - DBG1(DBG_DMN, "killing daemon: %s", reason); - } - else - { - fprintf(stderr, "killing daemon: %s\n", reason); - } - if (this->main_thread == thread_current()) - { - /* initialization failed, terminate daemon */ - unlink(PID_FILE); - exit(-1); - } - else - { - DBG1(DBG_DMN, "sending SIGTERM to ourself"); - this->main_thread->kill(this->main_thread, SIGTERM); - /* thread must die, since he produced a ciritcal failure and can't continue */ - thread_exit(NULL); - } -} - -/** - * drop daemon capabilities - */ -static void drop_capabilities(private_daemon_t *this) -{ -#ifdef HAVE_PRCTL - prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); -#endif - - if (setgid(charon->gid) != 0) - { - kill_daemon(this, "change to unprivileged group failed"); - } - if (setuid(charon->uid) != 0) - { - kill_daemon(this, "change to unprivileged user failed"); - } - -#ifdef CAPABILITIES - if (cap_set_proc(this->caps) != 0) - { - kill_daemon(this, "unable to drop daemon capabilities"); - } -#endif /* CAPABILITIES */ -} - -/** - * Implementation of daemon_t.keep_cap - */ -static void keep_cap(private_daemon_t *this, u_int cap) +METHOD(daemon_t, keep_cap, void, + private_daemon_t *this, u_int cap) { #ifdef CAPABILITIES cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET); @@ -286,37 +140,25 @@ static void keep_cap(private_daemon_t *this, u_int cap) #endif /* CAPABILITIES */ } -/** - * lookup UID and GID - */ -static void lookup_uid_gid(private_daemon_t *this) +METHOD(daemon_t, drop_capabilities, bool, + private_daemon_t *this) { -#ifdef IPSEC_USER +#ifdef CAPABILITIES + if (cap_set_proc(this->caps) != 0) { - char buf[1024]; - struct passwd passwd, *pwp; - - if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 || - pwp == NULL) - { - kill_daemon(this, "resolving user '"IPSEC_USER"' failed"); - } - charon->uid = pwp->pw_uid; + return FALSE; } -#endif -#ifdef IPSEC_GROUP - { - char buf[1024]; - struct group group, *grp; +#endif /* CAPABILITIES */ + return TRUE; +} - if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 || - grp == NULL) - { - kill_daemon(this, "resolving group '"IPSEC_GROUP"' failed"); - } - charon->gid = grp->gr_gid; - } -#endif +METHOD(daemon_t, start, void, + private_daemon_t *this) +{ + /* start the engine, go multithreaded */ + charon->processor->set_threads(charon->processor, + lib->settings->get_int(lib->settings, "charon.threads", + DEFAULT_THREADS)); } /** @@ -461,10 +303,8 @@ static void initialize_loggers(private_daemon_t *this, bool use_stderr, } } -/** - * Initialize the daemon - */ -static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) +METHOD(daemon_t, initialize, bool, + private_daemon_t *this, bool syslog, level_t levels[]) { /* for uncritical pseudo random numbers */ srandom(time(NULL) + getpid()); @@ -472,6 +312,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) /* setup bus and it's listeners first to enable log output */ this->public.bus = bus_create(); /* set up hook to log dbg message in library via charons message bus */ + dbg_old = dbg; dbg = dbg_bus; initialize_loggers(this, !syslog, levels); @@ -482,6 +323,8 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) { DBG1(DBG_DMN, "integrity tests enabled:"); DBG1(DBG_DMN, "lib 'libstrongswan': passed file and segment integrity tests"); + DBG1(DBG_DMN, "lib 'libhydra': passed file and segment integrity tests"); + DBG1(DBG_DMN, "lib 'libcharon': passed file and segment integrity tests"); DBG1(DBG_DMN, "daemon 'charon': passed file integrity test"); } @@ -494,7 +337,7 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) this->public.sim = sim_manager_create(); this->public.backends = backend_manager_create(); this->public.kernel_interface = kernel_interface_create(); - this->public.socket = socket_create(); + this->public.socket = socket_manager_create(); this->public.traps = trap_manager_create(); /* load plugins, further infrastructure may need it */ @@ -531,58 +374,23 @@ static bool initialize(private_daemon_t *this, bool syslog, level_t levels[]) } /** - * Handle SIGSEGV/SIGILL signals raised by threads - */ -static void segv_handler(int signal) -{ - backtrace_t *backtrace; - - DBG1(DBG_DMN, "thread %u received %d", thread_current_id(), signal); - backtrace = backtrace_create(2); - backtrace->log(backtrace, stderr); - backtrace->destroy(backtrace); - - DBG1(DBG_DMN, "killing ourself, received critical signal"); - abort(); -} - -/** * Create the daemon. */ -private_daemon_t *daemon_create(void) +private_daemon_t *daemon_create() { - struct sigaction action; - private_daemon_t *this = malloc_thing(private_daemon_t); - - /* assign methods */ - this->public.kill = (void (*) (daemon_t*,char*))kill_daemon; - this->public.keep_cap = (void(*)(daemon_t*, u_int cap))keep_cap; - - /* NULL members for clean destruction */ - this->public.socket = NULL; - this->public.ike_sa_manager = NULL; - this->public.traps = NULL; - this->public.credentials = NULL; - this->public.backends = NULL; - this->public.sender= NULL; - this->public.receiver = NULL; - this->public.scheduler = NULL; - this->public.kernel_interface = NULL; - this->public.processor = NULL; - this->public.controller = NULL; - this->public.eap = NULL; - this->public.sim = NULL; - this->public.bus = NULL; - this->public.file_loggers = linked_list_create(); - this->public.sys_loggers = linked_list_create(); -#ifdef ME - this->public.connect_manager = NULL; - this->public.mediation_manager = NULL; -#endif /* ME */ - this->public.uid = 0; - this->public.gid = 0; + private_daemon_t *this; + + INIT(this, + .public = { + .keep_cap = _keep_cap, + .drop_capabilities = _drop_capabilities, + .initialize = _initialize, + .start = _start, + .file_loggers = linked_list_create(), + .sys_loggers = linked_list_create(), + }, + ); - this->main_thread = thread_current(); #ifdef CAPABILITIES this->caps = cap_init(); keep_cap(this, CAP_NET_ADMIN); @@ -592,116 +400,28 @@ private_daemon_t *daemon_create(void) } #endif /* CAPABILITIES */ - /* add handler for SEGV and ILL, - * INT, TERM and HUP are handled by sigwait() in run() */ - action.sa_handler = segv_handler; - action.sa_flags = 0; - sigemptyset(&action.sa_mask); - sigaddset(&action.sa_mask, SIGINT); - sigaddset(&action.sa_mask, SIGTERM); - sigaddset(&action.sa_mask, SIGHUP); - sigaction(SIGSEGV, &action, NULL); - sigaction(SIGILL, &action, NULL); - sigaction(SIGBUS, &action, NULL); - action.sa_handler = SIG_IGN; - sigaction(SIGPIPE, &action, NULL); - - pthread_sigmask(SIG_SETMASK, &action.sa_mask, NULL); - return this; } /** - * Check/create PID file, return TRUE if already running + * Described in header. */ -static bool check_pidfile() +void libcharon_deinit() { - struct stat stb; - FILE *file; - - if (stat(PID_FILE, &stb) == 0) - { - file = fopen(PID_FILE, "r"); - if (file) - { - char buf[64]; - pid_t pid = 0; - - memset(buf, 0, sizeof(buf)); - if (fread(buf, 1, sizeof(buf), file)) - { - pid = atoi(buf); - } - fclose(file); - if (pid && kill(pid, 0) == 0) - { /* such a process is running */ - return TRUE; - } - } - DBG1(DBG_DMN, "removing pidfile '"PID_FILE"', process not running"); - unlink(PID_FILE); - } - /* create new pidfile */ - file = fopen(PID_FILE, "w"); - if (file) - { - fprintf(file, "%d\n", getpid()); - ignore_result(fchown(fileno(file), charon->uid, charon->gid)); - fclose(file); - } - return FALSE; + destroy((private_daemon_t*)charon); + charon = NULL; } /** - * print command line usage and exit + * Described in header. */ -static void usage(const char *msg) +bool libcharon_init() { - if (msg != NULL && *msg != '\0') - { - fprintf(stderr, "%s\n", msg); - } - fprintf(stderr, "Usage: charon\n" - " [--help]\n" - " [--version]\n" - " [--use-syslog]\n" - " [--debug-<type> <level>]\n" - " <type>: log context type (dmn|mgr|ike|chd|job|cfg|knl|net|enc|lib)\n" - " <level>: log verbosity (-1 = silent, 0 = audit, 1 = control,\n" - " 2 = controlmore, 3 = raw, 4 = private)\n" - "\n" - ); - exit(msg == NULL? 0 : 1); -} - -/** - * Main function, manages the daemon. - */ -int main(int argc, char *argv[]) -{ - bool use_syslog = FALSE; - private_daemon_t *private_charon; - level_t levels[DBG_MAX]; - int group; - - /* logging for library during initialization, as we have no bus yet */ - dbg = dbg_stderr; - - /* initialize library */ - if (!library_init(NULL)) - { - library_deinit(); - exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); - } + private_daemon_t *this; - if (lib->integrity && - !lib->integrity->check_file(lib->integrity, "charon", argv[0])) - { - dbg_stderr(1, "integrity check of charon failed"); - library_deinit(); - exit(SS_RC_DAEMON_INTEGRITY); - } + this = daemon_create(); + charon = &this->public; lib->printf_hook->add_handler(lib->printf_hook, 'R', traffic_selector_printf_hook, @@ -711,97 +431,13 @@ int main(int argc, char *argv[]) proposal_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END); - private_charon = daemon_create(); - charon = (daemon_t*)private_charon; - - lookup_uid_gid(private_charon); - - /* use CTRL loglevel for default */ - for (group = 0; group < DBG_MAX; group++) - { - levels[group] = LEVEL_CTRL; - } - - /* handle arguments */ - for (;;) - { - struct option long_opts[] = { - { "help", no_argument, NULL, 'h' }, - { "version", no_argument, NULL, 'v' }, - { "use-syslog", no_argument, NULL, 'l' }, - /* TODO: handle "debug-all" */ - { "debug-dmn", required_argument, &group, DBG_DMN }, - { "debug-mgr", required_argument, &group, DBG_MGR }, - { "debug-ike", required_argument, &group, DBG_IKE }, - { "debug-chd", required_argument, &group, DBG_CHD }, - { "debug-job", required_argument, &group, DBG_JOB }, - { "debug-cfg", required_argument, &group, DBG_CFG }, - { "debug-knl", required_argument, &group, DBG_KNL }, - { "debug-net", required_argument, &group, DBG_NET }, - { "debug-enc", required_argument, &group, DBG_ENC }, - { "debug-lib", required_argument, &group, DBG_LIB }, - { 0,0,0,0 } - }; - - int c = getopt_long(argc, argv, "", long_opts, NULL); - switch (c) - { - case EOF: - break; - case 'h': - usage(NULL); - break; - case 'v': - printf("Linux strongSwan %s\n", VERSION); - exit(0); - case 'l': - use_syslog = TRUE; - continue; - case 0: - /* option is in group */ - levels[group] = atoi(optarg); - continue; - default: - usage(""); - break; - } - break; - } - - /* initialize daemon */ - if (!initialize(private_charon, use_syslog, levels)) - { - DBG1(DBG_DMN, "initialization failed - aborting charon"); - destroy(private_charon); - library_deinit(); - exit(SS_RC_INITIALIZATION_FAILED); - } - if (check_pidfile()) + if (lib->integrity && + !lib->integrity->check(lib->integrity, "libcharon", libcharon_init)) { - DBG1(DBG_DMN, "charon already running (\""PID_FILE"\" exists)"); - destroy(private_charon); - library_deinit(); - exit(-1); + dbg(DBG_DMN, 1, "integrity check of libcharon failed"); + return FALSE; } - /* drop the capabilities we won't need */ - drop_capabilities(private_charon); - - /* start the engine, go multithreaded */ - charon->processor->set_threads(charon->processor, - lib->settings->get_int(lib->settings, "charon.threads", - DEFAULT_THREADS)); - - /* run daemon */ - run(private_charon); - - /* normal termination, cleanup and exit */ - destroy(private_charon); - unlink(PID_FILE); - - library_deinit(); - - return 0; + return TRUE; } - diff --git a/src/charon/daemon.h b/src/libcharon/daemon.h index cb5946d5d..9b6d97060 100644 --- a/src/charon/daemon.h +++ b/src/libcharon/daemon.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2007 Tobias Brunner + * Copyright (C) 2006-2010 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -17,52 +17,49 @@ */ /** - * @defgroup charon charon + * @defgroup libcharon libcharon * * @defgroup bus bus - * @ingroup charon + * @ingroup libcharon * * @defgroup listeners listeners * @ingroup bus * * @defgroup config config - * @ingroup charon - * - * @defgroup attributes attributes - * @ingroup config + * @ingroup libcharon * * @defgroup control control - * @ingroup charon + * @ingroup libcharon * * @defgroup ccredentials credentials - * @ingroup charon + * @ingroup libcharon * * @defgroup sets sets * @ingroup ccredentials * * @defgroup encoding encoding - * @ingroup charon + * @ingroup libcharon * * @defgroup payloads payloads * @ingroup encoding * * @defgroup kernel kernel - * @ingroup charon + * @ingroup libcharon * * @defgroup network network - * @ingroup charon + * @ingroup libcharon * * @defgroup cplugins plugins - * @ingroup charon + * @ingroup libcharon * * @defgroup processing processing - * @ingroup charon + * @ingroup libcharon * * @defgroup jobs jobs * @ingroup processing * * @defgroup sa sa - * @ingroup charon + * @ingroup libcharon * * @defgroup authenticators authenticators * @ingroup sa @@ -73,7 +70,7 @@ * @defgroup tasks tasks * @ingroup sa * - * @addtogroup charon + * @addtogroup libcharon * @{ * * IKEv2 keying daemon. @@ -148,7 +145,7 @@ typedef struct daemon_t daemon_t; #include <network/sender.h> #include <network/receiver.h> -#include <network/socket.h> +#include <network/socket_manager.h> #include <processing/scheduler.h> #include <processing/processor.h> #include <kernel/kernel_interface.h> @@ -169,11 +166,6 @@ typedef struct daemon_t daemon_t; #endif /* ME */ /** - * Name of the daemon. - */ -#define DAEMON_NAME "charon" - -/** * Number of threads in the thread pool, if not specified in config. */ #define DEFAULT_THREADS 16 @@ -189,20 +181,14 @@ typedef struct daemon_t daemon_t; #define IKEV2_NATT_PORT 4500 /** - * PID file, in which charon stores its process id - */ -#define PID_FILE IPSEC_PIDDIR "/charon.pid" - - -/** * Main class of daemon, contains some globals. */ struct daemon_t { /** - * A socket_t instance. + * Socket manager instance */ - socket_t *socket; + socket_manager_t *socket; /** * A ike_sa_manager_t instance. @@ -311,16 +297,45 @@ struct daemon_t { void (*keep_cap)(daemon_t *this, u_int cap); /** - * Shut down the daemon. + * Drop all capabilities of the current process. + * + * Drops all capabalities, excect those exlcuded using keep_cap(). + * This should be called after the initialization of the daemon because + * some plugins require the process to keep additional capabilities. * - * @param reason describtion why it will be killed + * @return TRUE if successful, FALSE otherwise + */ + bool (*drop_capabilities)(daemon_t *this); + + /** + * Initialize the daemon. */ - void (*kill) (daemon_t *this, char *reason); + bool (*initialize)(daemon_t *this, bool syslog, level_t levels[]); + + /** + * Starts the daemon, i.e. spawns the threads of the thread pool. + */ + void (*start)(daemon_t *this); + }; /** * The one and only instance of the daemon. + * + * Set between libcharon_init() and libcharon_deinit() calls. */ extern daemon_t *charon; +/** + * Initialize libcharon and create the "charon" instance of daemon_t. + * + * @return FALSE if integrity check failed + */ +bool libcharon_init(); + +/** + * Deinitialize libcharon and destroy the "charon" instance of daemon_t. + */ +void libcharon_deinit(); + #endif /** DAEMON_H_ @}*/ diff --git a/src/charon/encoding/generator.c b/src/libcharon/encoding/generator.c index 6485da492..6485da492 100644 --- a/src/charon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c diff --git a/src/charon/encoding/generator.h b/src/libcharon/encoding/generator.h index 2221c84af..2221c84af 100644 --- a/src/charon/encoding/generator.h +++ b/src/libcharon/encoding/generator.h diff --git a/src/charon/encoding/message.c b/src/libcharon/encoding/message.c index 397a3c609..acfc0fd44 100644 --- a/src/charon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -1539,22 +1539,19 @@ static status_t verify(private_message_t *this) } } } + enumerator->destroy(enumerator); if (found_payloads < rule->min_occurence) { DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)", payload_type_names, rule->payload_type, rule->min_occurence, found_payloads); - enumerator->destroy(enumerator); return VERIFY_ERROR; } - if (rule->sufficient && - this->payloads->get_count(this->payloads) == total_found_payloads) + if (rule->sufficient) { - enumerator->destroy(enumerator); return SUCCESS; } - enumerator->destroy(enumerator); } return SUCCESS; } diff --git a/src/charon/encoding/message.h b/src/libcharon/encoding/message.h index 2c7718f49..2c7718f49 100644 --- a/src/charon/encoding/message.h +++ b/src/libcharon/encoding/message.h diff --git a/src/charon/encoding/parser.c b/src/libcharon/encoding/parser.c index 9aa34b1bc..9aa34b1bc 100644 --- a/src/charon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c diff --git a/src/charon/encoding/parser.h b/src/libcharon/encoding/parser.h index 27c5f03fe..27c5f03fe 100644 --- a/src/charon/encoding/parser.h +++ b/src/libcharon/encoding/parser.h diff --git a/src/charon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c index d31208abb..d31208abb 100644 --- a/src/charon/encoding/payloads/auth_payload.c +++ b/src/libcharon/encoding/payloads/auth_payload.c diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/libcharon/encoding/payloads/auth_payload.h index 37ee149db..37ee149db 100644 --- a/src/charon/encoding/payloads/auth_payload.h +++ b/src/libcharon/encoding/payloads/auth_payload.h diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index 6dd3141f0..6dd3141f0 100644 --- a/src/charon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/libcharon/encoding/payloads/cert_payload.h index aa1c7bf5a..aa1c7bf5a 100644 --- a/src/charon/encoding/payloads/cert_payload.h +++ b/src/libcharon/encoding/payloads/cert_payload.h diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 9ff0bdde0..9ff0bdde0 100644 --- a/src/charon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/libcharon/encoding/payloads/certreq_payload.h index 914063628..914063628 100644 --- a/src/charon/encoding/payloads/certreq_payload.h +++ b/src/libcharon/encoding/payloads/certreq_payload.h diff --git a/src/charon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 9094fd44d..9094fd44d 100644 --- a/src/charon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h index 6e4b018bb..6e4b018bb 100644 --- a/src/charon/encoding/payloads/configuration_attribute.h +++ b/src/libcharon/encoding/payloads/configuration_attribute.h diff --git a/src/charon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index f0a26eee2..f0a26eee2 100644 --- a/src/charon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index c0760885a..7dcf58f7e 100644 --- a/src/charon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -100,8 +100,8 @@ cp_payload_t *cp_payload_create(); /** * Creates an cp_payload_t with type and value * - * @param type type of configuration payload to create - * @return created configuration payload + * @param config_type type of configuration payload to create + * @return created configuration payload */ cp_payload_t *cp_payload_create_type(config_type_t config_type); diff --git a/src/charon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index 97b4743b2..97b4743b2 100644 --- a/src/charon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h index 3b62c1af1..3b62c1af1 100644 --- a/src/charon/encoding/payloads/delete_payload.h +++ b/src/libcharon/encoding/payloads/delete_payload.h diff --git a/src/charon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index 21f34a642..21f34a642 100644 --- a/src/charon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h index 0bde4b15e..0bde4b15e 100644 --- a/src/charon/encoding/payloads/eap_payload.h +++ b/src/libcharon/encoding/payloads/eap_payload.h diff --git a/src/charon/encoding/payloads/encodings.c b/src/libcharon/encoding/payloads/encodings.c index 85caeda82..85caeda82 100644 --- a/src/charon/encoding/payloads/encodings.c +++ b/src/libcharon/encoding/payloads/encodings.c diff --git a/src/charon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h index 52af4a984..52af4a984 100644 --- a/src/charon/encoding/payloads/encodings.h +++ b/src/libcharon/encoding/payloads/encodings.h diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c index 389ab09d7..2adbb88b9 100644 --- a/src/charon/encoding/payloads/encryption_payload.c +++ b/src/libcharon/encoding/payloads/encryption_payload.c @@ -95,19 +95,19 @@ struct private_encryption_payload_t { */ encoding_rule_t encryption_payload_encodings[] = { /* 1 Byte next payload type, stored in the field next_payload */ - { U_INT_8, offsetof(private_encryption_payload_t, next_payload) }, + { U_INT_8, offsetof(private_encryption_payload_t, next_payload) }, /* the critical bit */ - { FLAG, offsetof(private_encryption_payload_t, critical) }, + { FLAG, offsetof(private_encryption_payload_t, critical) }, /* 7 Bit reserved bits, nowhere stored */ - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, - { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, + { RESERVED_BIT, 0 }, /* Length of the whole encryption payload*/ - { PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) }, + { PAYLOAD_LENGTH, offsetof(private_encryption_payload_t, payload_length) }, /* encrypted data, stored in a chunk. contains iv, data, padding */ { ENCRYPTED_DATA, offsetof(private_encryption_payload_t, encrypted) }, }; @@ -480,15 +480,15 @@ static status_t decrypt(private_encryption_payload_t *this) /* add one byte to the padding length, since the padding_length field is * not included */ padding_length++; - this->decrypted.len -= padding_length; /* check size again */ - if (padding_length > concatenated.len || this->decrypted.len < 0) + if (padding_length > concatenated.len || padding_length > this->decrypted.len) { DBG1(DBG_ENC, "decryption failed, invalid padding length found. Invalid key?"); /* decryption failed :-/ */ return FAILED; } + this->decrypted.len -= padding_length; /* free padding */ this->decrypted.ptr = realloc(this->decrypted.ptr, this->decrypted.len); diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/libcharon/encoding/payloads/encryption_payload.h index ac5326b87..ac5326b87 100644 --- a/src/charon/encoding/payloads/encryption_payload.h +++ b/src/libcharon/encoding/payloads/encryption_payload.h diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c index faec1ea71..faec1ea71 100644 --- a/src/charon/encoding/payloads/endpoint_notify.c +++ b/src/libcharon/encoding/payloads/endpoint_notify.c diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h index 120eef49a..120eef49a 100644 --- a/src/charon/encoding/payloads/endpoint_notify.h +++ b/src/libcharon/encoding/payloads/endpoint_notify.h diff --git a/src/charon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index 4158c3e07..4158c3e07 100644 --- a/src/charon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c diff --git a/src/charon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h index 5502dc961..5502dc961 100644 --- a/src/charon/encoding/payloads/id_payload.h +++ b/src/libcharon/encoding/payloads/id_payload.h diff --git a/src/charon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index 735f01304..735f01304 100644 --- a/src/charon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c diff --git a/src/charon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h index e63e8bf06..e63e8bf06 100644 --- a/src/charon/encoding/payloads/ike_header.h +++ b/src/libcharon/encoding/payloads/ike_header.h diff --git a/src/charon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 1bc79f084..1bc79f084 100644 --- a/src/charon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/libcharon/encoding/payloads/ke_payload.h index 3ca05009e..3ca05009e 100644 --- a/src/charon/encoding/payloads/ke_payload.h +++ b/src/libcharon/encoding/payloads/ke_payload.h diff --git a/src/charon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c index 4ad5ce9dd..4ad5ce9dd 100644 --- a/src/charon/encoding/payloads/nonce_payload.c +++ b/src/libcharon/encoding/payloads/nonce_payload.c diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/libcharon/encoding/payloads/nonce_payload.h index e9212202e..e9212202e 100644 --- a/src/charon/encoding/payloads/nonce_payload.h +++ b/src/libcharon/encoding/payloads/nonce_payload.h diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index 469698ef5..469698ef5 100644 --- a/src/charon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 0e1bc23b8..0e1bc23b8 100644 --- a/src/charon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h diff --git a/src/charon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index 1cee6d2aa..1cee6d2aa 100644 --- a/src/charon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c diff --git a/src/charon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 2e783cb30..2e783cb30 100644 --- a/src/charon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index c93f73a68..c93f73a68 100644 --- a/src/charon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index 4934802af..4934802af 100644 --- a/src/charon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index 187a8fee0..187a8fee0 100644 --- a/src/charon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index 25f5a2407..25f5a2407 100644 --- a/src/charon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index f24857591..f24857591 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h index 0109fd7f5..0109fd7f5 100644 --- a/src/charon/encoding/payloads/traffic_selector_substructure.h +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h diff --git a/src/charon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 8bf2ddef4..8bf2ddef4 100644 --- a/src/charon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h index a5fe0154b..a5fe0154b 100644 --- a/src/charon/encoding/payloads/transform_attribute.h +++ b/src/libcharon/encoding/payloads/transform_attribute.h diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index c94f6c1a2..c94f6c1a2 100644 --- a/src/charon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index 5d31f8c0a..5d31f8c0a 100644 --- a/src/charon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h diff --git a/src/charon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index 6bf3e4293..6bf3e4293 100644 --- a/src/charon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/libcharon/encoding/payloads/ts_payload.h index d322ff1a8..d322ff1a8 100644 --- a/src/charon/encoding/payloads/ts_payload.h +++ b/src/libcharon/encoding/payloads/ts_payload.h diff --git a/src/charon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c index dd5547dc3..dd5547dc3 100644 --- a/src/charon/encoding/payloads/unknown_payload.c +++ b/src/libcharon/encoding/payloads/unknown_payload.c diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/libcharon/encoding/payloads/unknown_payload.h index c761ed2b6..c761ed2b6 100644 --- a/src/charon/encoding/payloads/unknown_payload.h +++ b/src/libcharon/encoding/payloads/unknown_payload.h diff --git a/src/charon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c index bf33d2418..bf33d2418 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.c +++ b/src/libcharon/encoding/payloads/vendor_id_payload.c diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/libcharon/encoding/payloads/vendor_id_payload.h index 241535cac..241535cac 100644 --- a/src/charon/encoding/payloads/vendor_id_payload.h +++ b/src/libcharon/encoding/payloads/vendor_id_payload.h diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c new file mode 100644 index 000000000..64a43a7fc --- /dev/null +++ b/src/libcharon/kernel/kernel_interface.c @@ -0,0 +1,386 @@ +/* + * Copyright (C) 2008-2009 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "kernel_interface.h" + +#include <daemon.h> + +typedef struct private_kernel_interface_t private_kernel_interface_t; + +/** + * Private data of a kernel_interface_t object. + */ +struct private_kernel_interface_t { + + /** + * Public part of kernel_interface_t object. + */ + kernel_interface_t public; + + /** + * ipsec interface + */ + kernel_ipsec_t *ipsec; + + /** + * network interface + */ + kernel_net_t *net; +}; + +METHOD(kernel_interface_t, get_spi, status_t, + private_kernel_interface_t *this, host_t *src, host_t *dst, + protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->get_spi(this->ipsec, src, dst, protocol, reqid, spi); +} + +METHOD(kernel_interface_t, get_cpi, status_t, + private_kernel_interface_t *this, host_t *src, host_t *dst, + u_int32_t reqid, u_int16_t *cpi) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->get_cpi(this->ipsec, src, dst, reqid, cpi); +} + +METHOD(kernel_interface_t, add_sa, status_t, + private_kernel_interface_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, + u_int16_t cpi, bool encap, bool inbound, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, + lifetime, enc_alg, enc_key, int_alg, int_key, mode, ipcomp, cpi, + encap, inbound, src_ts, dst_ts); +} + +METHOD(kernel_interface_t, update_sa, status_t, + private_kernel_interface_t *this, u_int32_t spi, protocol_id_t protocol, + u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, + bool encap, bool new_encap) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst, + new_src, new_dst, encap, new_encap); +} + +METHOD(kernel_interface_t, query_sa, status_t, + private_kernel_interface_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, bytes); +} + +METHOD(kernel_interface_t, del_sa, status_t, + private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, + protocol_id_t protocol, u_int16_t cpi) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi); +} + +METHOD(kernel_interface_t, add_policy, status_t, + private_kernel_interface_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, + u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, + bool routed) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts, + direction, spi, protocol, reqid, mode, ipcomp, cpi, routed); +} + +METHOD(kernel_interface_t, query_policy, status_t, + private_kernel_interface_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts, + direction, use_time); +} + +METHOD(kernel_interface_t, del_policy, status_t, + private_kernel_interface_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) +{ + if (!this->ipsec) + { + return NOT_SUPPORTED; + } + return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts, + direction, unrouted); +} + +METHOD(kernel_interface_t, get_source_addr, host_t*, + private_kernel_interface_t *this, host_t *dest, host_t *src) +{ + if (!this->net) + { + return NULL; + } + return this->net->get_source_addr(this->net, dest, src); +} + +METHOD(kernel_interface_t, get_nexthop, host_t*, + private_kernel_interface_t *this, host_t *dest) +{ + if (!this->net) + { + return NULL; + } + return this->net->get_nexthop(this->net, dest); +} + +METHOD(kernel_interface_t, get_interface, char*, + private_kernel_interface_t *this, host_t *host) +{ + if (!this->net) + { + return NULL; + } + return this->net->get_interface(this->net, host); +} + +METHOD(kernel_interface_t, create_address_enumerator, enumerator_t*, + private_kernel_interface_t *this, bool include_down_ifaces, + bool include_virtual_ips) +{ + if (!this->net) + { + return enumerator_create_empty(); + } + return this->net->create_address_enumerator(this->net, include_down_ifaces, + include_virtual_ips); +} + +METHOD(kernel_interface_t, add_ip, status_t, + private_kernel_interface_t *this, host_t *virtual_ip, host_t *iface_ip) +{ + if (!this->net) + { + return NOT_SUPPORTED; + } + return this->net->add_ip(this->net, virtual_ip, iface_ip); +} + +METHOD(kernel_interface_t, del_ip, status_t, + private_kernel_interface_t *this, host_t *virtual_ip) +{ + if (!this->net) + { + return NOT_SUPPORTED; + } + return this->net->del_ip(this->net, virtual_ip); +} + +METHOD(kernel_interface_t, add_route, status_t, + private_kernel_interface_t *this, chunk_t dst_net, + u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) +{ + if (!this->net) + { + return NOT_SUPPORTED; + } + return this->net->add_route(this->net, dst_net, prefixlen, gateway, + src_ip, if_name); +} + +METHOD(kernel_interface_t, del_route, status_t, + private_kernel_interface_t *this, chunk_t dst_net, + u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) +{ + if (!this->net) + { + return NOT_SUPPORTED; + } + return this->net->del_route(this->net, dst_net, prefixlen, gateway, + src_ip, if_name); +} + +METHOD(kernel_interface_t, bypass_socket, bool, + private_kernel_interface_t *this, int fd, int family) +{ + if (!this->ipsec) + { + return FALSE; + } + return this->ipsec->bypass_socket(this->ipsec, fd, family); +} + +METHOD(kernel_interface_t, get_address_by_ts, status_t, + private_kernel_interface_t *this, traffic_selector_t *ts, host_t **ip) +{ + enumerator_t *addrs; + host_t *host; + int family; + bool found = FALSE; + + DBG2(DBG_KNL, "getting a local address in traffic selector %R", ts); + + /* if we have a family which includes localhost, we do not + * search for an IP, we use the default */ + family = ts->get_type(ts) == TS_IPV4_ADDR_RANGE ? AF_INET : AF_INET6; + + if (family == AF_INET) + { + host = host_create_from_string("127.0.0.1", 0); + } + else + { + host = host_create_from_string("::1", 0); + } + + if (ts->includes(ts, host)) + { + *ip = host_create_any(family); + host->destroy(host); + DBG2(DBG_KNL, "using host %H", *ip); + return SUCCESS; + } + host->destroy(host); + + addrs = create_address_enumerator(this, TRUE, TRUE); + while (addrs->enumerate(addrs, (void**)&host)) + { + if (ts->includes(ts, host)) + { + found = TRUE; + *ip = host->clone(host); + break; + } + } + addrs->destroy(addrs); + + if (!found) + { + DBG1(DBG_KNL, "no local address found in traffic selector %R", ts); + return FAILED; + } + + DBG2(DBG_KNL, "using host %H", *ip); + return SUCCESS; +} + + +METHOD(kernel_interface_t, add_ipsec_interface, void, + private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor) +{ + if (!this->ipsec) + { + this->ipsec = constructor(); + } +} + +METHOD(kernel_interface_t, remove_ipsec_interface, void, + private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor) +{ + /* TODO: replace if interface currently in use */ +} + +METHOD(kernel_interface_t, add_net_interface, void, + private_kernel_interface_t *this, kernel_net_constructor_t constructor) +{ + if (!this->net) + { + this->net = constructor(); + } +} + +METHOD(kernel_interface_t, remove_net_interface, void, + private_kernel_interface_t *this, kernel_net_constructor_t constructor) +{ + /* TODO: replace if interface currently in use */ +} + +METHOD(kernel_interface_t, destroy, void, + private_kernel_interface_t *this) +{ + DESTROY_IF(this->ipsec); + DESTROY_IF(this->net); + free(this); +} + +/* + * Described in header-file + */ +kernel_interface_t *kernel_interface_create() +{ + private_kernel_interface_t *this; + + INIT(this, + .public = { + .get_spi = _get_spi, + .get_cpi = _get_cpi, + .add_sa = _add_sa, + .update_sa = _update_sa, + .query_sa = _query_sa, + .del_sa = _del_sa, + .add_policy = _add_policy, + .query_policy = _query_policy, + .del_policy = _del_policy, + .get_source_addr = _get_source_addr, + .get_nexthop = _get_nexthop, + .get_interface = _get_interface, + .create_address_enumerator = _create_address_enumerator, + .add_ip = _add_ip, + .del_ip = _del_ip, + .add_route = _add_route, + .del_route = _del_route, + .bypass_socket = _bypass_socket, + + .get_address_by_ts = _get_address_by_ts, + .add_ipsec_interface = _add_ipsec_interface, + .remove_ipsec_interface = _remove_ipsec_interface, + .add_net_interface = _add_net_interface, + .remove_net_interface = _remove_net_interface, + .destroy = _destroy, + }, + ); + + return &this->public; +} + diff --git a/src/charon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h index c39246e72..4a62e76b8 100644 --- a/src/charon/kernel/kernel_interface.h +++ b/src/libcharon/kernel/kernel_interface.h @@ -333,6 +333,15 @@ struct kernel_interface_t { host_t *gateway, host_t *src_ip, char *if_name); /** + * Set up a bypass policy for a given socket. + * + * @param fd socket file descriptor to setup policy for + * @param family protocol family of the socket + * @return TRUE of policy set up successfully + */ + bool (*bypass_socket)(kernel_interface_t *this, int fd, int family); + + /** * manager methods */ diff --git a/src/charon/kernel/kernel_ipsec.c b/src/libcharon/kernel/kernel_ipsec.c index 5b0335b16..5b0335b16 100644 --- a/src/charon/kernel/kernel_ipsec.c +++ b/src/libcharon/kernel/kernel_ipsec.c diff --git a/src/charon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index 73ad29b0e..300464cf6 100644 --- a/src/charon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -265,6 +265,15 @@ struct kernel_ipsec_t { bool unrouted); /** + * Install a bypass policy for the given socket. + * + * @param fd socket file descriptor to setup policy for + * @param family protocol family of the socket + * @return TRUE of policy set up successfully + */ + bool (*bypass_socket)(kernel_ipsec_t *this, int fd, int family); + + /** * Destroy the implementation. */ void (*destroy) (kernel_ipsec_t *this); diff --git a/src/charon/kernel/kernel_net.h b/src/libcharon/kernel/kernel_net.h index efb221f88..efb221f88 100644 --- a/src/charon/kernel/kernel_net.h +++ b/src/libcharon/kernel/kernel_net.h diff --git a/src/libcharon/network/packet.c b/src/libcharon/network/packet.c new file mode 100644 index 000000000..19db362f7 --- /dev/null +++ b/src/libcharon/network/packet.c @@ -0,0 +1,138 @@ +/* + * Copyright (C) 2005-2006 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "packet.h" + +typedef struct private_packet_t private_packet_t; + +/** + * Private data of an packet_t object. + */ +struct private_packet_t { + + /** + * Public part of a packet_t object. + */ + packet_t public; + + /** + * source address + */ + host_t *source; + + /** + * destination address + */ + host_t *destination; + + /** + * message data + */ + chunk_t data; +}; + +METHOD(packet_t, set_source, void, + private_packet_t *this, host_t *source) +{ + DESTROY_IF(this->source); + this->source = source; +} + +METHOD(packet_t, set_destination, void, + private_packet_t *this, host_t *destination) +{ + DESTROY_IF(this->destination); + this->destination = destination; +} + +METHOD(packet_t, get_source, host_t*, + private_packet_t *this) +{ + return this->source; +} + +METHOD(packet_t, get_destination, host_t*, + private_packet_t *this) +{ + return this->destination; +} + +METHOD(packet_t, get_data, chunk_t, + private_packet_t *this) +{ + return this->data; +} + +METHOD(packet_t, set_data, void, + private_packet_t *this, chunk_t data) +{ + free(this->data.ptr); + this->data = data; +} + +METHOD(packet_t, destroy, void, + private_packet_t *this) +{ + DESTROY_IF(this->source); + DESTROY_IF(this->destination); + free(this->data.ptr); + free(this); +} + +METHOD(packet_t, clone_, packet_t*, + private_packet_t *this) +{ + packet_t *other; + + other = packet_create(); + if (this->destination != NULL) + { + other->set_destination(other, this->destination->clone(this->destination)); + } + if (this->source != NULL) + { + other->set_source(other, this->source->clone(this->source)); + } + if (this->data.ptr != NULL) + { + other->set_data(other, chunk_clone(this->data)); + } + return other; +} + +/* + * Documented in header + */ +packet_t *packet_create(void) +{ + private_packet_t *this; + + INIT(this, + .public = { + .set_data = _set_data, + .get_data = _get_data, + .set_source = _set_source, + .get_source = _get_source, + .set_destination = _set_destination, + .get_destination = _get_destination, + .clone = _clone_, + .destroy = _destroy, + }, + ); + + return &this->public; +} + diff --git a/src/charon/network/packet.h b/src/libcharon/network/packet.h index 18d82c6fc..18d82c6fc 100644 --- a/src/charon/network/packet.h +++ b/src/libcharon/network/packet.h diff --git a/src/charon/network/receiver.c b/src/libcharon/network/receiver.c index 6cd99439b..df897021a 100644 --- a/src/charon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -99,6 +99,11 @@ struct private_receiver_t { * how many half open IKE_SAs per peer before blocking */ u_int32_t block_threshold; + + /** + * Delay for receiving incoming packets, to simulate larger RTT + */ + u_int receive_delay; }; /** @@ -248,7 +253,7 @@ static bool peer_to_aggressive(private_receiver_t *this, message_t *message) } /** - * Implementation of receiver_t.receive_packets. + * Job callback to receive packets */ static job_requeue_t receive_packets(private_receiver_t *this) { @@ -325,14 +330,20 @@ static job_requeue_t receive_packets(private_receiver_t *this) } } job = (job_t*)process_message_job_create(message); - charon->processor->queue_job(charon->processor, job); + if (this->receive_delay) + { + charon->scheduler->schedule_job_ms(charon->scheduler, + job, this->receive_delay); + } + else + { + charon->processor->queue_job(charon->processor, job); + } return JOB_REQUEUE_DIRECT; } -/** - * Implementation of receiver_t.destroy. - */ -static void destroy(private_receiver_t *this) +METHOD(receiver_t, destroy, void, + private_receiver_t *this) { this->job->cancel(this->job); this->rng->destroy(this->rng); @@ -345,10 +356,24 @@ static void destroy(private_receiver_t *this) */ receiver_t *receiver_create() { - private_receiver_t *this = malloc_thing(private_receiver_t); + private_receiver_t *this; u_int32_t now = time_monotonic(NULL); - this->public.destroy = (void(*)(receiver_t*)) destroy; + INIT(this, + .public.destroy = _destroy, + .secret_switch = now, + .secret_offset = random() % now, + ); + + if (lib->settings->get_bool(lib->settings, "charon.dos_protection", TRUE)) + { + this->cookie_threshold = lib->settings->get_int(lib->settings, + "charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT); + this->block_threshold = lib->settings->get_int(lib->settings, + "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT); + } + this->receive_delay = lib->settings->get_int(lib->settings, + "charon.receive_delay", 0); this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_PREFERRED); if (this->hasher == NULL) @@ -365,20 +390,8 @@ receiver_t *receiver_create() free(this); return NULL; } - this->secret_switch = now; - this->secret_offset = random() % now; - this->secret_used = 0; this->rng->get_bytes(this->rng, SECRET_LENGTH, this->secret); memcpy(this->secret_old, this->secret, SECRET_LENGTH); - this->cookie_threshold = lib->settings->get_int(lib->settings, - "charon.cookie_threshold", COOKIE_THRESHOLD_DEFAULT); - this->block_threshold = lib->settings->get_int(lib->settings, - "charon.block_threshold", BLOCK_THRESHOLD_DEFAULT); - if (!lib->settings->get_bool(lib->settings, "charon.dos_protection", TRUE)) - { - this->cookie_threshold = 0; - this->block_threshold = 0; - } this->job = callback_job_create((callback_job_cb_t)receive_packets, this, NULL, NULL); diff --git a/src/charon/network/receiver.h b/src/libcharon/network/receiver.h index 690d8dbab..690d8dbab 100644 --- a/src/charon/network/receiver.h +++ b/src/libcharon/network/receiver.h diff --git a/src/charon/network/sender.c b/src/libcharon/network/sender.c index 3be5861dd..c18f1138e 100644 --- a/src/charon/network/sender.c +++ b/src/libcharon/network/sender.c @@ -14,6 +14,7 @@ * for more details. */ +#include <unistd.h> #include <stdlib.h> #include "sender.h" @@ -61,12 +62,15 @@ struct private_sender_t { * condvar to signal for packets sent */ condvar_t *sent; + + /** + * Delay for sending outgoing packets, to simulate larger RTT + */ + int send_delay; }; -/** - * implements sender_t.send - */ -static void send_(private_sender_t *this, packet_t *packet) +METHOD(sender_t, send_, void, + private_sender_t *this, packet_t *packet) { host_t *src, *dst; @@ -74,6 +78,11 @@ static void send_(private_sender_t *this, packet_t *packet) dst = packet->get_destination(packet); DBG1(DBG_NET, "sending packet: from %#H to %#H", src, dst); + if (this->send_delay) + { + usleep(this->send_delay * 1000); + } + this->mutex->lock(this->mutex); this->list->insert_last(this->list, packet); this->got->signal(this->got); @@ -81,7 +90,7 @@ static void send_(private_sender_t *this, packet_t *packet) } /** - * Implementation of private_sender_t.send_packets. + * Job callback function to send packets */ static job_requeue_t send_packets(private_sender_t * this) { @@ -109,10 +118,8 @@ static job_requeue_t send_packets(private_sender_t * this) return JOB_REQUEUE_DIRECT; } -/** - * Implementation of sender_t.destroy. - */ -static void destroy(private_sender_t *this) +METHOD(sender_t, destroy, void, + private_sender_t *this) { /* send all packets in the queue */ this->mutex->lock(this->mutex); @@ -134,18 +141,23 @@ static void destroy(private_sender_t *this) */ sender_t * sender_create() { - private_sender_t *this = malloc_thing(private_sender_t); - - this->public.send = (void(*)(sender_t*,packet_t*))send_; - this->public.destroy = (void(*)(sender_t*)) destroy; - - this->list = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->got = condvar_create(CONDVAR_TYPE_DEFAULT); - this->sent = condvar_create(CONDVAR_TYPE_DEFAULT); + private_sender_t *this; + + INIT(this, + .public = { + .send = _send_, + .destroy = _destroy, + }, + .list = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .got = condvar_create(CONDVAR_TYPE_DEFAULT), + .sent = condvar_create(CONDVAR_TYPE_DEFAULT), + .job = callback_job_create((callback_job_cb_t)send_packets, + this, NULL, NULL), + .send_delay = lib->settings->get_int(lib->settings, + "charon.send_delay", 0), + ); - this->job = callback_job_create((callback_job_cb_t)send_packets, - this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); return &this->public; diff --git a/src/charon/network/sender.h b/src/libcharon/network/sender.h index f77fadab2..f77fadab2 100644 --- a/src/charon/network/sender.h +++ b/src/libcharon/network/sender.h diff --git a/src/charon/network/socket.h b/src/libcharon/network/socket.h index 83bb9d4c9..5c5a4edfb 100644 --- a/src/charon/network/socket.h +++ b/src/libcharon/network/socket.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -27,29 +27,10 @@ typedef struct socket_t socket_t; #include <library.h> #include <network/packet.h> -#include <utils/host.h> #include <utils/enumerator.h> /** - * Maximum size of a packet. - * - * 3000 Bytes should be sufficient, see IKEv2 RFC. However, to run our - * multi-CA test with 2 intermediate CAs, we increase that to 5000 bytes. - */ -#define MAX_PACKET 5000 - -/** - * Abstraction of all sockets (IPv4/IPv6 send/receive). - * - * All available sockets are bound and the receive function - * reads from them. There are actually two implementations: - * The first uses raw sockets to allow binding of other daemons (pluto) to - * UDP/500. An installed "Linux socket filter" filters out all non-IKEv2 - * traffic and handles just IKEv2 messages. An other daemon (pluto) must - * handle all traffic separately, e.g. ignore IKEv2 traffic, since charon - * handles that. - * The other implementation uses normal sockets and is built if - * --disable-pluto is given to the configure script. + * Socket interface definition. */ struct socket_t { @@ -78,25 +59,6 @@ struct socket_t { * - FAILED when unable to send */ status_t (*send) (socket_t *this, packet_t *packet); - - /** - * Enumerate all underlying socket file descriptors. - * - * @return enumerator over (int fd, int family, int port) - */ - enumerator_t *(*create_enumerator) (socket_t *this); - - /** - * Destroy socket. - */ - void (*destroy) (socket_t *this); }; -/** - * Create a socket_t, which binds multiple sockets. - * - * @return socket_t object - */ -socket_t *socket_create(); - #endif /** SOCKET_H_ @}*/ diff --git a/src/libcharon/network/socket_manager.c b/src/libcharon/network/socket_manager.c new file mode 100644 index 000000000..0dbce4b1b --- /dev/null +++ b/src/libcharon/network/socket_manager.c @@ -0,0 +1,129 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "socket_manager.h" + +#include <daemon.h> +#include <threading/thread.h> +#include <threading/rwlock.h> +#include <utils/linked_list.h> + +typedef struct private_socket_manager_t private_socket_manager_t; + +/** + * Private data of an socket_manager_t object. + */ +struct private_socket_manager_t { + + /** + * Public socket_manager_t interface. + */ + socket_manager_t public; + + /** + * List of registered socket + */ + linked_list_t *sockets; + + /** + * Lock for sockets list + */ + rwlock_t *lock; +}; + +METHOD(socket_manager_t, receiver, status_t, + private_socket_manager_t *this, packet_t **packet) +{ + socket_t *socket; + status_t status; + + this->lock->read_lock(this->lock); + if (this->sockets->get_first(this->sockets, (void**)&socket) != SUCCESS) + { + DBG1(DBG_NET, "no socket implementation registered, receiving failed"); + this->lock->unlock(this->lock); + return NOT_SUPPORTED; + } + /* receive is blocking and the thread can be cancelled */ + thread_cleanup_push((thread_cleanup_t)this->lock->unlock, this->lock); + status = socket->receive(socket, packet); + thread_cleanup_pop(TRUE); + return status; +} + +METHOD(socket_manager_t, sender, status_t, + private_socket_manager_t *this, packet_t *packet) +{ + socket_t *socket; + status_t status; + + this->lock->read_lock(this->lock); + if (this->sockets->get_first(this->sockets, (void**)&socket) != SUCCESS) + { + DBG1(DBG_NET, "no socket implementation registered, sending failed"); + this->lock->unlock(this->lock); + return NOT_SUPPORTED; + } + status = socket->send(socket, packet); + this->lock->unlock(this->lock); + return status; +} + +METHOD(socket_manager_t, add_socket, void, + private_socket_manager_t *this, socket_t *socket) +{ + this->lock->write_lock(this->lock); + this->sockets->insert_last(this->sockets, socket); + this->lock->unlock(this->lock); +} + +METHOD(socket_manager_t, remove_socket, void, + private_socket_manager_t *this, socket_t *socket) +{ + this->lock->write_lock(this->lock); + this->sockets->remove(this->sockets, socket, NULL); + this->lock->unlock(this->lock); +} + +METHOD(socket_manager_t, destroy, void, + private_socket_manager_t *this) +{ + this->sockets->destroy(this->sockets); + this->lock->destroy(this->lock); + free(this); +} + +/** + * See header + */ +socket_manager_t *socket_manager_create() +{ + private_socket_manager_t *this; + + INIT(this, + .public = { + .send = _sender, + .receive = _receiver, + .add_socket = _add_socket, + .remove_socket = _remove_socket, + .destroy = _destroy, + }, + .sockets = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + return &this->public; +} + diff --git a/src/libcharon/network/socket_manager.h b/src/libcharon/network/socket_manager.h new file mode 100644 index 000000000..b33d5c71c --- /dev/null +++ b/src/libcharon/network/socket_manager.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup socket_manager socket_manager + * @{ @ingroup network + */ + +#ifndef SOCKET_MANAGER_H_ +#define SOCKET_MANAGER_H_ + +#include <network/socket.h> + +typedef struct socket_manager_t socket_manager_t; + +/** + * Handle pluggable socket implementations and send/receive packets through it. + */ +struct socket_manager_t { + + /** + * Receive a packet using the registered socket. + * + * @param packet allocated packet that has been received + * @return + * - SUCCESS when packet successfully received + * - FAILED when unable to receive + */ + status_t (*receive) (socket_manager_t *this, packet_t **packet); + + /** + * Send a packet using the registered socket. + * + * @param packet packet to send out + * @return + * - SUCCESS when packet successfully sent + * - FAILED when unable to send + */ + status_t (*send) (socket_manager_t *this, packet_t *packet); + + /** + * Register a socket implementation. + */ + void (*add_socket)(socket_manager_t *this, socket_t *socket); + + /** + * Unregister a registered socket implementation. + */ + void (*remove_socket)(socket_manager_t *this, socket_t *socket); + + /** + * Destroy a socket_manager_t. + */ + void (*destroy)(socket_manager_t *this); +}; + +/** + * Create a socket_manager instance. + */ +socket_manager_t *socket_manager_create(); + +#endif /** SOCKET_MANAGER_H_ @}*/ diff --git a/src/libcharon/plugins/android/Makefile.am b/src/libcharon/plugins/android/Makefile.am new file mode 100644 index 000000000..e8423589c --- /dev/null +++ b/src/libcharon/plugins/android/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-android.la +else +plugin_LTLIBRARIES = libstrongswan-android.la +endif + +libstrongswan_android_la_SOURCES = \ + android_plugin.c android_plugin.h \ + android_handler.c android_handler.h + +libstrongswan_android_la_LDFLAGS = -module -avoid-version +libstrongswan_android_la_LIBADD = -lcutils diff --git a/src/libcharon/plugins/android/Makefile.in b/src/libcharon/plugins/android/Makefile.in new file mode 100644 index 000000000..9f12a9c75 --- /dev/null +++ b/src/libcharon/plugins/android/Makefile.in @@ -0,0 +1,590 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/android +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_android_la_DEPENDENCIES = +am_libstrongswan_android_la_OBJECTS = android_plugin.lo \ + android_handler.lo +libstrongswan_android_la_OBJECTS = \ + $(am_libstrongswan_android_la_OBJECTS) +libstrongswan_android_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_android_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_android_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_android_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_android_la_SOURCES) +DIST_SOURCES = $(libstrongswan_android_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-android.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-android.la +libstrongswan_android_la_SOURCES = \ + android_plugin.c android_plugin.h \ + android_handler.c android_handler.h + +libstrongswan_android_la_LDFLAGS = -module -avoid-version +libstrongswan_android_la_LIBADD = -lcutils +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/android/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-android.la: $(libstrongswan_android_la_OBJECTS) $(libstrongswan_android_la_DEPENDENCIES) + $(libstrongswan_android_la_LINK) $(am_libstrongswan_android_la_rpath) $(libstrongswan_android_la_OBJECTS) $(libstrongswan_android_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_handler.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/android_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/android/android_handler.c b/src/libcharon/plugins/android/android_handler.c new file mode 100644 index 000000000..a475eeaab --- /dev/null +++ b/src/libcharon/plugins/android/android_handler.c @@ -0,0 +1,225 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "android_handler.h" + +#include <utils/linked_list.h> + +#include <cutils/properties.h> + +typedef struct private_android_handler_t private_android_handler_t; + +/** + * Private data of an android_handler_t object. + */ +struct private_android_handler_t { + + /** + * Public android_handler_t interface. + */ + android_handler_t public; + + /** + * List of registered DNS servers + */ + linked_list_t *dns; +}; + +/** + * Struct to store a pair of old and installed DNS servers + */ +typedef struct { + /** installed dns server */ + host_t *dns; + /** old dns server */ + host_t *old; +} dns_pair_t; + +/** + * Destroy a pair of old and installed DNS servers + */ +void destroy_dns_pair(dns_pair_t *this) +{ + DESTROY_IF(this->dns); + DESTROY_IF(this->old); + free(this); +} + +/** + * Filter pairs of DNS servers + */ +bool filter_dns_pair(void *data, dns_pair_t **in, host_t **out) +{ + *out = (*in)->dns; + return TRUE; +} + +/** + * Read DNS server property with a given index + */ +host_t *get_dns_server(int index) +{ + host_t *dns = NULL; + char key[10], value[PROPERTY_VALUE_MAX]; + + if (snprintf(key, sizeof(key), "net.dns%d", index) >= sizeof(key)) + { + return NULL; + } + + if (property_get(key, value, NULL) > 0) + { + dns = host_create_from_string(value, 0); + } + return dns; +} + +/** + * Set DNS server property with a given index + */ +bool set_dns_server(int index, host_t *dns) +{ + char key[10], value[PROPERTY_VALUE_MAX]; + + if (snprintf(key, sizeof(key), "net.dns%d", index) >= sizeof(key)) + { + return FALSE; + } + + if (dns) + { + if (snprintf(value, sizeof(value), "%H", dns) >= sizeof(value)) + { + return FALSE; + } + } + else + { + value[0] = '\0'; + } + + if (property_set(key, value) != 0) + { + return FALSE; + } + return TRUE; +} + +METHOD(attribute_handler_t, handle, bool, + private_android_handler_t *this, identification_t *id, + configuration_attribute_type_t type, chunk_t data) +{ + switch (type) + { + case INTERNAL_IP4_DNS: + { + host_t *dns; + dns_pair_t *pair; + int index; + + dns = host_create_from_chunk(AF_INET, data, 0); + if (dns) + { + pair = malloc_thing(dns_pair_t); + pair->dns = dns; + index = this->dns->get_count(this->dns) + 1; + pair->old = get_dns_server(index); + set_dns_server(index, dns); + this->dns->insert_last(this->dns, pair); + return TRUE; + } + return FALSE; + } + default: + return FALSE; + } +} + +METHOD(attribute_handler_t, release, void, + private_android_handler_t *this, identification_t *server, + configuration_attribute_type_t type, chunk_t data) +{ + if (type == INTERNAL_IP4_DNS) + { + enumerator_t *enumerator; + dns_pair_t *pair; + int index; + + enumerator = this->dns->create_enumerator(this->dns); + for (index = 1; enumerator->enumerate(enumerator, &pair); index++) + { + if (chunk_equals(pair->dns->get_address(pair->dns), data)) + { + this->dns->remove_at(this->dns, enumerator); + set_dns_server(index, pair->old); + destroy_dns_pair(pair); + } + } + enumerator->destroy(enumerator); + } +} + +METHOD(enumerator_t, enumerate_dns, bool, + enumerator_t *this, configuration_attribute_type_t *type, chunk_t *data) +{ + *type = INTERNAL_IP4_DNS; + *data = chunk_empty; + /* stop enumeration */ + this->enumerate = (void*)return_false; + return TRUE; +} + +METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t *, + android_handler_t *this, identification_t *id, host_t *vip) +{ + enumerator_t *enumerator; + + INIT(enumerator, + .enumerate = (void*)_enumerate_dns, + .destroy = (void*)free, + ); + return enumerator; +} + +METHOD(android_handler_t, destroy, void, + private_android_handler_t *this) +{ + this->dns->destroy_function(this->dns, (void*)destroy_dns_pair); + free(this); +} + +/** + * See header + */ +android_handler_t *android_handler_create() +{ + private_android_handler_t *this; + + INIT(this, + .public = { + .handler = { + .handle = _handle, + .release = _release, + .create_attribute_enumerator = _create_attribute_enumerator, + }, + .destroy = _destroy, + }, + .dns = linked_list_create(), + ); + + return &this->public; +} + diff --git a/src/libcharon/plugins/android/android_handler.h b/src/libcharon/plugins/android/android_handler.h new file mode 100644 index 000000000..af620505b --- /dev/null +++ b/src/libcharon/plugins/android/android_handler.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup android_handler android_handler + * @{ @ingroup android + */ + +#ifndef ANDROID_HANDLER_H_ +#define ANDROID_HANDLER_H_ + +#include <attributes/attribute_handler.h> + +typedef struct android_handler_t android_handler_t; + +/** + * Android specific DNS attribute handler. + */ +struct android_handler_t { + + /** + * Implements attribute_handler_t. + */ + attribute_handler_t handler; + + /** + * Destroy a android_handler_t. + */ + void (*destroy)(android_handler_t *this); +}; + +/** + * Create a android_handler instance. + */ +android_handler_t *android_handler_create(); + +#endif /** ANDROID_HANDLER_H_ @}*/ diff --git a/src/libcharon/plugins/android/android_plugin.c b/src/libcharon/plugins/android/android_plugin.c new file mode 100644 index 000000000..9a558f53b --- /dev/null +++ b/src/libcharon/plugins/android/android_plugin.c @@ -0,0 +1,66 @@ +/* + * Copyright (C) 2010 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "android_plugin.h" +#include "android_handler.h" + +#include <hydra.h> +#include <daemon.h> + +typedef struct private_android_plugin_t private_android_plugin_t; + +/** + * Private data of an android_plugin_t object. + */ +struct private_android_plugin_t { + + /** + * Public android_plugin_t interface. + */ + android_plugin_t public; + + /** + * Android specific DNS handler + */ + android_handler_t *handler; +}; + +METHOD(plugin_t, destroy, void, + private_android_plugin_t *this) +{ + hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); + this->handler->destroy(this->handler); + free(this); +} + +/** + * See header + */ +plugin_t *android_plugin_create() +{ + private_android_plugin_t *this; + + INIT(this, + .public.plugin = { + .destroy = _destroy, + }, + .handler = android_handler_create(), + ); + + hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/android/android_plugin.h b/src/libcharon/plugins/android/android_plugin.h new file mode 100644 index 000000000..987f2aa37 --- /dev/null +++ b/src/libcharon/plugins/android/android_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup android android + * @ingroup cplugins + * + * @defgroup android_plugin android_plugin + * @{ @ingroup android + */ + +#ifndef ANDROID_PLUGIN_H_ +#define ANDROID_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct android_plugin_t android_plugin_t; + +/** + * Plugin providing functionality specific to the Android platform. + */ +struct android_plugin_t { + + /** + * Implements plugin interface. + */ + plugin_t plugin; +}; + +#endif /** ANDROID_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/dhcp/Makefile.am b/src/libcharon/plugins/dhcp/Makefile.am new file mode 100644 index 000000000..45d7536be --- /dev/null +++ b/src/libcharon/plugins/dhcp/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-dhcp.la +else +plugin_LTLIBRARIES = libstrongswan-dhcp.la +endif + +libstrongswan_dhcp_la_SOURCES = dhcp_plugin.h dhcp_plugin.c \ + dhcp_provider.h dhcp_provider.c \ + dhcp_socket.h dhcp_socket.c \ + dhcp_transaction.h dhcp_transaction.c + +libstrongswan_dhcp_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in new file mode 100644 index 000000000..7606b963c --- /dev/null +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -0,0 +1,590 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/dhcp +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_dhcp_la_LIBADD = +am_libstrongswan_dhcp_la_OBJECTS = dhcp_plugin.lo dhcp_provider.lo \ + dhcp_socket.lo dhcp_transaction.lo +libstrongswan_dhcp_la_OBJECTS = $(am_libstrongswan_dhcp_la_OBJECTS) +libstrongswan_dhcp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_dhcp_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_dhcp_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_dhcp_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_dhcp_la_SOURCES) +DIST_SOURCES = $(libstrongswan_dhcp_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-dhcp.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-dhcp.la +libstrongswan_dhcp_la_SOURCES = dhcp_plugin.h dhcp_plugin.c \ + dhcp_provider.h dhcp_provider.c \ + dhcp_socket.h dhcp_socket.c \ + dhcp_transaction.h dhcp_transaction.c + +libstrongswan_dhcp_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-dhcp.la: $(libstrongswan_dhcp_la_OBJECTS) $(libstrongswan_dhcp_la_DEPENDENCIES) + $(libstrongswan_dhcp_la_LINK) $(am_libstrongswan_dhcp_la_rpath) $(libstrongswan_dhcp_la_OBJECTS) $(libstrongswan_dhcp_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_provider.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_socket.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dhcp_transaction.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.c b/src/libcharon/plugins/dhcp/dhcp_plugin.c new file mode 100644 index 000000000..829fd6356 --- /dev/null +++ b/src/libcharon/plugins/dhcp/dhcp_plugin.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "dhcp_plugin.h" + +#include <hydra.h> +#include <daemon.h> + +#include "dhcp_socket.h" +#include "dhcp_provider.h" + +typedef struct private_dhcp_plugin_t private_dhcp_plugin_t; + +/** + * private data of dhcp plugin + */ +struct private_dhcp_plugin_t { + + /** + * implements plugin interface + */ + dhcp_plugin_t public; + + /** + * DHCP communication socket + */ + dhcp_socket_t *socket; + + /** + * Attribute provider + */ + dhcp_provider_t *provider; +}; + +METHOD(plugin_t, destroy, void, + private_dhcp_plugin_t *this) +{ + hydra->attributes->remove_provider(hydra->attributes, + &this->provider->provider); + this->provider->destroy(this->provider); + this->socket->destroy(this->socket); + free(this); +} + +/** + * Plugin constructor. + */ +plugin_t *dhcp_plugin_create() +{ + private_dhcp_plugin_t *this; + + INIT(this, + .public.plugin.destroy = _destroy, + .socket = dhcp_socket_create(), + ); + + if (!this->socket) + { + free(this); + return NULL; + } + + this->provider = dhcp_provider_create(this->socket); + hydra->attributes->add_provider(hydra->attributes, + &this->provider->provider); + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/dhcp/dhcp_plugin.h b/src/libcharon/plugins/dhcp/dhcp_plugin.h new file mode 100644 index 000000000..b21b44d28 --- /dev/null +++ b/src/libcharon/plugins/dhcp/dhcp_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup dhcp dhcp + * @ingroup cplugins + * + * @defgroup dhcp_plugin dhcp_plugin + * @{ @ingroup dhcp + */ + +#ifndef DHCP_PLUGIN_H_ +#define DHCP_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct dhcp_plugin_t dhcp_plugin_t; + +/** + * DHCP based attribute provider plugin. + */ +struct dhcp_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** DHCP_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.c b/src/libcharon/plugins/dhcp/dhcp_provider.c new file mode 100644 index 000000000..dbcceb6ce --- /dev/null +++ b/src/libcharon/plugins/dhcp/dhcp_provider.c @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "dhcp_provider.h" + +#include <utils/hashtable.h> +#include <threading/mutex.h> + +typedef struct private_dhcp_provider_t private_dhcp_provider_t; + +/** + * Private data of an dhcp_provider_t object. + */ +struct private_dhcp_provider_t { + + /** + * Public dhcp_provider_t interface. + */ + dhcp_provider_t public; + + /** + * Completed DHCP transactions + */ + hashtable_t *transactions; + + /** + * Lock for transactions + */ + mutex_t *mutex; + + /** + * DHCP communication socket + */ + dhcp_socket_t *socket; +}; + +/** + * Hashtable hash function + */ +static u_int hash(void *key) +{ + return (uintptr_t)key; +} + +/** + * Hashtable equals function + */ +static bool equals(void *a, void *b) +{ + return a == b; +} + +/** + * Hash ID and host to a key + */ +static uintptr_t hash_id_host(identification_t *id, host_t *host) +{ + return chunk_hash_inc(id->get_encoding(id), + chunk_hash(host->get_address(host))); +} + +/** + * Hash a DHCP transaction to a key, using address and id + */ +static uintptr_t hash_transaction(dhcp_transaction_t *transaction) +{ + return hash_id_host(transaction->get_identity(transaction), + transaction->get_address(transaction)); +} + +METHOD(attribute_provider_t, acquire_address, host_t*, + private_dhcp_provider_t *this, char *pool, + identification_t *id, host_t *requested) +{ + if (streq(pool, "dhcp")) + { + dhcp_transaction_t *transaction, *old; + host_t *vip; + + transaction = this->socket->enroll(this->socket, id); + if (!transaction) + { + return NULL; + } + vip = transaction->get_address(transaction); + vip = vip->clone(vip); + this->mutex->lock(this->mutex); + old = this->transactions->put(this->transactions, + (void*)hash_transaction(transaction), transaction); + this->mutex->unlock(this->mutex); + DESTROY_IF(old); + return vip; + } + return NULL; +} + +METHOD(attribute_provider_t, release_address, bool, + private_dhcp_provider_t *this, char *pool, + host_t *address, identification_t *id) +{ + if (streq(pool, "dhcp")) + { + dhcp_transaction_t *transaction; + + this->mutex->lock(this->mutex); + transaction = this->transactions->remove(this->transactions, + (void*)hash_id_host(id, address)); + this->mutex->unlock(this->mutex); + if (transaction) + { + this->socket->release(this->socket, transaction); + transaction->destroy(transaction); + return TRUE; + } + } + return FALSE; +} + +METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, + private_dhcp_provider_t *this, identification_t *id, host_t *vip) +{ + dhcp_transaction_t *transaction; + + if (!vip) + { + return NULL; + } + this->mutex->lock(this->mutex); + transaction = this->transactions->get(this->transactions, + (void*)hash_id_host(id, vip)); + if (!transaction) + { + this->mutex->unlock(this->mutex); + return NULL; + } + return enumerator_create_cleaner( + transaction->create_attribute_enumerator(transaction), + (void*)this->mutex->unlock, this->mutex); +} + +METHOD(dhcp_provider_t, destroy, void, + private_dhcp_provider_t *this) +{ + enumerator_t *enumerator; + dhcp_transaction_t *value; + void *key; + + enumerator = this->transactions->create_enumerator(this->transactions); + while (enumerator->enumerate(enumerator, &key, &value)) + { + value->destroy(value); + } + enumerator->destroy(enumerator); + this->transactions->destroy(this->transactions); + this->mutex->destroy(this->mutex); + free(this); +} + +/** + * See header + */ +dhcp_provider_t *dhcp_provider_create(dhcp_socket_t *socket) +{ + private_dhcp_provider_t *this; + + INIT(this, + .public = { + .provider = { + .acquire_address = _acquire_address, + .release_address = _release_address, + .create_attribute_enumerator = _create_attribute_enumerator, + }, + .destroy = _destroy, + }, + .socket = socket, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .transactions = hashtable_create(hash, equals, 8), + ); + + return &this->public; +} + diff --git a/src/libcharon/plugins/dhcp/dhcp_provider.h b/src/libcharon/plugins/dhcp/dhcp_provider.h new file mode 100644 index 000000000..e720e876c --- /dev/null +++ b/src/libcharon/plugins/dhcp/dhcp_provider.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup dhcp_provider dhcp_provider + * @{ @ingroup dhcp + */ + +#ifndef DHCP_PROVIDER_H_ +#define DHCP_PROVIDER_H_ + +typedef struct dhcp_provider_t dhcp_provider_t; + +#include "dhcp_socket.h" + +#include <attributes/attribute_provider.h> + +/** + * DHCP based attribute provider. + */ +struct dhcp_provider_t { + + /** + * Implements attribute_provier_t interface. + */ + attribute_provider_t provider; + + /** + * Destroy a dhcp_provider_t. + */ + void (*destroy)(dhcp_provider_t *this); +}; + +/** + * Create a dhcp_provider instance. + * + * @param socket socket to use for DHCP communication + * @return provider instance + */ +dhcp_provider_t *dhcp_provider_create(dhcp_socket_t *socket); + +#endif /** DHCP_PROVIDER_H_ @}*/ diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c new file mode 100644 index 000000000..f61b3a60e --- /dev/null +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -0,0 +1,758 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "dhcp_socket.h" + +#include <unistd.h> +#include <errno.h> +#include <string.h> +#include <netinet/in.h> +#include <netinet/ip.h> +#include <netinet/udp.h> +#include <linux/if_arp.h> +#include <linux/if_ether.h> +#include <linux/filter.h> + +#include <utils/linked_list.h> +#include <utils/identification.h> +#include <threading/mutex.h> +#include <threading/condvar.h> +#include <threading/thread.h> + +#include <daemon.h> +#include <processing/jobs/callback_job.h> + +#define DHCP_SERVER_PORT 67 +#define DHCP_CLIENT_PORT 68 +#define DHCP_TRIES 5 + +typedef struct private_dhcp_socket_t private_dhcp_socket_t; + +/** + * Private data of an dhcp_socket_t object. + */ +struct private_dhcp_socket_t { + + /** + * Public dhcp_socket_t interface. + */ + dhcp_socket_t public; + + /** + * Random number generator + */ + rng_t *rng; + + /** + * List of transactions in DISCOVER + */ + linked_list_t *discover; + + /** + * List of transactions in REQUEST + */ + linked_list_t *request; + + /** + * List of successfully completed transactions + */ + linked_list_t *completed; + + /** + * Lock for transactions + */ + mutex_t *mutex; + + /** + * Condvar to wait for transaction completion + */ + condvar_t *condvar; + + /** + * Threads waiting in condvar + */ + int waiting; + + /** + * DHCP send socket + */ + int send; + + /** + * DHCP receive socket + */ + int receive; + + /** + * Do we use per-identity or random leases (and MAC addresses) + */ + bool identity_lease; + + /** + * DHCP server address, or broadcast + */ + host_t *dst; + + /** + * Callback job receiving DHCP responses + */ + callback_job_t *job; +}; + +/** + * DHCP opcode (or BOOTP actually) + */ +typedef enum { + BOOTREQUEST = 1, + BOOTREPLY = 2, +} dhcp_opcode_t; + +/** + * Some DHCP options used + */ +typedef enum { + DHCP_DNS_SERVER = 6, + DHCP_HOST_NAME = 12, + DHCP_NBNS_SERVER = 44, + DHCP_REQUESTED_IP = 50, + DHCP_MESSAGE_TYPE = 53, + DHCP_SERVER_ID = 54, + DHCP_PARAM_REQ_LIST = 55, + DHCP_CLIENT_ID = 61, + DHCP_OPTEND = 255, +} dhcp_option_type_t; + +/** + * DHCP messages types in the DHCP_MESSAGE_TYPE option + */ +typedef enum { + DHCP_DISCOVER = 1, + DHCP_OFFER = 2, + DHCP_REQUEST = 3, + DHCP_DECLINE = 4, + DHCP_ACK = 5, + DHCP_NAK = 6, + DHCP_RELEASE = 7, + DHCP_INFORM = 8, +} dhcp_message_type_t; +/** + * DHCP option encoding, a TLV + */ +typedef struct __attribute__((packed)) { + u_int8_t type; + u_int8_t len; + char data[]; +} dhcp_option_t; + +/** + * DHCP message format, with a maximum size options buffer + */ +typedef struct __attribute__((packed)) { + u_int8_t opcode; + u_int8_t hw_type; + u_int8_t hw_addr_len; + u_int8_t hop_count; + u_int32_t transaction_id; + u_int16_t number_of_seconds; + u_int16_t flags; + u_int32_t client_address; + u_int32_t your_address; + u_int32_t server_address; + u_int32_t gateway_address; + char client_hw_addr[6]; + char client_hw_padding[10]; + char server_hostname[64]; + char boot_filename[128]; + u_int32_t magic_cookie; + char options[252]; +} dhcp_t; + +/** + * Prepare a DHCP message for a given transaction + */ +static int prepare_dhcp(private_dhcp_socket_t *this, + dhcp_transaction_t *transaction, + dhcp_message_type_t type, dhcp_t *dhcp) +{ + chunk_t chunk, broadcast = chunk_from_chars(0xFF,0xFF,0xFF,0xFF); + identification_t *identity; + dhcp_option_t *option; + int optlen = 0; + host_t *src; + u_int32_t id; + + memset(dhcp, 0, sizeof(*dhcp)); + dhcp->opcode = BOOTREQUEST; + dhcp->hw_type = ARPHRD_ETHER; + dhcp->hw_addr_len = 6; + dhcp->transaction_id = transaction->get_id(transaction); + if (chunk_equals(broadcast, this->dst->get_address(this->dst))) + { + /* TODO: send with 0.0.0.0 source address */ + } + else + { + /* act as relay agent */ + src = charon->kernel_interface->get_source_addr( + charon->kernel_interface, this->dst, NULL); + if (src) + { + memcpy(&dhcp->gateway_address, src->get_address(src).ptr, + sizeof(dhcp->gateway_address)); + src->destroy(src); + } + } + + identity = transaction->get_identity(transaction); + chunk = identity->get_encoding(identity); + /* magic bytes, a locally administered unicast MAC */ + dhcp->client_hw_addr[0] = 0x7A; + dhcp->client_hw_addr[1] = 0xA7; + /* with ID specific postfix */ + if (this->identity_lease) + { + id = htonl(chunk_hash(chunk)); + } + else + { + id = transaction->get_id(transaction); + } + memcpy(&dhcp->client_hw_addr[2], &id, sizeof(id)); + + dhcp->magic_cookie = htonl(0x63825363); + + option = (dhcp_option_t*)&dhcp->options[optlen]; + option->type = DHCP_MESSAGE_TYPE; + option->len = 1; + option->data[0] = type; + optlen += sizeof(dhcp_option_t) + option->len; + + if (identity->get_type(identity) == ID_FQDN) + { + option = (dhcp_option_t*)&dhcp->options[optlen]; + option->type = DHCP_HOST_NAME; + option->len = min(chunk.len, 64); + memcpy(option->data, chunk.ptr, option->len); + optlen += sizeof(dhcp_option_t) + option->len; + } + + option = (dhcp_option_t*)&dhcp->options[optlen]; + option->type = DHCP_CLIENT_ID; + option->len = min(chunk.len, 64); + memcpy(option->data, chunk.ptr, option->len); + optlen += sizeof(dhcp_option_t) + option->len; + + return optlen; +} + +/** + * Send a DHCP message with given options length + */ +static bool send_dhcp(private_dhcp_socket_t *this, + dhcp_transaction_t *transaction, dhcp_t *dhcp, int optlen) +{ + host_t *dst; + ssize_t len; + + dst = transaction->get_server(transaction); + if (!dst) + { + dst = this->dst; + } + len = offsetof(dhcp_t, magic_cookie) + ((optlen + 4) / 64 * 64 + 64); + return sendto(this->send, dhcp, len, 0, dst->get_sockaddr(dst), + *dst->get_sockaddr_len(dst)) == len; +} + +/** + * Send DHCP discover using a given transaction + */ +static bool discover(private_dhcp_socket_t *this, + dhcp_transaction_t *transaction) +{ + dhcp_option_t *option; + dhcp_t dhcp; + int optlen; + + optlen = prepare_dhcp(this, transaction, DHCP_DISCOVER, &dhcp); + + DBG1(DBG_CFG, "sending DHCP DISCOVER to %H", this->dst); + + option = (dhcp_option_t*)&dhcp.options[optlen]; + option->type = DHCP_PARAM_REQ_LIST; + option->len = 2; + option->data[0] = DHCP_DNS_SERVER; + option->data[1] = DHCP_NBNS_SERVER; + optlen += sizeof(dhcp_option_t) + option->len; + + dhcp.options[optlen++] = DHCP_OPTEND; + + if (!send_dhcp(this, transaction, &dhcp, optlen)) + { + DBG1(DBG_CFG, "sending DHCP DISCOVER failed: %s", strerror(errno)); + return FALSE; + } + return TRUE; +} + +/** + * Send DHCP request using a given transaction + */ +static bool request(private_dhcp_socket_t *this, + dhcp_transaction_t *transaction) +{ + dhcp_option_t *option; + dhcp_t dhcp; + host_t *offer, *server; + chunk_t chunk; + int optlen; + + optlen = prepare_dhcp(this, transaction, DHCP_REQUEST, &dhcp); + + offer = transaction->get_address(transaction); + server = transaction->get_server(transaction); + if (!offer || !server) + { + return FALSE; + } + DBG1(DBG_CFG, "sending DHCP REQUEST for %H to %H", offer, server); + + option = (dhcp_option_t*)&dhcp.options[optlen]; + option->type = DHCP_REQUESTED_IP; + option->len = 4; + chunk = offer->get_address(offer); + memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); + optlen += sizeof(dhcp_option_t) + option->len; + + option = (dhcp_option_t*)&dhcp.options[optlen]; + option->type = DHCP_SERVER_ID; + option->len = 4; + chunk = server->get_address(server); + memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); + optlen += sizeof(dhcp_option_t) + option->len; + + option = (dhcp_option_t*)&dhcp.options[optlen]; + option->type = DHCP_PARAM_REQ_LIST; + option->len = 2; + option->data[0] = DHCP_DNS_SERVER; + option->data[1] = DHCP_NBNS_SERVER; + optlen += sizeof(dhcp_option_t) + option->len; + + dhcp.options[optlen++] = DHCP_OPTEND; + + if (!send_dhcp(this, transaction, &dhcp, optlen)) + { + DBG1(DBG_CFG, "sending DHCP REQUEST failed: %s", strerror(errno)); + return FALSE; + } + return TRUE; +} + +METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*, + private_dhcp_socket_t *this, identification_t *identity) +{ + dhcp_transaction_t *transaction; + u_int32_t id; + int try; + + this->rng->get_bytes(this->rng, sizeof(id), (u_int8_t*)&id); + transaction = dhcp_transaction_create(id, identity); + + this->mutex->lock(this->mutex); + this->discover->insert_last(this->discover, transaction); + try = 1; + while (try <= DHCP_TRIES && discover(this, transaction)) + { + if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && + this->request->find_first(this->request, NULL, + (void**)&transaction) == SUCCESS) + { + break; + } + try++; + } + if (this->discover->remove(this->discover, transaction, NULL)) + { /* no OFFER received */ + this->mutex->unlock(this->mutex); + transaction->destroy(transaction); + DBG1(DBG_CFG, "DHCP DISCOVER timed out"); + return NULL; + } + + try = 1; + while (try <= DHCP_TRIES && request(this, transaction)) + { + if (!this->condvar->timed_wait(this->condvar, this->mutex, 1000 * try) && + this->completed->remove(this->completed, transaction, NULL)) + { + break; + } + try++; + } + if (this->request->remove(this->request, transaction, NULL)) + { /* no ACK received */ + this->mutex->unlock(this->mutex); + transaction->destroy(transaction); + DBG1(DBG_CFG, "DHCP REQUEST timed out"); + return NULL; + } + this->mutex->unlock(this->mutex); + + return transaction; +} + +METHOD(dhcp_socket_t, release, void, + private_dhcp_socket_t *this, dhcp_transaction_t *transaction) +{ + dhcp_option_t *option; + dhcp_t dhcp; + host_t *release, *server; + chunk_t chunk; + int optlen; + + optlen = prepare_dhcp(this, transaction, DHCP_RELEASE, &dhcp); + + release = transaction->get_address(transaction); + server = transaction->get_server(transaction); + if (!release || !server) + { + return; + } + DBG1(DBG_CFG, "sending DHCP RELEASE for %H to %H", release, server); + + chunk = release->get_address(release); + memcpy(&dhcp.client_address, chunk.ptr, + min(chunk.len, sizeof(dhcp.client_address))); + + option = (dhcp_option_t*)&dhcp.options[optlen]; + option->type = DHCP_SERVER_ID; + option->len = 4; + chunk = server->get_address(server); + memcpy(option->data, chunk.ptr, min(chunk.len, option->len)); + optlen += sizeof(dhcp_option_t) + option->len; + + dhcp.options[optlen++] = DHCP_OPTEND; + + if (!send_dhcp(this, transaction, &dhcp, optlen)) + { + DBG1(DBG_CFG, "sending DHCP RELEASE failed: %s", strerror(errno)); + } +} + +/** + * Handle a DHCP OFFER + */ +static void handle_offer(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) +{ + dhcp_transaction_t *transaction = NULL; + enumerator_t *enumerator; + host_t *offer, *server; + + offer = host_create_from_chunk(AF_INET, + chunk_from_thing(dhcp->your_address), 0); + server = host_create_from_chunk(AF_INET, + chunk_from_thing(dhcp->server_address), DHCP_SERVER_PORT); + + this->mutex->lock(this->mutex); + enumerator = this->discover->create_enumerator(this->discover); + while (enumerator->enumerate(enumerator, &transaction)) + { + if (transaction->get_id(transaction) == dhcp->transaction_id) + { + DBG1(DBG_CFG, "received DHCP OFFER %H from %H", offer, server); + this->discover->remove_at(this->discover, enumerator); + this->request->insert_last(this->request, transaction); + transaction->set_address(transaction, offer->clone(offer)); + transaction->set_server(transaction, server->clone(server)); + break; + } + } + enumerator->destroy(enumerator); + + if (transaction) + { + int optsize, optpos = 0, pos; + dhcp_option_t *option; + + while (optlen > sizeof(dhcp_option_t)) + { + option = (dhcp_option_t*)&dhcp->options[optpos]; + optsize = sizeof(dhcp_option_t) + option->len; + if (option->type == DHCP_OPTEND || optlen < optsize) + { + break; + } + if (option->type == DHCP_DNS_SERVER || + option->type == DHCP_NBNS_SERVER) + { + for (pos = 0; pos + 4 <= option->len; pos += 4) + { + transaction->add_attribute(transaction, option->type == + DHCP_DNS_SERVER ? INTERNAL_IP4_DNS : INTERNAL_IP4_NBNS, + chunk_create((char*)&option->data[pos], 4)); + } + } + optlen -= optsize; + optpos += optsize; + } + } + this->mutex->unlock(this->mutex); + this->condvar->broadcast(this->condvar); + offer->destroy(offer); + server->destroy(server); +} + +/** + * Handle a DHCP ACK + */ +static void handle_ack(private_dhcp_socket_t *this, dhcp_t *dhcp, int optlen) +{ + dhcp_transaction_t *transaction; + enumerator_t *enumerator; + host_t *offer; + + offer = host_create_from_chunk(AF_INET, + chunk_from_thing(dhcp->your_address), 0); + + this->mutex->lock(this->mutex); + enumerator = this->request->create_enumerator(this->request); + while (enumerator->enumerate(enumerator, &transaction)) + { + if (transaction->get_id(transaction) == dhcp->transaction_id) + { + DBG1(DBG_CFG, "received DHCP ACK for %H", offer); + this->request->remove_at(this->request, enumerator); + this->completed->insert_last(this->completed, transaction); + break; + } + } + enumerator->destroy(enumerator); + this->mutex->unlock(this->mutex); + this->condvar->broadcast(this->condvar); + offer->destroy(offer); +} + +/** + * Receive DHCP responses + */ +static job_requeue_t receive_dhcp(private_dhcp_socket_t *this) +{ + struct sockaddr_ll addr; + socklen_t addr_len = sizeof(addr); + struct __attribute__((packed)) { + struct iphdr ip; + struct udphdr udp; + dhcp_t dhcp; + } packet; + int oldstate, optlen, origoptlen, optsize, optpos = 0; + ssize_t len; + dhcp_option_t *option; + + oldstate = thread_cancelability(TRUE); + len = recvfrom(this->receive, &packet, sizeof(packet), 0, + (struct sockaddr*)&addr, &addr_len); + thread_cancelability(oldstate); + + if (len >= sizeof(struct iphdr) + sizeof(struct udphdr) + + offsetof(dhcp_t, options)) + { + origoptlen = optlen = len - sizeof(struct iphdr) + + sizeof(struct udphdr) + offsetof(dhcp_t, options); + while (optlen > sizeof(dhcp_option_t)) + { + option = (dhcp_option_t*)&packet.dhcp.options[optpos]; + optsize = sizeof(dhcp_option_t) + option->len; + if (option->type == DHCP_OPTEND || optlen < optsize) + { + break; + } + if (option->type == DHCP_MESSAGE_TYPE && option->len == 1) + { + switch (option->data[0]) + { + case DHCP_OFFER: + handle_offer(this, &packet.dhcp, origoptlen); + break; + case DHCP_ACK: + handle_ack(this, &packet.dhcp, origoptlen); + default: + break; + } + break; + } + optlen -= optsize; + optpos += optsize; + } + } + return JOB_REQUEUE_DIRECT; +} + +METHOD(dhcp_socket_t, destroy, void, + private_dhcp_socket_t *this) +{ + if (this->job) + { + this->job->cancel(this->job); + } + while (this->waiting) + { + this->condvar->signal(this->condvar); + } + if (this->send > 0) + { + close(this->send); + } + if (this->receive > 0) + { + close(this->receive); + } + this->mutex->destroy(this->mutex); + this->condvar->destroy(this->condvar); + this->discover->destroy_offset(this->discover, + offsetof(dhcp_transaction_t, destroy)); + this->request->destroy_offset(this->request, + offsetof(dhcp_transaction_t, destroy)); + this->completed->destroy_offset(this->completed, + offsetof(dhcp_transaction_t, destroy)); + DESTROY_IF(this->rng); + DESTROY_IF(this->dst); + free(this); +} + +/** + * See header + */ +dhcp_socket_t *dhcp_socket_create() +{ + private_dhcp_socket_t *this; + struct sockaddr_in src; + int on = 1; + struct sock_filter dhcp_filter_code[] = { + BPF_STMT(BPF_LD+BPF_B+BPF_ABS, + offsetof(struct iphdr, protocol)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, IPPROTO_UDP, 0, 16), + BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + + offsetof(struct udphdr, source)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 14), + BPF_STMT(BPF_LD+BPF_H+BPF_ABS, sizeof(struct iphdr) + + offsetof(struct udphdr, dest)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_CLIENT_PORT, 0, 2), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, DHCP_SERVER_PORT, 0, 1), + BPF_JUMP(BPF_JMP+BPF_JA, 0, 0, 10), + BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + + sizeof(struct udphdr) + offsetof(dhcp_t, opcode)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, BOOTREPLY, 0, 8), + BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + + sizeof(struct udphdr) + offsetof(dhcp_t, hw_type)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPHRD_ETHER, 0, 6), + BPF_STMT(BPF_LD+BPF_B+BPF_ABS, sizeof(struct iphdr) + + sizeof(struct udphdr) + offsetof(dhcp_t, hw_addr_len)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 4), + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, sizeof(struct iphdr) + + sizeof(struct udphdr) + offsetof(dhcp_t, magic_cookie)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0x63825363, 0, 2), + BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0), + BPF_STMT(BPF_RET+BPF_A, 0), + BPF_STMT(BPF_RET+BPF_K, 0), + }; + struct sock_fprog dhcp_filter = { + sizeof(dhcp_filter_code) / sizeof(struct sock_filter), + dhcp_filter_code, + }; + + INIT(this, + .public = { + .enroll = _enroll, + .release = _release, + .destroy = _destroy, + }, + .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + .discover = linked_list_create(), + .request = linked_list_create(), + .completed = linked_list_create(), + ); + + if (!this->rng) + { + DBG1(DBG_CFG, "unable to create RNG"); + destroy(this); + return NULL; + } + this->identity_lease = lib->settings->get_bool(lib->settings, + "charon.plugins.dhcp.identity_lease", FALSE); + this->dst = host_create_from_string(lib->settings->get_str(lib->settings, + "charon.plugins.dhcp.server", "255.255.255.255"), + DHCP_SERVER_PORT); + if (!this->dst) + { + DBG1(DBG_CFG, "configured DHCP server address invalid"); + destroy(this); + return NULL; + } + + this->send = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (this->send == -1) + { + DBG1(DBG_CFG, "unable to create DHCP send socket: %s", strerror(errno)); + destroy(this); + return NULL; + } + if (setsockopt(this->send, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) + { + DBG1(DBG_CFG, "unable to reuse DHCP socket address: %s", strerror(errno)); + destroy(this); + return NULL; + } + if (setsockopt(this->send, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) == -1) + { + DBG1(DBG_CFG, "unable to broadcast on DHCP socket: %s", strerror(errno)); + destroy(this); + return NULL; + } + src.sin_family = AF_INET; + src.sin_port = htons(DHCP_CLIENT_PORT); + src.sin_addr.s_addr = INADDR_ANY; + if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1) + { + DBG1(DBG_CFG, "unable to bind DHCP send socket: %s", strerror(errno)); + destroy(this); + return NULL; + } + + this->receive = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_IP)); + if (this->receive == -1) + { + DBG1(DBG_NET, "opening DHCP receive socket failed: %s", strerror(errno)); + destroy(this); + return NULL; + } + if (setsockopt(this->receive, SOL_SOCKET, SO_ATTACH_FILTER, + &dhcp_filter, sizeof(dhcp_filter)) < 0) + { + DBG1(DBG_CFG, "installing DHCP socket filter failed: %s", + strerror(errno)); + destroy(this); + return NULL; + } + + this->job = callback_job_create((callback_job_cb_t)receive_dhcp, + this, NULL, NULL); + charon->processor->queue_job(charon->processor, (job_t*)this->job); + + return &this->public; +} + diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.h b/src/libcharon/plugins/dhcp/dhcp_socket.h new file mode 100644 index 000000000..0a8398aba --- /dev/null +++ b/src/libcharon/plugins/dhcp/dhcp_socket.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup dhcp_socket dhcp_socket + * @{ @ingroup dhcp + */ + +#ifndef DHCP_SOCKET_H_ +#define DHCP_SOCKET_H_ + +typedef struct dhcp_socket_t dhcp_socket_t; + +#include "dhcp_transaction.h" + +/** + * DHCP socket implementation + */ +struct dhcp_socket_t { + + /** + * Enroll a client address using DHCP. + * + * @param identity peer identity to enroll an address for + * @return completed DHCP transaction, NULL on failure + */ + dhcp_transaction_t* (*enroll)(dhcp_socket_t *this, + identification_t *identity); + + /** + * Release an enrolled DHCP address. + * + * @param transaction transaction returned by enroll + */ + void (*release)(dhcp_socket_t *this, dhcp_transaction_t *transaction); + + /** + * Destroy a dhcp_socket_t. + */ + void (*destroy)(dhcp_socket_t *this); +}; + +/** + * Create a dhcp_socket instance. + */ +dhcp_socket_t *dhcp_socket_create(); + +#endif /** DHCP_SOCKET_H_ @}*/ diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.c b/src/libcharon/plugins/dhcp/dhcp_transaction.c new file mode 100644 index 000000000..83f822dd8 --- /dev/null +++ b/src/libcharon/plugins/dhcp/dhcp_transaction.c @@ -0,0 +1,184 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "dhcp_transaction.h" + +#include <utils/linked_list.h> + +typedef struct private_dhcp_transaction_t private_dhcp_transaction_t; + +/** + * Private data of an dhcp_transaction_t object. + */ +struct private_dhcp_transaction_t { + + /** + * Public dhcp_transaction_t interface. + */ + dhcp_transaction_t public; + + /** + * DHCP transaction ID + */ + u_int32_t id; + + /** + * Peer identity + */ + identification_t *identity; + + /** + * received DHCP address + */ + host_t *address; + + /** + * discovered DHCP server address + */ + host_t *server; + + /** + * List of added attributes, as attribute_entry_t + */ + linked_list_t *attributes; +}; + +/** + * Entry for an added attribute + */ +typedef struct { + configuration_attribute_type_t type; + chunk_t data; +} attribute_entry_t; + +METHOD(dhcp_transaction_t, get_id, u_int32_t, + private_dhcp_transaction_t *this) +{ + return this->id; +} + +METHOD(dhcp_transaction_t, get_identity, identification_t*, + private_dhcp_transaction_t *this) +{ + return this->identity; +} + +METHOD(dhcp_transaction_t, set_address, void, + private_dhcp_transaction_t *this, host_t *address) +{ + DESTROY_IF(this->address); + this->address = address; +} + +METHOD(dhcp_transaction_t, get_address, host_t*, + private_dhcp_transaction_t *this) +{ + return this->address; +} + +METHOD(dhcp_transaction_t, set_server, void, + private_dhcp_transaction_t *this, host_t *server) +{ + DESTROY_IF(this->server); + this->server = server; +} + +METHOD(dhcp_transaction_t, get_server, host_t*, + private_dhcp_transaction_t *this) +{ + return this->server; +} + +METHOD(dhcp_transaction_t, add_attribute, void, + private_dhcp_transaction_t *this, configuration_attribute_type_t type, + chunk_t data) +{ + attribute_entry_t *entry; + + INIT(entry, + .type = type, + .data = chunk_clone(data), + ); + this->attributes->insert_last(this->attributes, entry); +} + +/** + * Filter function to map entries to type/data + */ +static bool attribute_filter(void *null, attribute_entry_t **entry, + configuration_attribute_type_t *type, + void **dummy, chunk_t *data) +{ + *type = (*entry)->type; + *data = (*entry)->data; + return TRUE; +} + +METHOD(dhcp_transaction_t, create_attribute_enumerator, enumerator_t*, + private_dhcp_transaction_t *this) +{ + return enumerator_create_filter( + this->attributes->create_enumerator(this->attributes), + (void*)attribute_filter, NULL, NULL); +} + +/** + * Clean up an attribute entry + */ +static void attribute_entry_destroy(attribute_entry_t *entry) +{ + free(entry->data.ptr); + free(entry); +} + +METHOD(dhcp_transaction_t, destroy, void, + private_dhcp_transaction_t *this) +{ + this->identity->destroy(this->identity); + DESTROY_IF(this->address); + DESTROY_IF(this->server); + this->attributes->destroy_function(this->attributes, + (void*)attribute_entry_destroy); + free(this); +} + +/** + * See header + */ +dhcp_transaction_t *dhcp_transaction_create(u_int32_t id, + identification_t *identity) +{ + private_dhcp_transaction_t *this; + + INIT(this, + .public = { + .get_id = _get_id, + .get_identity = _get_identity, + .set_address = _set_address, + .get_address = _get_address, + .set_server = _set_server, + .get_server = _get_server, + .add_attribute = _add_attribute, + .create_attribute_enumerator = _create_attribute_enumerator, + .destroy = _destroy, + }, + .id = id, + .identity = identity->clone(identity), + .attributes = linked_list_create(), + ); + + return &this->public; +} + diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.h b/src/libcharon/plugins/dhcp/dhcp_transaction.h new file mode 100644 index 000000000..19c163f88 --- /dev/null +++ b/src/libcharon/plugins/dhcp/dhcp_transaction.h @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup dhcp_transaction dhcp_transaction + * @{ @ingroup dhcp + */ + +#ifndef DHCP_TRANSACTION_H_ +#define DHCP_TRANSACTION_H_ + +#include <utils/host.h> +#include <utils/identification.h> +#include <attributes/attributes.h> + +typedef struct dhcp_transaction_t dhcp_transaction_t; + +/** + * DHCP transaction class. + */ +struct dhcp_transaction_t { + + /** + * Get the DCHP transaction ID. + * + * @return DHCP transaction identifier + */ + u_int32_t (*get_id)(dhcp_transaction_t *this); + + /** + * Get the peer identity this transaction is used for. + * + * @return peer Identity + */ + identification_t* (*get_identity)(dhcp_transaction_t *this); + + /** + * Set the DHCP address received using this transaction. + * + * @param host received DHCP address + */ + void (*set_address)(dhcp_transaction_t *this, host_t *address); + + /** + * Get the DHCP address received using this transaction. + * + * @return received DHCP address + */ + host_t* (*get_address)(dhcp_transaction_t *this); + + /** + * Set the DCHP server address discovered. + * + * @param server DHCP server address + */ + void (*set_server)(dhcp_transaction_t *this, host_t *server); + + /** + * Get the DHCP server address. + * + * @return DHCP server address + */ + host_t* (*get_server)(dhcp_transaction_t *this); + + /** + * An an additional attribute to serve to peer. + * + * @param type type of attribute + * @param data attribute data + */ + void (*add_attribute)(dhcp_transaction_t *this, + configuration_attribute_type_t type, chunk_t data); + + /** + * Create an enumerator over added attributes. + * + * @return enumerator over (configuration_attribute_t, chunk_t) + */ + enumerator_t* (*create_attribute_enumerator)(dhcp_transaction_t *this); + + /** + * Destroy a dhcp_transaction_t. + */ + void (*destroy)(dhcp_transaction_t *this); +}; + +/** + * Create a dhcp_transaction instance. + * + * @param id DHCP transaction identifier + * @param identity peer identity this transaction is used for + * @return transaction instance + */ +dhcp_transaction_t *dhcp_transaction_create(u_int32_t id, + identification_t *identity); + +#endif /** DHCP_TRANSACTION_H_ @}*/ diff --git a/src/libcharon/plugins/eap_aka/Makefile.am b/src/libcharon/plugins/eap_aka/Makefile.am new file mode 100644 index 000000000..d37d1691c --- /dev/null +++ b/src/libcharon/plugins/eap_aka/Makefile.am @@ -0,0 +1,19 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-aka.la +else +plugin_LTLIBRARIES = libstrongswan-eap-aka.la +libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +endif + +libstrongswan_eap_aka_la_SOURCES = \ + eap_aka_plugin.h eap_aka_plugin.c \ + eap_aka_peer.h eap_aka_peer.c \ + eap_aka_server.h eap_aka_server.c + +libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index d241e1ad0..1cea81a9b 100644 --- a/src/charon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_aka +subdir = src/libcharon/plugins/eap_aka DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,9 +72,9 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eap_aka_la_DEPENDENCIES = \ - $(top_builddir)/src/libsimaka/libsimaka.la +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +@MONOLITHIC_FALSE@libstrongswan_eap_aka_la_DEPENDENCIES = \ +@MONOLITHIC_FALSE@ $(top_builddir)/src/libsimaka/libsimaka.la am_libstrongswan_eap_aka_la_OBJECTS = eap_aka_plugin.lo \ eap_aka_peer.lo eap_aka_server.lo libstrongswan_eap_aka_la_OBJECTS = \ @@ -82,6 +82,9 @@ libstrongswan_eap_aka_la_OBJECTS = \ libstrongswan_eap_aka_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_aka_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_aka_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_aka_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,16 +258,18 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ - -I$(top_srcdir)/src/libsimaka +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-aka.la -libstrongswan_eap_aka_la_SOURCES = eap_aka_plugin.h eap_aka_plugin.c \ - eap_aka_peer.h eap_aka_peer.c \ - eap_aka_server.h eap_aka_server.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka.la +@MONOLITHIC_FALSE@libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_aka_la_SOURCES = \ + eap_aka_plugin.h eap_aka_plugin.c \ + eap_aka_peer.h eap_aka_peer.c \ + eap_aka_server.h eap_aka_server.c -libstrongswan_eap_aka_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la libstrongswan_eap_aka_la_LDFLAGS = -module -avoid-version all: all-am @@ -278,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_aka/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -299,6 +305,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -331,7 +346,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-aka.la: $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_DEPENDENCIES) - $(libstrongswan_eap_aka_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_LIBADD) $(LIBS) + $(libstrongswan_eap_aka_la_LINK) $(am_libstrongswan_eap_aka_la_rpath) $(libstrongswan_eap_aka_la_OBJECTS) $(libstrongswan_eap_aka_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -486,8 +501,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -558,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c index 26546809d..26546809d 100644 --- a/src/charon/plugins/eap_aka/eap_aka_peer.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c diff --git a/src/charon/plugins/eap_aka/eap_aka_peer.h b/src/libcharon/plugins/eap_aka/eap_aka_peer.h index 65a210406..65a210406 100644 --- a/src/charon/plugins/eap_aka/eap_aka_peer.h +++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.h diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.c b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c index c44a08966..f9283393a 100644 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.c @@ -35,7 +35,7 @@ static void destroy(eap_aka_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *eap_aka_plugin_create() { eap_aka_plugin_t *this = malloc_thing(eap_aka_plugin_t); diff --git a/src/charon/plugins/eap_aka/eap_aka_plugin.h b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h index 938e5ecbd..d011904b3 100644 --- a/src/charon/plugins/eap_aka/eap_aka_plugin.h +++ b/src/libcharon/plugins/eap_aka/eap_aka_plugin.h @@ -42,9 +42,4 @@ struct eap_aka_plugin_t { plugin_t plugin; }; -/** - * Create a eap_aka_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_AKA_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c index 9baff3e23..9baff3e23 100644 --- a/src/charon/plugins/eap_aka/eap_aka_server.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c diff --git a/src/charon/plugins/eap_aka/eap_aka_server.h b/src/libcharon/plugins/eap_aka/eap_aka_server.h index d48fc4c34..d48fc4c34 100644 --- a/src/charon/plugins/eap_aka/eap_aka_server.h +++ b/src/libcharon/plugins/eap_aka/eap_aka_server.h diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am new file mode 100644 index 000000000..598799e2a --- /dev/null +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.am @@ -0,0 +1,20 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la +else +plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la +endif + +libstrongswan_eap_aka_3gpp2_la_SOURCES = \ + eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \ + eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \ + eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \ + eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c + +libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp diff --git a/src/charon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index b80f97f95..d0b0f5601 100644 --- a/src/charon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_aka_3gpp2 +subdir = src/libcharon/plugins/eap_aka_3gpp2 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_aka_3gpp2_la_DEPENDENCIES = am_libstrongswan_eap_aka_3gpp2_la_OBJECTS = eap_aka_3gpp2_plugin.lo \ eap_aka_3gpp2_card.lo eap_aka_3gpp2_provider.lo \ @@ -83,6 +83,9 @@ libstrongswan_eap_aka_3gpp2_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_aka_3gpp2_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_aka_3gpp2_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_aka_3gpp2_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,14 +259,17 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-aka-3gpp2.la libstrongswan_eap_aka_3gpp2_la_SOURCES = \ - eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \ - eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \ - eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \ - eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c + eap_aka_3gpp2_plugin.h eap_aka_3gpp2_plugin.c \ + eap_aka_3gpp2_card.h eap_aka_3gpp2_card.c \ + eap_aka_3gpp2_provider.h eap_aka_3gpp2_provider.c \ + eap_aka_3gpp2_functions.h eap_aka_3gpp2_functions.c libstrongswan_eap_aka_3gpp2_la_LDFLAGS = -module -avoid-version libstrongswan_eap_aka_3gpp2_la_LIBADD = -lgmp @@ -279,9 +286,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_aka_3gpp2/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_aka_3gpp2/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -300,6 +307,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -332,7 +348,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-aka-3gpp2.la: $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_DEPENDENCIES) - $(libstrongswan_eap_aka_3gpp2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_LIBADD) $(LIBS) + $(libstrongswan_eap_aka_3gpp2_la_LINK) $(am_libstrongswan_eap_aka_3gpp2_la_rpath) $(libstrongswan_eap_aka_3gpp2_la_OBJECTS) $(libstrongswan_eap_aka_3gpp2_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -488,8 +504,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -560,18 +576,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c index 5c0fe38ad..5c0fe38ad 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h index b95bc52af..b95bc52af 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.h diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c index 1d3d246d1..1d3d246d1 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h index 95c6da6a9..95c6da6a9 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.h diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c index 5286e0986..626e83311 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.c @@ -64,7 +64,7 @@ static void destroy(private_eap_aka_3gpp2_t *this) /** * See header */ -plugin_t *plugin_create() +plugin_t *eap_aka_3gpp2_plugin_create() { private_eap_aka_3gpp2_t *this = malloc_thing(private_eap_aka_3gpp2_t); diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h index ed5c4cf3e..2ac450a7d 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_plugin.h @@ -54,9 +54,4 @@ struct eap_aka_3gpp2_plugin_t { plugin_t plugin; }; -/** - * Create a eap_aka_3gpp2_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_AKA_3GPP2_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c index 9817fff8f..9817fff8f 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c diff --git a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h index 22ac0a96e..22ac0a96e 100644 --- a/src/charon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.h diff --git a/src/libcharon/plugins/eap_gtc/Makefile.am b/src/libcharon/plugins/eap_gtc/Makefile.am new file mode 100644 index 000000000..d8722bf9d --- /dev/null +++ b/src/libcharon/plugins/eap_gtc/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-gtc.la +else +plugin_LTLIBRARIES = libstrongswan-eap-gtc.la +endif + +libstrongswan_eap_gtc_la_SOURCES = \ + eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c + +libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam diff --git a/src/charon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index f3662e1cd..110e1528b 100644 --- a/src/charon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_gtc +subdir = src/libcharon/plugins/eap_gtc DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_gtc_la_LIBADD = am_libstrongswan_eap_gtc_la_OBJECTS = eap_gtc_plugin.lo eap_gtc.lo libstrongswan_eap_gtc_la_OBJECTS = \ @@ -80,6 +80,9 @@ libstrongswan_eap_gtc_la_OBJECTS = \ libstrongswan_eap_gtc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_gtc_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_gtc_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_gtc_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -252,10 +256,15 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-gtc.la -libstrongswan_eap_gtc_la_SOURCES = eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-gtc.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-gtc.la +libstrongswan_eap_gtc_la_SOURCES = \ + eap_gtc_plugin.h eap_gtc_plugin.c eap_gtc.h eap_gtc.c + libstrongswan_eap_gtc_la_LDFLAGS = -module -avoid-version -lpam all: all-am @@ -270,9 +279,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_gtc/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -291,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -323,7 +341,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-gtc.la: $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_DEPENDENCIES) - $(libstrongswan_eap_gtc_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_LIBADD) $(LIBS) + $(libstrongswan_eap_gtc_la_LINK) $(am_libstrongswan_eap_gtc_la_rpath) $(libstrongswan_eap_gtc_la_OBJECTS) $(libstrongswan_eap_gtc_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -477,8 +495,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -549,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index c7f55fa70..c7f55fa70 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c diff --git a/src/charon/plugins/eap_gtc/eap_gtc.h b/src/libcharon/plugins/eap_gtc/eap_gtc.h index 2eb8482f8..2eb8482f8 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc.h +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.h diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c index 8550c254c..91ba84b3d 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c @@ -37,7 +37,7 @@ static void destroy(eap_gtc_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *eap_gtc_plugin_create() { eap_gtc_plugin_t *this = malloc_thing(eap_gtc_plugin_t); diff --git a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h index abb6bdcb6..9c4052a6d 100644 --- a/src/charon/plugins/eap_gtc/eap_gtc_plugin.h +++ b/src/libcharon/plugins/eap_gtc/eap_gtc_plugin.h @@ -39,9 +39,4 @@ struct eap_gtc_plugin_t { plugin_t plugin; }; -/** - * Create a eap_gtc_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_GTC_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_identity/Makefile.am b/src/libcharon/plugins/eap_identity/Makefile.am index 992eb43f7..2a7c764b0 100644 --- a/src/charon/plugins/eap_identity/Makefile.am +++ b/src/libcharon/plugins/eap_identity/Makefile.am @@ -1,10 +1,16 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-identity.la +else plugin_LTLIBRARIES = libstrongswan-eap-identity.la +endif + libstrongswan_eap_identity_la_SOURCES = \ - eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c -libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version + eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c +libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 80709246f..bbb987dd6 100644 --- a/src/charon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_identity +subdir = src/libcharon/plugins/eap_identity DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_identity_la_LIBADD = am_libstrongswan_eap_identity_la_OBJECTS = eap_identity_plugin.lo \ eap_identity.lo @@ -82,6 +82,9 @@ libstrongswan_eap_identity_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_identity_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_identity_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_identity_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,11 +258,14 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-identity.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-identity.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-identity.la libstrongswan_eap_identity_la_SOURCES = \ - eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c + eap_identity_plugin.h eap_identity_plugin.c eap_identity.h eap_identity.c libstrongswan_eap_identity_la_LDFLAGS = -module -avoid-version all: all-am @@ -274,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_identity/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -295,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -327,7 +343,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-identity.la: $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_DEPENDENCIES) - $(libstrongswan_eap_identity_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_LIBADD) $(LIBS) + $(libstrongswan_eap_identity_la_LINK) $(am_libstrongswan_eap_identity_la_rpath) $(libstrongswan_eap_identity_la_OBJECTS) $(libstrongswan_eap_identity_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +497,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c index ab082a955..ab082a955 100644 --- a/src/charon/plugins/eap_identity/eap_identity.c +++ b/src/libcharon/plugins/eap_identity/eap_identity.c diff --git a/src/charon/plugins/eap_identity/eap_identity.h b/src/libcharon/plugins/eap_identity/eap_identity.h index 7364a8bda..7364a8bda 100644 --- a/src/charon/plugins/eap_identity/eap_identity.h +++ b/src/libcharon/plugins/eap_identity/eap_identity.h diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.c b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c index a623e1951..082997154 100644 --- a/src/charon/plugins/eap_identity/eap_identity_plugin.c +++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.c @@ -34,7 +34,7 @@ static void destroy(eap_identity_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *eap_identity_plugin_create() { eap_identity_plugin_t *this = malloc_thing(eap_identity_plugin_t); diff --git a/src/charon/plugins/eap_identity/eap_identity_plugin.h b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h index 0a7fb8228..274156a1b 100644 --- a/src/charon/plugins/eap_identity/eap_identity_plugin.h +++ b/src/libcharon/plugins/eap_identity/eap_identity_plugin.h @@ -39,9 +39,4 @@ struct eap_identity_plugin_t { plugin_t plugin; }; -/** - * Create a eap_identity_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_IDENTITY_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/eap_md5/Makefile.am b/src/libcharon/plugins/eap_md5/Makefile.am new file mode 100644 index 000000000..e9936c925 --- /dev/null +++ b/src/libcharon/plugins/eap_md5/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-md5.la +else +plugin_LTLIBRARIES = libstrongswan-eap-md5.la +endif + +libstrongswan_eap_md5_la_SOURCES = \ + eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c + +libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 21ac7fa92..943811604 100644 --- a/src/charon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_md5 +subdir = src/libcharon/plugins/eap_md5 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_md5_la_LIBADD = am_libstrongswan_eap_md5_la_OBJECTS = eap_md5_plugin.lo eap_md5.lo libstrongswan_eap_md5_la_OBJECTS = \ @@ -80,6 +80,9 @@ libstrongswan_eap_md5_la_OBJECTS = \ libstrongswan_eap_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_md5_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_md5_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_md5_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -252,10 +256,15 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-md5.la -libstrongswan_eap_md5_la_SOURCES = eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-md5.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-md5.la +libstrongswan_eap_md5_la_SOURCES = \ + eap_md5_plugin.h eap_md5_plugin.c eap_md5.h eap_md5.c + libstrongswan_eap_md5_la_LDFLAGS = -module -avoid-version all: all-am @@ -270,9 +279,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_md5/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -291,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -323,7 +341,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-md5.la: $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_DEPENDENCIES) - $(libstrongswan_eap_md5_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_LIBADD) $(LIBS) + $(libstrongswan_eap_md5_la_LINK) $(am_libstrongswan_eap_md5_la_rpath) $(libstrongswan_eap_md5_la_OBJECTS) $(libstrongswan_eap_md5_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -477,8 +495,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -549,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c index 0eda8f755..0eda8f755 100644 --- a/src/charon/plugins/eap_md5/eap_md5.c +++ b/src/libcharon/plugins/eap_md5/eap_md5.c diff --git a/src/charon/plugins/eap_md5/eap_md5.h b/src/libcharon/plugins/eap_md5/eap_md5.h index 3cff0dd79..3cff0dd79 100644 --- a/src/charon/plugins/eap_md5/eap_md5.h +++ b/src/libcharon/plugins/eap_md5/eap_md5.h diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.c b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c index 629255ebf..e716dc6e8 100644 --- a/src/charon/plugins/eap_md5/eap_md5_plugin.c +++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.c @@ -34,7 +34,7 @@ static void destroy(eap_md5_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *eap_md5_plugin_create() { eap_md5_plugin_t *this = malloc_thing(eap_md5_plugin_t); diff --git a/src/charon/plugins/eap_md5/eap_md5_plugin.h b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h index eb5b38e94..e5e1a6e94 100644 --- a/src/charon/plugins/eap_md5/eap_md5_plugin.h +++ b/src/libcharon/plugins/eap_md5/eap_md5_plugin.h @@ -39,9 +39,4 @@ struct eap_md5_plugin_t { plugin_t plugin; }; -/** - * Create a eap_md5_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_MD5_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_mschapv2/Makefile.am b/src/libcharon/plugins/eap_mschapv2/Makefile.am index 4758ad5f3..b9555b3c1 100644 --- a/src/charon/plugins/eap_mschapv2/Makefile.am +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.am @@ -1,12 +1,17 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-mschapv2.la +else plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la +endif libstrongswan_eap_mschapv2_la_SOURCES = \ eap_mschapv2_plugin.h eap_mschapv2_plugin.c \ eap_mschapv2.h eap_mschapv2.c -libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index 001818481..2f6c65df4 100644 --- a/src/charon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_mschapv2 +subdir = src/libcharon/plugins/eap_mschapv2 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_mschapv2_la_LIBADD = am_libstrongswan_eap_mschapv2_la_OBJECTS = eap_mschapv2_plugin.lo \ eap_mschapv2.lo @@ -82,6 +82,9 @@ libstrongswan_eap_mschapv2_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_mschapv2_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_mschapv2_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_mschapv2_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,9 +258,12 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-mschapv2.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la libstrongswan_eap_mschapv2_la_SOURCES = \ eap_mschapv2_plugin.h eap_mschapv2_plugin.c \ eap_mschapv2.h eap_mschapv2.c @@ -275,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -296,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +344,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-mschapv2.la: $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_DEPENDENCIES) - $(libstrongswan_eap_mschapv2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_LIBADD) $(LIBS) + $(libstrongswan_eap_mschapv2_la_LINK) $(am_libstrongswan_eap_mschapv2_la_rpath) $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -482,8 +498,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -554,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index f0222840d..c1ccf72eb 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2009 Tobias Brunner + * Copyright (C) 2010 Martin Willi * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -460,37 +461,31 @@ static status_t GenerateMSK(chunk_t password_hash_hash, static status_t GenerateStuff(private_eap_mschapv2_t *this, chunk_t server_challenge, chunk_t peer_challenge, - chunk_t username, chunk_t password) + chunk_t username, chunk_t nt_hash) { status_t status = FAILED; - chunk_t password_hash = chunk_empty, password_hash_hash = chunk_empty, - challenge_hash = chunk_empty; + chunk_t nt_hash_hash = chunk_empty, challenge_hash = chunk_empty; - if (NtPasswordHash(password, &password_hash) != SUCCESS) - { - goto error; - } - if (NtPasswordHash(password_hash, &password_hash_hash) != SUCCESS) + if (NtPasswordHash(nt_hash, &nt_hash_hash) != SUCCESS) { goto error; } if (ChallengeHash(peer_challenge, server_challenge, username, - &challenge_hash) != SUCCESS) + &challenge_hash) != SUCCESS) { goto error; } - - if (ChallengeResponse(challenge_hash, password_hash, - &this->nt_response) != SUCCESS) + if (ChallengeResponse(challenge_hash, nt_hash, + &this->nt_response) != SUCCESS) { goto error; } - if (AuthenticatorResponse(password_hash_hash, challenge_hash, - this->nt_response, &this->auth_response) != SUCCESS) + if (AuthenticatorResponse(nt_hash_hash, challenge_hash, + this->nt_response, &this->auth_response) != SUCCESS) { goto error; } - if (GenerateMSK(password_hash_hash, this->nt_response, &this->msk) != SUCCESS) + if (GenerateMSK(nt_hash_hash, this->nt_response, &this->msk) != SUCCESS) { goto error; } @@ -498,8 +493,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, status = SUCCESS; error: - chunk_free(&password_hash); - chunk_free(&password_hash_hash); + chunk_free(&nt_hash_hash); chunk_free(&challenge_hash); return status; } @@ -613,6 +607,39 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou return NEED_MORE; } +static bool get_nt_hash(private_eap_mschapv2_t *this, identification_t *me, + identification_t *other, chunk_t *nt_hash) +{ + shared_key_t *shared; + chunk_t password; + + /* try to find a stored NT_HASH first */ + shared = charon->credentials->get_shared(charon->credentials, + SHARED_NT_HASH, me, other); + if (shared ) + { + *nt_hash = chunk_clone(shared->get_key(shared)); + shared->destroy(shared); + return TRUE; + } + + /* fallback to plaintext password */ + shared = charon->credentials->get_shared(charon->credentials, + SHARED_EAP, me, other); + if (shared) + { + password = ascii_to_unicode(shared->get_key(shared)); + shared->destroy(shared); + + if (NtPasswordHash(password, nt_hash) == SUCCESS) + { + chunk_clear(&password); + return TRUE; + } + chunk_clear(&password); + } + return FALSE; +} /** * Process MS-CHAPv2 Challenge Requests @@ -624,8 +651,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, eap_mschapv2_header_t *eap; eap_mschapv2_challenge_t *cha; eap_mschapv2_response_t *res; - shared_key_t *shared; - chunk_t data, peer_challenge, username, password; + chunk_t data, peer_challenge, username, nt_hash; u_int16_t len = RESPONSE_PAYLOAD_LEN; data = in->get_data(in); @@ -660,28 +686,24 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr); rng->destroy(rng); - shared = charon->credentials->get_shared(charon->credentials, - SHARED_EAP, this->peer, this->server); - if (shared == NULL) + if (!get_nt_hash(this, this->peer, this->server, &nt_hash)) { DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'", this->server, this->peer); return NOT_FOUND; } - password = ascii_to_unicode(shared->get_key(shared)); - shared->destroy(shared); - username = extract_username(this->peer); len += username.len; - if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) + if (GenerateStuff(this, this->challenge, peer_challenge, + username, nt_hash) != SUCCESS) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 generating NT-Response failed"); - chunk_clear(&password); + chunk_clear(&nt_hash); return FAILED; } - chunk_clear(&password); + chunk_clear(&nt_hash); eap = alloca(len); eap->code = EAP_RESPONSE; @@ -995,9 +1017,8 @@ static status_t process_server_response(private_eap_mschapv2_t *this, { eap_mschapv2_header_t *eap; eap_mschapv2_response_t *res; - chunk_t data, peer_challenge, username, password; + chunk_t data, peer_challenge, username, nt_hash; identification_t *userid; - shared_key_t *shared; int name_len; char buf[256]; @@ -1019,9 +1040,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this, DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid); username = extract_username(userid); - shared = charon->credentials->get_shared(charon->credentials, - SHARED_EAP, this->server, userid); - if (shared == NULL) + if (!get_nt_hash(this, this->server, userid, &nt_hash)) { DBG1(DBG_IKE, "no EAP key found for hosts '%Y' - '%Y'", this->server, userid); @@ -1035,21 +1054,19 @@ static status_t process_server_response(private_eap_mschapv2_t *this, return process_server_retry(this, out); } - password = ascii_to_unicode(shared->get_key(shared)); - shared->destroy(shared); - if (GenerateStuff(this, this->challenge, peer_challenge, - username, password) != SUCCESS) + username, nt_hash) != SUCCESS) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); userid->destroy(userid); - chunk_clear(&password); + chunk_clear(&nt_hash); return FAILED; } userid->destroy(userid); - chunk_clear(&password); + chunk_clear(&nt_hash); - if (memeq(res->response.nt_response, this->nt_response.ptr, this->nt_response.len)) + if (memeq(res->response.nt_response, this->nt_response.ptr, + this->nt_response.len)) { chunk_t hex; char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)]; diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h index 34cc1141e..34cc1141e 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.h +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.h diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c index 404cecb20..a7b41ddbf 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.c @@ -34,7 +34,7 @@ static void destroy(eap_mschapv2_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *eap_mschapv2_plugin_create() { eap_mschapv2_plugin_t *this = malloc_thing(eap_mschapv2_plugin_t); diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h index 9048fc64e..f250a9d47 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.h +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2_plugin.h @@ -39,9 +39,4 @@ struct eap_mschapv2_plugin_t { plugin_t plugin; }; -/** - * Create a eap_mschapv2_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_MSCHAPV2_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/eap_radius/Makefile.am b/src/libcharon/plugins/eap_radius/Makefile.am new file mode 100644 index 000000000..a3abd4124 --- /dev/null +++ b/src/libcharon/plugins/eap_radius/Makefile.am @@ -0,0 +1,19 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-radius.la +else +plugin_LTLIBRARIES = libstrongswan-eap-radius.la +endif + +libstrongswan_eap_radius_la_SOURCES = \ + eap_radius_plugin.h eap_radius_plugin.c \ + eap_radius.h eap_radius.c \ + radius_client.h radius_client.c \ + radius_message.h radius_message.c + +libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index eb135e750..18427adef 100644 --- a/src/charon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_radius +subdir = src/libcharon/plugins/eap_radius DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_radius_la_LIBADD = am_libstrongswan_eap_radius_la_OBJECTS = eap_radius_plugin.lo \ eap_radius.lo radius_client.lo radius_message.lo @@ -82,6 +82,9 @@ libstrongswan_eap_radius_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eap_radius_la_LDFLAGS) \ $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_radius_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_radius_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,14 +258,17 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-radius.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-radius.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-radius.la libstrongswan_eap_radius_la_SOURCES = \ - eap_radius_plugin.h eap_radius_plugin.c \ - eap_radius.h eap_radius.c \ - radius_client.h radius_client.c \ - radius_message.h radius_message.c + eap_radius_plugin.h eap_radius_plugin.c \ + eap_radius.h eap_radius.c \ + radius_client.h radius_client.c \ + radius_message.h radius_message.c libstrongswan_eap_radius_la_LDFLAGS = -module -avoid-version all: all-am @@ -277,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_radius/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -298,6 +305,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -330,7 +346,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-radius.la: $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_DEPENDENCIES) - $(libstrongswan_eap_radius_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_LIBADD) $(LIBS) + $(libstrongswan_eap_radius_la_LINK) $(am_libstrongswan_eap_radius_la_rpath) $(libstrongswan_eap_radius_la_OBJECTS) $(libstrongswan_eap_radius_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -486,8 +502,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -558,18 +574,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index f041fda54..f041fda54 100644 --- a/src/charon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c diff --git a/src/charon/plugins/eap_radius/eap_radius.h b/src/libcharon/plugins/eap_radius/eap_radius.h index 8eb9e8c2d..8eb9e8c2d 100644 --- a/src/charon/plugins/eap_radius/eap_radius.h +++ b/src/libcharon/plugins/eap_radius/eap_radius.h diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c index 51e6a69c8..7d2788c3e 100644 --- a/src/charon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c @@ -33,7 +33,7 @@ static void destroy(eap_radius_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *eap_radius_plugin_create() { eap_radius_plugin_t *this; diff --git a/src/charon/plugins/eap_radius/eap_radius_plugin.h b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h index a79640796..f2b8b5082 100644 --- a/src/charon/plugins/eap_radius/eap_radius_plugin.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.h @@ -42,9 +42,4 @@ struct eap_radius_plugin_t { plugin_t plugin; }; -/** - * Create a eap_radius_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_RADIUS_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_radius/radius_client.c b/src/libcharon/plugins/eap_radius/radius_client.c index 1d1f21742..1d1f21742 100644 --- a/src/charon/plugins/eap_radius/radius_client.c +++ b/src/libcharon/plugins/eap_radius/radius_client.c diff --git a/src/charon/plugins/eap_radius/radius_client.h b/src/libcharon/plugins/eap_radius/radius_client.h index 77ba94807..77ba94807 100644 --- a/src/charon/plugins/eap_radius/radius_client.h +++ b/src/libcharon/plugins/eap_radius/radius_client.h diff --git a/src/charon/plugins/eap_radius/radius_message.c b/src/libcharon/plugins/eap_radius/radius_message.c index 11a1d8dfc..11a1d8dfc 100644 --- a/src/charon/plugins/eap_radius/radius_message.c +++ b/src/libcharon/plugins/eap_radius/radius_message.c diff --git a/src/charon/plugins/eap_radius/radius_message.h b/src/libcharon/plugins/eap_radius/radius_message.h index 266839d3b..266839d3b 100644 --- a/src/charon/plugins/eap_radius/radius_message.h +++ b/src/libcharon/plugins/eap_radius/radius_message.h diff --git a/src/libcharon/plugins/eap_sim/Makefile.am b/src/libcharon/plugins/eap_sim/Makefile.am new file mode 100644 index 000000000..a0cb72f5f --- /dev/null +++ b/src/libcharon/plugins/eap_sim/Makefile.am @@ -0,0 +1,19 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-sim.la +else +plugin_LTLIBRARIES = libstrongswan-eap-sim.la +libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +endif + +libstrongswan_eap_sim_la_SOURCES = \ + eap_sim_plugin.h eap_sim_plugin.c \ + eap_sim_peer.h eap_sim_peer.c \ + eap_sim_server.h eap_sim_server.c + +libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index d9b568a42..588965113 100644 --- a/src/charon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_sim +subdir = src/libcharon/plugins/eap_sim DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,9 +72,9 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eap_sim_la_DEPENDENCIES = \ - $(top_builddir)/src/libsimaka/libsimaka.la +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +@MONOLITHIC_FALSE@libstrongswan_eap_sim_la_DEPENDENCIES = \ +@MONOLITHIC_FALSE@ $(top_builddir)/src/libsimaka/libsimaka.la am_libstrongswan_eap_sim_la_OBJECTS = eap_sim_plugin.lo \ eap_sim_peer.lo eap_sim_server.lo libstrongswan_eap_sim_la_OBJECTS = \ @@ -82,6 +82,9 @@ libstrongswan_eap_sim_la_OBJECTS = \ libstrongswan_eap_sim_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_sim_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_sim_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_sim_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,16 +258,18 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon \ - -I$(top_srcdir)/src/libsimaka +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/libsimaka AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-sim.la -libstrongswan_eap_sim_la_SOURCES = eap_sim_plugin.h eap_sim_plugin.c \ - eap_sim_peer.h eap_sim_peer.c \ - eap_sim_server.h eap_sim_server.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-sim.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-sim.la +@MONOLITHIC_FALSE@libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la +libstrongswan_eap_sim_la_SOURCES = \ + eap_sim_plugin.h eap_sim_plugin.c \ + eap_sim_peer.h eap_sim_peer.c \ + eap_sim_server.h eap_sim_server.c -libstrongswan_eap_sim_la_LIBADD = $(top_builddir)/src/libsimaka/libsimaka.la libstrongswan_eap_sim_la_LDFLAGS = -module -avoid-version all: all-am @@ -278,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_sim/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -299,6 +305,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -331,7 +346,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-sim.la: $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_DEPENDENCIES) - $(libstrongswan_eap_sim_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_LIBADD) $(LIBS) + $(libstrongswan_eap_sim_la_LINK) $(am_libstrongswan_eap_sim_la_rpath) $(libstrongswan_eap_sim_la_OBJECTS) $(libstrongswan_eap_sim_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -486,8 +501,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -558,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c index 961cfd30d..961cfd30d 100644 --- a/src/charon/plugins/eap_sim/eap_sim_peer.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c diff --git a/src/charon/plugins/eap_sim/eap_sim_peer.h b/src/libcharon/plugins/eap_sim/eap_sim_peer.h index 89f81301e..89f81301e 100644 --- a/src/charon/plugins/eap_sim/eap_sim_peer.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.h diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.c b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c index 1d2b9cf4f..f0c972253 100644 --- a/src/charon/plugins/eap_sim/eap_sim_plugin.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.c @@ -35,7 +35,7 @@ static void destroy(eap_sim_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *eap_sim_plugin_create() { eap_sim_plugin_t *this = malloc_thing(eap_sim_plugin_t); diff --git a/src/charon/plugins/eap_sim/eap_sim_plugin.h b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h index 767eb65a5..4e10380c4 100644 --- a/src/charon/plugins/eap_sim/eap_sim_plugin.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_plugin.h @@ -39,9 +39,4 @@ struct eap_sim_plugin_t { plugin_t plugin; }; -/** - * Create a eap_sim_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_SIM_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c index f6d5df09b..f6d5df09b 100644 --- a/src/charon/plugins/eap_sim/eap_sim_server.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c diff --git a/src/charon/plugins/eap_sim/eap_sim_server.h b/src/libcharon/plugins/eap_sim/eap_sim_server.h index 978e1e1e9..978e1e1e9 100644 --- a/src/charon/plugins/eap_sim/eap_sim_server.h +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.h diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.am b/src/libcharon/plugins/eap_sim_file/Makefile.am new file mode 100644 index 000000000..2b59a7c88 --- /dev/null +++ b/src/libcharon/plugins/eap_sim_file/Makefile.am @@ -0,0 +1,19 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\" + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-sim-file.la +else +plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la +endif + +libstrongswan_eap_sim_file_la_SOURCES = \ + eap_sim_file_plugin.h eap_sim_file_plugin.c \ + eap_sim_file_card.h eap_sim_file_card.c \ + eap_sim_file_provider.h eap_sim_file_provider.c \ + eap_sim_file_triplets.h eap_sim_file_triplets.c + +libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 232c2a133..2d998dbcc 100644 --- a/src/charon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_sim_file +subdir = src/libcharon/plugins/eap_sim_file DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_sim_file_la_LIBADD = am_libstrongswan_eap_sim_file_la_OBJECTS = eap_sim_file_plugin.lo \ eap_sim_file_card.lo eap_sim_file_provider.lo \ @@ -83,6 +83,9 @@ libstrongswan_eap_sim_file_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_sim_file_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_sim_file_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_sim_file_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,14 +259,17 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -DIPSEC_CONFDIR=\"${sysconfdir}\" -plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-sim-file.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-sim-file.la libstrongswan_eap_sim_file_la_SOURCES = \ - eap_sim_file_plugin.h eap_sim_file_plugin.c \ - eap_sim_file_card.h eap_sim_file_card.c \ - eap_sim_file_provider.h eap_sim_file_provider.c \ - eap_sim_file_triplets.h eap_sim_file_triplets.c + eap_sim_file_plugin.h eap_sim_file_plugin.c \ + eap_sim_file_card.h eap_sim_file_card.c \ + eap_sim_file_provider.h eap_sim_file_provider.c \ + eap_sim_file_triplets.h eap_sim_file_triplets.c libstrongswan_eap_sim_file_la_LDFLAGS = -module -avoid-version all: all-am @@ -278,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_sim_file/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -299,6 +306,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -331,7 +347,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-sim-file.la: $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_DEPENDENCIES) - $(libstrongswan_eap_sim_file_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_LIBADD) $(LIBS) + $(libstrongswan_eap_sim_file_la_LINK) $(am_libstrongswan_eap_sim_file_la_rpath) $(libstrongswan_eap_sim_file_la_OBJECTS) $(libstrongswan_eap_sim_file_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -487,8 +503,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -559,18 +575,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c index d132a38f6..d132a38f6 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h index 1a5470968..1a5470968 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_card.h +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.h diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c index 22ad31703..4f25c35ea 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.c @@ -19,7 +19,7 @@ #include "eap_sim_file_triplets.h" #include <daemon.h> -
+ #define TRIPLET_FILE IPSEC_CONFDIR "/ipsec.d/triplets.dat" typedef struct private_eap_sim_file_t private_eap_sim_file_t; @@ -66,7 +66,7 @@ static void destroy(private_eap_sim_file_t *this) /** * See header */ -plugin_t *plugin_create() +plugin_t *eap_sim_file_plugin_create() { private_eap_sim_file_t *this = malloc_thing(private_eap_sim_file_t); diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h index 24857d0b0..f5083c72f 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_plugin.h +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_plugin.h @@ -39,9 +39,4 @@ struct eap_sim_file_plugin_t { plugin_t plugin; }; -/** - * Create a eap_sim_file_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_SIM_FILE_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c index 9bee31fc3..9bee31fc3 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.c diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h index 10fda282a..10fda282a 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_provider.h +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_provider.h diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c index 6b7d99fb7..6b7d99fb7 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.c +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.c diff --git a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h index 8f8130810..8f8130810 100644 --- a/src/charon/plugins/eap_sim_file/eap_sim_file_triplets.h +++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_triplets.h diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am new file mode 100644 index 000000000..a158d6dbe --- /dev/null +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la +else +plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la +endif + +libstrongswan_eap_simaka_pseudonym_la_SOURCES = \ + eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \ + eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \ + eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c + +libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 392331fb1..6c44ea2bb 100644 --- a/src/charon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_simaka_pseudonym +subdir = src/libcharon/plugins/eap_simaka_pseudonym DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_simaka_pseudonym_la_LIBADD = am_libstrongswan_eap_simaka_pseudonym_la_OBJECTS = \ eap_simaka_pseudonym_plugin.lo eap_simaka_pseudonym_card.lo \ @@ -84,6 +84,9 @@ libstrongswan_eap_simaka_pseudonym_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_simaka_pseudonym_la_LDFLAGS) $(LDFLAGS) -o \ $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_simaka_pseudonym_la_rpath = \ +@MONOLITHIC_FALSE@ -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_simaka_pseudonym_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -222,6 +225,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -256,13 +260,16 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-simaka-pseudonym.la libstrongswan_eap_simaka_pseudonym_la_SOURCES = \ - eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \ - eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \ - eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c + eap_simaka_pseudonym_plugin.h eap_simaka_pseudonym_plugin.c \ + eap_simaka_pseudonym_card.h eap_simaka_pseudonym_card.c \ + eap_simaka_pseudonym_provider.h eap_simaka_pseudonym_provider.c libstrongswan_eap_simaka_pseudonym_la_LDFLAGS = -module -avoid-version all: all-am @@ -278,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_pseudonym/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_pseudonym/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -299,6 +306,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -331,7 +347,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-simaka-pseudonym.la: $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_DEPENDENCIES) - $(libstrongswan_eap_simaka_pseudonym_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_LIBADD) $(LIBS) + $(libstrongswan_eap_simaka_pseudonym_la_LINK) $(am_libstrongswan_eap_simaka_pseudonym_la_rpath) $(libstrongswan_eap_simaka_pseudonym_la_OBJECTS) $(libstrongswan_eap_simaka_pseudonym_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -486,8 +502,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -558,18 +574,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c index 9b0f1bc71..9b0f1bc71 100644 --- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h index 1b5940fdc..1b5940fdc 100644 --- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.h diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c index e4e179a7d..81b9d7b00 100644 --- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.c @@ -57,7 +57,7 @@ static void destroy(private_eap_simaka_pseudonym_t *this) /** * See header */ -plugin_t *plugin_create() +plugin_t *eap_simaka_pseudonym_plugin_create() { private_eap_simaka_pseudonym_t *this; diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h index 032604eb1..1992b2482 100644 --- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_plugin.h @@ -39,9 +39,4 @@ struct eap_simaka_pseudonym_plugin_t { plugin_t plugin; }; -/** - * Create a eap_simaka_pseudonym_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_SIMAKA_PSEUDONYM_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c index 0613b8807..0613b8807 100644 --- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.c diff --git a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h index 5d8e6d221..5d8e6d221 100644 --- a/src/charon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.am b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am new file mode 100644 index 000000000..fbcd544d3 --- /dev/null +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la +else +plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la +endif + +libstrongswan_eap_simaka_reauth_la_SOURCES = \ + eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \ + eap_simaka_reauth_card.h eap_simaka_reauth_card.c \ + eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c + +libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index d709acb70..35d8e7c3b 100644 --- a/src/charon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/eap_simaka_reauth +subdir = src/libcharon/plugins/eap_simaka_reauth DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_eap_simaka_reauth_la_LIBADD = am_libstrongswan_eap_simaka_reauth_la_OBJECTS = \ eap_simaka_reauth_plugin.lo eap_simaka_reauth_card.lo \ @@ -83,6 +83,9 @@ libstrongswan_eap_simaka_reauth_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_eap_simaka_reauth_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_eap_simaka_reauth_la_rpath = \ +@MONOLITHIC_FALSE@ -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_eap_simaka_reauth_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,13 +259,16 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-eap-simaka-reauth.la libstrongswan_eap_simaka_reauth_la_SOURCES = \ - eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \ - eap_simaka_reauth_card.h eap_simaka_reauth_card.c \ - eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c + eap_simaka_reauth_plugin.h eap_simaka_reauth_plugin.c \ + eap_simaka_reauth_card.h eap_simaka_reauth_card.c \ + eap_simaka_reauth_provider.h eap_simaka_reauth_provider.c libstrongswan_eap_simaka_reauth_la_LDFLAGS = -module -avoid-version all: all-am @@ -277,9 +284,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_reauth/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_simaka_reauth/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -298,6 +305,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -330,7 +346,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-eap-simaka-reauth.la: $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_DEPENDENCIES) - $(libstrongswan_eap_simaka_reauth_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_LIBADD) $(LIBS) + $(libstrongswan_eap_simaka_reauth_la_LINK) $(am_libstrongswan_eap_simaka_reauth_la_rpath) $(libstrongswan_eap_simaka_reauth_la_OBJECTS) $(libstrongswan_eap_simaka_reauth_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -485,8 +501,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -557,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c index 14d0416d9..14d0416d9 100644 --- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h index f24dc8a15..f24dc8a15 100644 --- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.h diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c index b2e853e21..987a0e109 100644 --- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.c @@ -57,7 +57,7 @@ static void destroy(private_eap_simaka_reauth_t *this) /** * See header */ -plugin_t *plugin_create() +plugin_t *eap_simaka_reauth_plugin_create() { private_eap_simaka_reauth_t *this = malloc_thing(private_eap_simaka_reauth_t); diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h index e86832c0e..80c8a1037 100644 --- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_plugin.h @@ -39,9 +39,4 @@ struct eap_simaka_reauth_plugin_t { plugin_t plugin; }; -/** - * Create a eap_simaka_reauth_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** EAP_SIMAKA_REAUTH_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c index f962b2d84..f962b2d84 100644 --- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c diff --git a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h index 7ae151a27..7ae151a27 100644 --- a/src/charon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.h diff --git a/src/libcharon/plugins/farp/Makefile.am b/src/libcharon/plugins/farp/Makefile.am new file mode 100644 index 000000000..42cd31879 --- /dev/null +++ b/src/libcharon/plugins/farp/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-farp.la +else +plugin_LTLIBRARIES = libstrongswan-farp.la +endif + +libstrongswan_farp_la_SOURCES = farp_plugin.h farp_plugin.c \ + farp_listener.h farp_listener.c farp_spoofer.h farp_spoofer.c + +libstrongswan_farp_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in new file mode 100644 index 000000000..20ac77080 --- /dev/null +++ b/src/libcharon/plugins/farp/Makefile.in @@ -0,0 +1,587 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/farp +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_farp_la_LIBADD = +am_libstrongswan_farp_la_OBJECTS = farp_plugin.lo farp_listener.lo \ + farp_spoofer.lo +libstrongswan_farp_la_OBJECTS = $(am_libstrongswan_farp_la_OBJECTS) +libstrongswan_farp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_farp_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_farp_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_farp_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_farp_la_SOURCES) +DIST_SOURCES = $(libstrongswan_farp_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-farp.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-farp.la +libstrongswan_farp_la_SOURCES = farp_plugin.h farp_plugin.c \ + farp_listener.h farp_listener.c farp_spoofer.h farp_spoofer.c + +libstrongswan_farp_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-farp.la: $(libstrongswan_farp_la_OBJECTS) $(libstrongswan_farp_la_DEPENDENCIES) + $(libstrongswan_farp_la_LINK) $(am_libstrongswan_farp_la_rpath) $(libstrongswan_farp_la_OBJECTS) $(libstrongswan_farp_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_listener.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/farp_spoofer.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c new file mode 100644 index 000000000..8eed49778 --- /dev/null +++ b/src/libcharon/plugins/farp/farp_listener.c @@ -0,0 +1,154 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "farp_listener.h" + +#include <utils/hashtable.h> +#include <threading/rwlock.h> + +typedef struct private_farp_listener_t private_farp_listener_t; + +/** + * Private data of an farp_listener_t object. + */ +struct private_farp_listener_t { + + /** + * Public farp_listener_t interface. + */ + farp_listener_t public; + + /** + * Hashtable with active virtual IPs + */ + hashtable_t *ips; + + /** + * RWlock for IP list + */ + rwlock_t *lock; +}; + +/** + * Hashtable hash function + */ +static u_int hash(host_t *key) +{ + return chunk_hash(key->get_address(key)); +} + +/** + * Hashtable equals function + */ +static bool equals(host_t *a, host_t *b) +{ + return a->ip_equals(a, b); +} + +METHOD(listener_t, ike_updown, bool, + private_farp_listener_t *this, ike_sa_t *ike_sa, bool up) +{ + if (!up) + { + host_t *ip; + + ip = ike_sa->get_virtual_ip(ike_sa, FALSE); + if (ip) + { + this->lock->write_lock(this->lock); + ip = this->ips->remove(this->ips, ip); + this->lock->unlock(this->lock); + DESTROY_IF(ip); + } + } + return TRUE; +} + +METHOD(listener_t, message_hook, bool, + private_farp_listener_t *this, ike_sa_t *ike_sa, + message_t *message, bool incoming) +{ + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && + message->get_exchange_type(message) == IKE_AUTH && + !message->get_request(message)) + { + host_t *ip; + + ip = ike_sa->get_virtual_ip(ike_sa, FALSE); + if (ip) + { + ip = ip->clone(ip); + this->lock->write_lock(this->lock); + ip = this->ips->put(this->ips, ip, ip); + this->lock->unlock(this->lock); + DESTROY_IF(ip); + } + } + return TRUE; +} + +METHOD(farp_listener_t, is_active, bool, + private_farp_listener_t *this, host_t *ip) +{ + bool active; + + this->lock->read_lock(this->lock); + active = this->ips->get(this->ips, ip) != NULL; + this->lock->unlock(this->lock); + return active; +} + +METHOD(farp_listener_t, destroy, void, + private_farp_listener_t *this) +{ + enumerator_t *enumerator; + host_t *key, *value; + + enumerator = this->ips->create_enumerator(this->ips); + while (enumerator->enumerate(enumerator, &key, &value)) + { + value->destroy(value); + } + enumerator->destroy(enumerator); + this->ips->destroy(this->ips); + + this->lock->destroy(this->lock); + free(this); +} + +/** + * See header + */ +farp_listener_t *farp_listener_create() +{ + private_farp_listener_t *this; + + INIT(this, + .public = { + .listener = { + .ike_updown = _ike_updown, + .message = _message_hook, + }, + .is_active = _is_active, + .destroy = _destroy, + }, + .ips = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 8), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + return &this->public; +} + diff --git a/src/libcharon/plugins/farp/farp_listener.h b/src/libcharon/plugins/farp/farp_listener.h new file mode 100644 index 000000000..bd96d7a1c --- /dev/null +++ b/src/libcharon/plugins/farp/farp_listener.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup farp_listener farp_listener + * @{ @ingroup farp + */ + +#ifndef FARP_LISTENER_H_ +#define FARP_LISTENER_H_ + +#include <utils/host.h> +#include <bus/listeners/listener.h> + +typedef struct farp_listener_t farp_listener_t; + +/** + * Listener to register the set of IPs we spoof ARP responses for. + */ +struct farp_listener_t { + + /** + * Implements listener_t interface. + */ + listener_t listener; + + /** + * Check if a given IP is currently used as virtual IP by a peer. + * + * @param ip IP to check + * @return TRUE if IP is an active virtual IP + */ + bool (*is_active)(farp_listener_t *this, host_t *ip); + + /** + * Destroy a farp_listener_t. + */ + void (*destroy)(farp_listener_t *this); +}; + +/** + * Create a farp_listener instance. + */ +farp_listener_t *farp_listener_create(); + +#endif /** FARP_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/farp/farp_plugin.c b/src/libcharon/plugins/farp/farp_plugin.c new file mode 100644 index 000000000..01c2a39c8 --- /dev/null +++ b/src/libcharon/plugins/farp/farp_plugin.c @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "farp_plugin.h" + +#include "farp_listener.h" +#include "farp_spoofer.h" + +#include <daemon.h> + +typedef struct private_farp_plugin_t private_farp_plugin_t; + +/** + * private data of farp plugin + */ +struct private_farp_plugin_t { + + /** + * implements plugin interface + */ + farp_plugin_t public; + + /** + * Listener registering active virtual IPs + */ + farp_listener_t *listener; + + /** + * Spoofer listening and spoofing ARP messages + */ + farp_spoofer_t *spoofer; +}; + +METHOD(plugin_t, destroy, void, + private_farp_plugin_t *this) +{ + DESTROY_IF(this->spoofer); + charon->bus->remove_listener(charon->bus, &this->listener->listener); + this->listener->destroy(this->listener); + free(this); +} + +/** + * Plugin constructor + */ +plugin_t *farp_plugin_create() +{ + private_farp_plugin_t *this; + + INIT(this, + .public.plugin.destroy = _destroy, + .listener = farp_listener_create(), + ); + + charon->bus->add_listener(charon->bus, &this->listener->listener); + + this->spoofer = farp_spoofer_create(this->listener); + if (!this->spoofer) + { + destroy(this); + return NULL; + } + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/farp/farp_plugin.h b/src/libcharon/plugins/farp/farp_plugin.h new file mode 100644 index 000000000..0246fcc2a --- /dev/null +++ b/src/libcharon/plugins/farp/farp_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup farp farp + * @ingroup cplugins + * + * @defgroup farp_plugin farp_plugin + * @{ @ingroup farp + */ + +#ifndef FARP_PLUGIN_H_ +#define FARP_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct farp_plugin_t farp_plugin_t; + +/** + * ARP faking plugin that responds to ARP requests to peers virtual IP. + */ +struct farp_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** FARP_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/farp/farp_spoofer.c b/src/libcharon/plugins/farp/farp_spoofer.c new file mode 100644 index 000000000..29e64e32d --- /dev/null +++ b/src/libcharon/plugins/farp/farp_spoofer.c @@ -0,0 +1,198 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "farp_spoofer.h" + +#include <errno.h> +#include <unistd.h> +#include <sys/socket.h> +#include <linux/if_arp.h> +#include <linux/if_ether.h> +#include <linux/filter.h> +#include <sys/ioctl.h> + +#include <daemon.h> +#include <threading/thread.h> +#include <processing/jobs/callback_job.h> + +typedef struct private_farp_spoofer_t private_farp_spoofer_t; + +/** + * Private data of an farp_spoofer_t object. + */ +struct private_farp_spoofer_t { + + /** + * Public farp_spoofer_t interface. + */ + farp_spoofer_t public; + + /** + * Listener that knows active addresses + */ + farp_listener_t *listener; + + /** + * Callback job to read ARP requests + */ + callback_job_t *job; + + /** + * RAW socket for ARP requests + */ + int skt; +}; + +/** + * IP over Ethernet ARP message + */ +typedef struct __attribute__((packed)) { + u_int16_t hardware_type; + u_int16_t protocol_type; + u_int8_t hardware_size; + u_int8_t protocol_size; + u_int16_t opcode; + u_int8_t sender_mac[6]; + u_int8_t sender_ip[4]; + u_int8_t target_mac[6]; + u_int8_t target_ip[4]; +} arp_t; + +/** + * Send faked ARP response + */ +static void send_arp(private_farp_spoofer_t *this, + arp_t *arp, struct sockaddr_ll *addr) +{ + struct ifreq req; + char tmp[4]; + + req.ifr_ifindex = addr->sll_ifindex; + if (ioctl(this->skt, SIOCGIFNAME, &req) == 0 && + ioctl(this->skt, SIOCGIFHWADDR, &req) == 0 && + req.ifr_hwaddr.sa_family == ARPHRD_ETHER) + { + memcpy(arp->target_mac, arp->sender_mac, 6); + memcpy(arp->sender_mac, req.ifr_hwaddr.sa_data, 6); + + memcpy(tmp, arp->sender_ip, 4); + memcpy(arp->sender_ip, arp->target_ip, 4); + memcpy(arp->target_ip, tmp, 4); + + arp->opcode = htons(ARPOP_REPLY); + + sendto(this->skt, arp, sizeof(*arp), 0, + (struct sockaddr*)addr, sizeof(*addr)); + } +} + +/** + * ARP request receiving + */ +static job_requeue_t receive_arp(private_farp_spoofer_t *this) +{ + struct sockaddr_ll addr; + socklen_t addr_len = sizeof(addr); + arp_t arp; + int oldstate; + ssize_t len; + host_t *ip; + + oldstate = thread_cancelability(TRUE); + len = recvfrom(this->skt, &arp, sizeof(arp), 0, + (struct sockaddr*)&addr, &addr_len); + thread_cancelability(oldstate); + + if (len == sizeof(arp)) + { + ip = host_create_from_chunk(AF_INET, + chunk_create((char*)&arp.target_ip, 4), 0); + if (ip) + { + if (this->listener->is_active(this->listener, ip)) + { + send_arp(this, &arp, &addr); + } + ip->destroy(ip); + } + } + + return JOB_REQUEUE_DIRECT; +} + +METHOD(farp_spoofer_t, destroy, void, + private_farp_spoofer_t *this) +{ + this->job->cancel(this->job); + close(this->skt); + free(this); +} + +/** + * See header + */ +farp_spoofer_t *farp_spoofer_create(farp_listener_t *listener) +{ + private_farp_spoofer_t *this; + struct sock_filter arp_request_filter_code[] = { + BPF_STMT(BPF_LD+BPF_H+BPF_ABS, offsetof(arp_t, protocol_type)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETH_P_IP, 0, 9), + BPF_STMT(BPF_LD+BPF_B+BPF_ABS, offsetof(arp_t, hardware_size)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 6, 0, 7), + BPF_STMT(BPF_LD+BPF_B+BPF_ABS, offsetof(arp_t, protocol_size)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 4, 0, 4), + BPF_STMT(BPF_LD+BPF_H+BPF_ABS, offsetof(arp_t, opcode)), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARPOP_REQUEST, 0, 3), + BPF_STMT(BPF_LD+BPF_W+BPF_LEN, 0), + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 28, 0, 1), + BPF_STMT(BPF_RET+BPF_A, 0), + BPF_STMT(BPF_RET+BPF_K, 0), + }; + struct sock_fprog arp_request_filter = { + sizeof(arp_request_filter_code) / sizeof(struct sock_filter), + arp_request_filter_code, + }; + + INIT(this, + .public = { + .destroy = _destroy, + }, + .listener = listener, + ); + + this->skt = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP)); + if (this->skt == -1) + { + DBG1(DBG_NET, "opening ARP packet socket failed: %s", strerror(errno)); + free(this); + return NULL; + } + + if (setsockopt(this->skt, SOL_SOCKET, SO_ATTACH_FILTER, + &arp_request_filter, sizeof(arp_request_filter)) < 0) + { + DBG1(DBG_NET, "installing ARP packet filter failed: %s", strerror(errno)); + close(this->skt); + free(this); + return NULL; + } + + this->job = callback_job_create((callback_job_cb_t)receive_arp, + this, NULL, NULL); + charon->processor->queue_job(charon->processor, (job_t*)this->job); + + return &this->public; +} + diff --git a/src/libcharon/plugins/farp/farp_spoofer.h b/src/libcharon/plugins/farp/farp_spoofer.h new file mode 100644 index 000000000..c91fb3b96 --- /dev/null +++ b/src/libcharon/plugins/farp/farp_spoofer.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup farp_spoofer farp_spoofer + * @{ @ingroup farp + */ + +#ifndef FARP_SPOOFER_H_ +#define FARP_SPOOFER_H_ + +#include "farp_listener.h" + +typedef struct farp_spoofer_t farp_spoofer_t; + +/** + * Listen to ARP requests and spoof responses, if required. + */ +struct farp_spoofer_t { + + /** + * Destroy a farp_spoofer_t. + */ + void (*destroy)(farp_spoofer_t *this); +}; + +/** + * Create a farp_spoofer instance. + * + * @param listener listener to check for addresses to spoof + * @return spoofer instance + */ +farp_spoofer_t *farp_spoofer_create(farp_listener_t *listener); + +#endif /** FARP_SPOOFER_H_ @}*/ diff --git a/src/libcharon/plugins/ha/Makefile.am b/src/libcharon/plugins/ha/Makefile.am new file mode 100644 index 000000000..74fe1f4c7 --- /dev/null +++ b/src/libcharon/plugins/ha/Makefile.am @@ -0,0 +1,25 @@ + +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\" + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-ha.la +else +plugin_LTLIBRARIES = libstrongswan-ha.la +endif + +libstrongswan_ha_la_SOURCES = \ + ha_plugin.h ha_plugin.c \ + ha_message.h ha_message.c \ + ha_socket.h ha_socket.c \ + ha_tunnel.h ha_tunnel.c \ + ha_dispatcher.h ha_dispatcher.c \ + ha_segments.h ha_segments.c \ + ha_kernel.h ha_kernel.c \ + ha_ctl.h ha_ctl.c \ + ha_ike.h ha_ike.c \ + ha_child.h ha_child.c +libstrongswan_ha_la_LDFLAGS = -module -avoid-version + diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in new file mode 100644 index 000000000..c60d3bf56 --- /dev/null +++ b/src/libcharon/plugins/ha/Makefile.in @@ -0,0 +1,604 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/ha +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_ha_la_LIBADD = +am_libstrongswan_ha_la_OBJECTS = ha_plugin.lo ha_message.lo \ + ha_socket.lo ha_tunnel.lo ha_dispatcher.lo ha_segments.lo \ + ha_kernel.lo ha_ctl.lo ha_ike.lo ha_child.lo +libstrongswan_ha_la_OBJECTS = $(am_libstrongswan_ha_la_OBJECTS) +libstrongswan_ha_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_ha_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_ha_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_ha_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_ha_la_SOURCES) +DIST_SOURCES = $(libstrongswan_ha_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\" +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ha.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ha.la +libstrongswan_ha_la_SOURCES = \ + ha_plugin.h ha_plugin.c \ + ha_message.h ha_message.c \ + ha_socket.h ha_socket.c \ + ha_tunnel.h ha_tunnel.c \ + ha_dispatcher.h ha_dispatcher.c \ + ha_segments.h ha_segments.c \ + ha_kernel.h ha_kernel.c \ + ha_ctl.h ha_ctl.c \ + ha_ike.h ha_ike.c \ + ha_child.h ha_child.c + +libstrongswan_ha_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-ha.la: $(libstrongswan_ha_la_OBJECTS) $(libstrongswan_ha_la_DEPENDENCIES) + $(libstrongswan_ha_la_LINK) $(am_libstrongswan_ha_la_rpath) $(libstrongswan_ha_la_OBJECTS) $(libstrongswan_ha_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_child.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_ctl.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_dispatcher.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_ike.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_kernel.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_message.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_segments.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_socket.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ha_tunnel.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c new file mode 100644 index 000000000..2eb8e27f6 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_child.c @@ -0,0 +1,170 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_child.h" + +typedef struct private_ha_child_t private_ha_child_t; + +/** + * Private data of an ha_child_t object. + */ +struct private_ha_child_t { + + /** + * Public ha_child_t interface. + */ + ha_child_t public; + + /** + * socket we use for syncing + */ + ha_socket_t *socket; + + /** + * tunnel securing sync messages + */ + ha_tunnel_t *tunnel; +}; + +/** + * Implementation of listener_t.child_keys + */ +static bool child_keys(private_ha_child_t *this, ike_sa_t *ike_sa, + child_sa_t *child_sa, diffie_hellman_t *dh, + chunk_t nonce_i, chunk_t nonce_r) +{ + ha_message_t *m; + chunk_t secret; + proposal_t *proposal; + u_int16_t alg, len; + linked_list_t *list; + enumerator_t *enumerator; + traffic_selector_t *ts; + + if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) + { /* do not sync SA between nodes */ + return TRUE; + } + + m = ha_message_create(HA_CHILD_ADD); + + m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa)); + m->add_attribute(m, HA_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE)); + m->add_attribute(m, HA_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE)); + m->add_attribute(m, HA_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE)); + m->add_attribute(m, HA_OUTBOUND_CPI, child_sa->get_cpi(child_sa, FALSE)); + m->add_attribute(m, HA_IPSEC_MODE, child_sa->get_mode(child_sa)); + m->add_attribute(m, HA_IPCOMP, child_sa->get_ipcomp(child_sa)); + m->add_attribute(m, HA_CONFIG_NAME, child_sa->get_name(child_sa)); + + proposal = child_sa->get_proposal(child_sa); + if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len)) + { + m->add_attribute(m, HA_ALG_ENCR, alg); + if (len) + { + m->add_attribute(m, HA_ALG_ENCR_LEN, len); + } + } + if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL)) + { + m->add_attribute(m, HA_ALG_INTEG, alg); + } + m->add_attribute(m, HA_NONCE_I, nonce_i); + m->add_attribute(m, HA_NONCE_R, nonce_r); + if (dh && dh->get_shared_secret(dh, &secret) == SUCCESS) + { + m->add_attribute(m, HA_SECRET, secret); + chunk_clear(&secret); + } + + list = child_sa->get_traffic_selectors(child_sa, TRUE); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &ts)) + { + m->add_attribute(m, HA_LOCAL_TS, ts); + } + enumerator->destroy(enumerator); + list = child_sa->get_traffic_selectors(child_sa, FALSE); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &ts)) + { + m->add_attribute(m, HA_REMOTE_TS, ts); + } + enumerator->destroy(enumerator); + + this->socket->push(this->socket, m); + + return TRUE; +} + +/** + * Implementation of listener_t.child_state_change + */ +static bool child_state_change(private_ha_child_t *this, ike_sa_t *ike_sa, + child_sa_t *child_sa, child_sa_state_t state) +{ + if (!ike_sa || + ike_sa->get_state(ike_sa) == IKE_PASSIVE || + ike_sa->get_state(ike_sa) == IKE_DESTROYING) + { /* only sync active IKE_SAs */ + return TRUE; + } + if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) + { /* do not sync SA between nodes */ + return TRUE; + } + + + if (state == CHILD_DESTROYING) + { + ha_message_t *m; + + m = ha_message_create(HA_CHILD_DELETE); + + m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa)); + m->add_attribute(m, HA_INBOUND_SPI, + child_sa->get_spi(child_sa, TRUE)); + this->socket->push(this->socket, m); + } + return TRUE; +} + +/** + * Implementation of ha_child_t.destroy. + */ +static void destroy(private_ha_child_t *this) +{ + free(this); +} + +/** + * See header + */ +ha_child_t *ha_child_create(ha_socket_t *socket, ha_tunnel_t *tunnel) +{ + private_ha_child_t *this = malloc_thing(private_ha_child_t); + + memset(&this->public.listener, 0, sizeof(listener_t)); + this->public.listener.child_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, child_sa_t *child_sa, diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r))child_keys; + this->public.listener.child_state_change = (bool(*)(listener_t*,ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state))child_state_change; + this->public.destroy = (void(*)(ha_child_t*))destroy; + + this->socket = socket; + this->tunnel = tunnel; + + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_child.h b/src/libcharon/plugins/ha/ha_child.h new file mode 100644 index 000000000..ea83495f7 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_child.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_child ha_child + * @{ @ingroup ha + */ + +#ifndef HA_CHILD_H_ +#define HA_CHILD_H_ + +#include "ha_socket.h" +#include "ha_tunnel.h" +#include "ha_segments.h" + +#include <daemon.h> + +typedef struct ha_child_t ha_child_t; + +/** + * Listener to synchronize CHILD_SAs. + */ +struct ha_child_t { + + /** + * Implements bus listener interface. + */ + listener_t listener; + + /** + * Destroy a ha_child_t. + */ + void (*destroy)(ha_child_t *this); +}; + +/** + * Create a ha_child instance. + * + * @param socket socket to use for sending synchronization messages + * @param tunnel tunnel securing sync messages, if any + * @return CHILD listener + */ +ha_child_t *ha_child_create(ha_socket_t *socket, ha_tunnel_t *tunnel); + +#endif /* HA_CHILD_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c new file mode 100644 index 000000000..441d26d9e --- /dev/null +++ b/src/libcharon/plugins/ha/ha_ctl.c @@ -0,0 +1,132 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_ctl.h" + +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/select.h> +#include <fcntl.h> +#include <unistd.h> +#include <errno.h> +#include <pthread.h> + +#include <processing/jobs/callback_job.h> + +#define HA_FIFO IPSEC_PIDDIR "/charon.ha" + +typedef struct private_ha_ctl_t private_ha_ctl_t; + +/** + * Private data of an ha_ctl_t object. + */ +struct private_ha_ctl_t { + + /** + * Public ha_ctl_t interface. + */ + ha_ctl_t public; + + /** + * Segments to control + */ + ha_segments_t *segments; + + /** + * FIFO reader thread + */ + callback_job_t *job; +}; + +/** + * FIFO dispatching function + */ +static job_requeue_t dispatch_fifo(private_ha_ctl_t *this) +{ + int fifo, old; + char buf[8]; + u_int segment; + + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &old); + fifo = open(HA_FIFO, O_RDONLY); + pthread_setcancelstate(old, NULL); + if (fifo == -1) + { + DBG1(DBG_CFG, "opening HA fifo failed: %s", strerror(errno)); + sleep(1); + return JOB_REQUEUE_FAIR; + } + + memset(buf, 0, sizeof(buf)); + if (read(fifo, buf, sizeof(buf)-1) > 1) + { + segment = atoi(&buf[1]); + if (segment) + { + switch (buf[0]) + { + case '+': + this->segments->activate(this->segments, segment, TRUE); + break; + case '-': + this->segments->deactivate(this->segments, segment, TRUE); + break; + case '*': + this->segments->resync(this->segments, segment); + break; + default: + break; + } + } + } + close(fifo); + + return JOB_REQUEUE_DIRECT; +} + +/** + * Implementation of ha_ctl_t.destroy. + */ +static void destroy(private_ha_ctl_t *this) +{ + this->job->cancel(this->job); + free(this); +} + +/** + * See header + */ +ha_ctl_t *ha_ctl_create(ha_segments_t *segments) +{ + private_ha_ctl_t *this = malloc_thing(private_ha_ctl_t); + + this->public.destroy = (void(*)(ha_ctl_t*))destroy; + + if (access(HA_FIFO, R_OK|W_OK) != 0) + { + if (mkfifo(HA_FIFO, 600) != 0) + { + DBG1(DBG_CFG, "creating HA FIFO %s failed: %s", + HA_FIFO, strerror(errno)); + } + } + + this->segments = segments; + this->job = callback_job_create((callback_job_cb_t)dispatch_fifo, + this, NULL, NULL); + charon->processor->queue_job(charon->processor, (job_t*)this->job); + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_ctl.h b/src/libcharon/plugins/ha/ha_ctl.h new file mode 100644 index 000000000..f33a809be --- /dev/null +++ b/src/libcharon/plugins/ha/ha_ctl.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_ctl ha_ctl + * @{ @ingroup ha + */ + +#ifndef HA_CTL_H_ +#define HA_CTL_H_ + +#include "ha_segments.h" + +typedef struct ha_ctl_t ha_ctl_t; + +/** + * HA Sync control interface using a FIFO. + */ +struct ha_ctl_t { + + /** + * Destroy a ha_ctl_t. + */ + void (*destroy)(ha_ctl_t *this); +}; + +/** + * Create a ha_ctl instance. + * + * @param segments segments to control + * @return HA control interface + */ +ha_ctl_t *ha_ctl_create(ha_segments_t *segments); + +#endif /* HA_CTL_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c new file mode 100644 index 000000000..7df2f1fa8 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -0,0 +1,737 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_dispatcher.h" + +#include <daemon.h> +#include <processing/jobs/callback_job.h> + +typedef struct private_ha_dispatcher_t private_ha_dispatcher_t; + +/** + * Private data of an ha_dispatcher_t object. + */ +struct private_ha_dispatcher_t { + + /** + * Public ha_dispatcher_t interface. + */ + ha_dispatcher_t public; + + /** + * socket to pull messages from + */ + ha_socket_t *socket; + + /** + * segments to control + */ + ha_segments_t *segments; + + /** + * Dispatcher job + */ + callback_job_t *job; +}; + +/** + * Quick and dirty hack implementation of diffie_hellman_t.get_shared_secret + */ +static status_t get_shared_secret(diffie_hellman_t *this, chunk_t *secret) +{ + *secret = chunk_clone((*(chunk_t*)this->destroy)); + return SUCCESS; +} + +/** + * Process messages of type IKE_ADD + */ +static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message) +{ + ha_message_attribute_t attribute; + ha_message_value_t value; + enumerator_t *enumerator; + ike_sa_t *ike_sa = NULL, *old_sa = NULL; + u_int16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED; + chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty; + chunk_t secret = chunk_empty, old_skd = chunk_empty; + + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + switch (attribute) + { + case HA_IKE_ID: + ike_sa = ike_sa_create(value.ike_sa_id); + break; + case HA_IKE_REKEY_ID: + old_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + value.ike_sa_id); + break; + case HA_NONCE_I: + nonce_i = value.chunk; + break; + case HA_NONCE_R: + nonce_r = value.chunk; + break; + case HA_SECRET: + secret = value.chunk; + break; + case HA_OLD_SKD: + old_skd = value.chunk; + break; + case HA_ALG_ENCR: + encr = value.u16; + break; + case HA_ALG_ENCR_LEN: + len = value.u16; + break; + case HA_ALG_INTEG: + integ = value.u16; + break; + case HA_ALG_PRF: + prf = value.u16; + break; + case HA_ALG_OLD_PRF: + old_prf = value.u16; + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + if (ike_sa) + { + proposal_t *proposal; + keymat_t *keymat; + /* quick and dirty hack of a DH implementation ;-) */ + diffie_hellman_t dh = { .get_shared_secret = get_shared_secret, + .destroy = (void*)&secret }; + + proposal = proposal_create(PROTO_IKE); + keymat = ike_sa->get_keymat(ike_sa); + if (integ) + { + proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, integ, 0); + } + if (encr) + { + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, len); + } + if (prf) + { + proposal->add_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, prf, 0); + } + charon->bus->set_sa(charon->bus, ike_sa); + if (keymat->derive_ike_keys(keymat, proposal, &dh, nonce_i, nonce_r, + ike_sa->get_id(ike_sa), old_prf, old_skd)) + { + if (old_sa) + { + peer_cfg_t *peer_cfg = old_sa->get_peer_cfg(old_sa); + + if (peer_cfg) + { + ike_sa->set_peer_cfg(ike_sa, peer_cfg); + ike_sa->inherit(ike_sa, old_sa); + } + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, old_sa); + old_sa = NULL; + } + ike_sa->set_state(ike_sa, IKE_CONNECTING); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + else + { + DBG1(DBG_IKE, "HA keymat derivation failed"); + ike_sa->destroy(ike_sa); + } + charon->bus->set_sa(charon->bus, NULL); + proposal->destroy(proposal); + } + if (old_sa) + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, old_sa); + } +} + +/** + * Apply a condition flag to the IKE_SA if it is in set + */ +static void set_condition(ike_sa_t *ike_sa, ike_condition_t set, + ike_condition_t flag) +{ + ike_sa->set_condition(ike_sa, flag, flag & set); +} + +/** + * Apply a extension flag to the IKE_SA if it is in set + */ +static void set_extension(ike_sa_t *ike_sa, ike_extension_t set, + ike_extension_t flag) +{ + if (flag & set) + { + ike_sa->enable_extension(ike_sa, flag); + } +} + +/** + * Process messages of type IKE_UPDATE + */ +static void process_ike_update(private_ha_dispatcher_t *this, + ha_message_t *message) +{ + ha_message_attribute_t attribute; + ha_message_value_t value; + enumerator_t *enumerator; + ike_sa_t *ike_sa = NULL; + peer_cfg_t *peer_cfg = NULL; + + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + if (attribute != HA_IKE_ID && ike_sa == NULL) + { + /* must be first attribute */ + break; + } + switch (attribute) + { + case HA_IKE_ID: + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + value.ike_sa_id); + break; + case HA_LOCAL_ID: + ike_sa->set_my_id(ike_sa, value.id->clone(value.id)); + break; + case HA_REMOTE_ID: + ike_sa->set_other_id(ike_sa, value.id->clone(value.id)); + break; + case HA_LOCAL_ADDR: + ike_sa->set_my_host(ike_sa, value.host->clone(value.host)); + break; + case HA_REMOTE_ADDR: + ike_sa->set_other_host(ike_sa, value.host->clone(value.host)); + break; + case HA_LOCAL_VIP: + ike_sa->set_virtual_ip(ike_sa, TRUE, value.host); + break; + case HA_REMOTE_VIP: + ike_sa->set_virtual_ip(ike_sa, FALSE, value.host); + break; + case HA_ADDITIONAL_ADDR: + ike_sa->add_additional_address(ike_sa, + value.host->clone(value.host)); + break; + case HA_CONFIG_NAME: + peer_cfg = charon->backends->get_peer_cfg_by_name( + charon->backends, value.str); + if (peer_cfg) + { + ike_sa->set_peer_cfg(ike_sa, peer_cfg); + peer_cfg->destroy(peer_cfg); + } + else + { + DBG1(DBG_IKE, "HA is missing nodes peer configuration"); + } + break; + case HA_EXTENSIONS: + set_extension(ike_sa, value.u32, EXT_NATT); + set_extension(ike_sa, value.u32, EXT_MOBIKE); + set_extension(ike_sa, value.u32, EXT_HASH_AND_URL); + break; + case HA_CONDITIONS: + set_condition(ike_sa, value.u32, COND_NAT_ANY); + set_condition(ike_sa, value.u32, COND_NAT_HERE); + set_condition(ike_sa, value.u32, COND_NAT_THERE); + set_condition(ike_sa, value.u32, COND_NAT_FAKE); + set_condition(ike_sa, value.u32, COND_EAP_AUTHENTICATED); + set_condition(ike_sa, value.u32, COND_CERTREQ_SEEN); + set_condition(ike_sa, value.u32, COND_ORIGINAL_INITIATOR); + break; + case HA_INITIATE_MID: + ike_sa->set_message_id(ike_sa, TRUE, value.u32); + break; + case HA_RESPOND_MID: + ike_sa->set_message_id(ike_sa, FALSE, value.u32); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + if (ike_sa) + { + if (ike_sa->get_state(ike_sa) == IKE_CONNECTING && + ike_sa->get_peer_cfg(ike_sa)) + { + ike_sa->set_state(ike_sa, IKE_PASSIVE); + } + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } +} + +/** + * Process messages of type IKE_DELETE + */ +static void process_ike_delete(private_ha_dispatcher_t *this, + ha_message_t *message) +{ + ha_message_attribute_t attribute; + ha_message_value_t value; + enumerator_t *enumerator; + ike_sa_t *ike_sa; + + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + switch (attribute) + { + case HA_IKE_ID: + ike_sa = charon->ike_sa_manager->checkout( + charon->ike_sa_manager, value.ike_sa_id); + if (ike_sa) + { + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } + break; + default: + break; + } + } + enumerator->destroy(enumerator); +} + +/** + * Lookup a child cfg from the peer cfg by name + */ +static child_cfg_t* find_child_cfg(ike_sa_t *ike_sa, char *name) +{ + peer_cfg_t *peer_cfg; + child_cfg_t *current, *found = NULL; + enumerator_t *enumerator; + + peer_cfg = ike_sa->get_peer_cfg(ike_sa); + if (peer_cfg) + { + enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (streq(current->get_name(current), name)) + { + found = current; + break; + } + } + enumerator->destroy(enumerator); + } + return found; +} + +/** + * Process messages of type CHILD_ADD + */ +static void process_child_add(private_ha_dispatcher_t *this, + ha_message_t *message) +{ + ha_message_attribute_t attribute; + ha_message_value_t value; + enumerator_t *enumerator; + ike_sa_t *ike_sa = NULL; + char *config_name = ""; + child_cfg_t *config = NULL; + child_sa_t *child_sa; + proposal_t *proposal; + keymat_t *keymat; + bool initiator = FALSE, failed = FALSE; + u_int32_t inbound_spi = 0, outbound_spi = 0; + u_int16_t inbound_cpi = 0, outbound_cpi = 0; + u_int8_t mode = MODE_TUNNEL, ipcomp = 0; + u_int16_t encr = ENCR_UNDEFINED, integ = AUTH_UNDEFINED, len = 0; + chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty; + chunk_t encr_i, integ_i, encr_r, integ_r; + linked_list_t *local_ts, *remote_ts; + /* quick and dirty hack of a DH implementation */ + diffie_hellman_t dh = { .get_shared_secret = get_shared_secret, + .destroy = (void*)&secret }; + + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + switch (attribute) + { + case HA_IKE_ID: + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + value.ike_sa_id); + initiator = value.ike_sa_id->is_initiator(value.ike_sa_id); + break; + case HA_CONFIG_NAME: + config_name = value.str; + break; + case HA_INBOUND_SPI: + inbound_spi = value.u32; + break; + case HA_OUTBOUND_SPI: + outbound_spi = value.u32; + break; + case HA_INBOUND_CPI: + inbound_cpi = value.u32; + break; + case HA_OUTBOUND_CPI: + outbound_cpi = value.u32; + break; + case HA_IPSEC_MODE: + mode = value.u8; + break; + case HA_IPCOMP: + ipcomp = value.u8; + break; + case HA_ALG_ENCR: + encr = value.u16; + break; + case HA_ALG_ENCR_LEN: + len = value.u16; + break; + case HA_ALG_INTEG: + integ = value.u16; + break; + case HA_NONCE_I: + nonce_i = value.chunk; + break; + case HA_NONCE_R: + nonce_r = value.chunk; + break; + case HA_SECRET: + secret = value.chunk; + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + if (!ike_sa) + { + DBG1(DBG_CHD, "IKE_SA for HA CHILD_SA not found"); + return; + } + config = find_child_cfg(ike_sa, config_name); + if (!config) + { + DBG1(DBG_CHD, "HA is missing nodes child configuration"); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + return; + } + + child_sa = child_sa_create(ike_sa->get_my_host(ike_sa), + ike_sa->get_other_host(ike_sa), config, 0, + ike_sa->has_condition(ike_sa, COND_NAT_ANY)); + child_sa->set_mode(child_sa, mode); + child_sa->set_protocol(child_sa, PROTO_ESP); + child_sa->set_ipcomp(child_sa, ipcomp); + + proposal = proposal_create(PROTO_ESP); + if (integ) + { + proposal->add_algorithm(proposal, INTEGRITY_ALGORITHM, integ, 0); + } + if (encr) + { + proposal->add_algorithm(proposal, ENCRYPTION_ALGORITHM, encr, len); + } + keymat = ike_sa->get_keymat(ike_sa); + + if (!keymat->derive_child_keys(keymat, proposal, secret.ptr ? &dh : NULL, + nonce_i, nonce_r, &encr_i, &integ_i, &encr_r, &integ_r)) + { + DBG1(DBG_CHD, "HA CHILD_SA key derivation failed"); + child_sa->destroy(child_sa); + proposal->destroy(proposal); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + return; + } + child_sa->set_proposal(child_sa, proposal); + child_sa->set_state(child_sa, CHILD_INSTALLING); + proposal->destroy(proposal); + + /* TODO: Change CHILD_SA API to avoid cloning twice */ + local_ts = linked_list_create(); + remote_ts = linked_list_create(); + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + switch (attribute) + { + case HA_LOCAL_TS: + local_ts->insert_last(local_ts, value.ts->clone(value.ts)); + break; + case HA_REMOTE_TS: + remote_ts->insert_last(remote_ts, value.ts->clone(value.ts)); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + if (initiator) + { + if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi, + inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS || + child_sa->install(child_sa, encr_i, integ_i, outbound_spi, + outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS) + { + failed = TRUE; + } + } + else + { + if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi, + inbound_cpi, TRUE, local_ts, remote_ts) != SUCCESS || + child_sa->install(child_sa, encr_r, integ_r, outbound_spi, + outbound_cpi, FALSE, local_ts, remote_ts) != SUCCESS) + { + failed = TRUE; + } + } + chunk_clear(&encr_i); + chunk_clear(&integ_i); + chunk_clear(&encr_r); + chunk_clear(&integ_r); + + if (failed) + { + DBG1(DBG_CHD, "HA CHILD_SA installation failed"); + child_sa->destroy(child_sa); + local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy)); + remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy)); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + return; + } + + child_sa->add_policies(child_sa, local_ts, remote_ts); + local_ts->destroy_offset(local_ts, offsetof(traffic_selector_t, destroy)); + remote_ts->destroy_offset(remote_ts, offsetof(traffic_selector_t, destroy)); + + child_sa->set_state(child_sa, CHILD_INSTALLED); + ike_sa->add_child_sa(ike_sa, child_sa); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); +} + +/** + * Process messages of type CHILD_DELETE + */ +static void process_child_delete(private_ha_dispatcher_t *this, + ha_message_t *message) +{ + ha_message_attribute_t attribute; + ha_message_value_t value; + enumerator_t *enumerator; + ike_sa_t *ike_sa = NULL; + + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + switch (attribute) + { + case HA_IKE_ID: + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, + value.ike_sa_id); + break; + case HA_INBOUND_SPI: + if (ike_sa) + { + ike_sa->destroy_child_sa(ike_sa, PROTO_ESP, value.u32); + } + break; + default: + break; + } + } + if (ike_sa) + { + charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa); + } + enumerator->destroy(enumerator); +} + +/** + * Process messages of type SEGMENT_TAKE/DROP + */ +static void process_segment(private_ha_dispatcher_t *this, + ha_message_t *message, bool take) +{ + ha_message_attribute_t attribute; + ha_message_value_t value; + enumerator_t *enumerator; + + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + switch (attribute) + { + case HA_SEGMENT: + if (take) + { + DBG1(DBG_CFG, "remote node takes segment %d", value.u16); + this->segments->deactivate(this->segments, value.u16, FALSE); + } + else + { + DBG1(DBG_CFG, "remote node drops segment %d", value.u16); + this->segments->activate(this->segments, value.u16, FALSE); + } + break; + default: + break; + } + } + enumerator->destroy(enumerator); +} + +/** + * Process messages of type STATUS + */ +static void process_status(private_ha_dispatcher_t *this, + ha_message_t *message) +{ + ha_message_attribute_t attribute; + ha_message_value_t value; + enumerator_t *enumerator; + segment_mask_t mask = 0; + + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + switch (attribute) + { + case HA_SEGMENT: + mask |= SEGMENTS_BIT(value.u16); + break; + default: + break; + } + } + enumerator->destroy(enumerator); + + this->segments->handle_status(this->segments, mask); +} + +/** + * Process messages of type RESYNC + */ +static void process_resync(private_ha_dispatcher_t *this, + ha_message_t *message) +{ + ha_message_attribute_t attribute; + ha_message_value_t value; + enumerator_t *enumerator; + + enumerator = message->create_attribute_enumerator(message); + while (enumerator->enumerate(enumerator, &attribute, &value)) + { + switch (attribute) + { + case HA_SEGMENT: + this->segments->resync(this->segments, value.u16); + break; + default: + break; + } + } + enumerator->destroy(enumerator); +} + +/** + * Dispatcher job function + */ +static job_requeue_t dispatch(private_ha_dispatcher_t *this) +{ + ha_message_t *message; + + message = this->socket->pull(this->socket); + switch (message->get_type(message)) + { + case HA_IKE_ADD: + process_ike_add(this, message); + break; + case HA_IKE_UPDATE: + process_ike_update(this, message); + break; + case HA_IKE_DELETE: + process_ike_delete(this, message); + break; + case HA_CHILD_ADD: + process_child_add(this, message); + break; + case HA_CHILD_DELETE: + process_child_delete(this, message); + break; + case HA_SEGMENT_DROP: + process_segment(this, message, FALSE); + break; + case HA_SEGMENT_TAKE: + process_segment(this, message, TRUE); + break; + case HA_STATUS: + process_status(this, message); + break; + case HA_RESYNC: + process_resync(this, message); + break; + default: + DBG1(DBG_CFG, "received unknown HA message type %d", + message->get_type(message)); + break; + } + message->destroy(message); + + return JOB_REQUEUE_DIRECT; +} + +/** + * Implementation of ha_dispatcher_t.destroy. + */ +static void destroy(private_ha_dispatcher_t *this) +{ + this->job->cancel(this->job); + free(this); +} + +/** + * See header + */ +ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket, + ha_segments_t *segments) +{ + private_ha_dispatcher_t *this = malloc_thing(private_ha_dispatcher_t); + + this->public.destroy = (void(*)(ha_dispatcher_t*))destroy; + + this->socket = socket; + this->segments = segments; + this->job = callback_job_create((callback_job_cb_t)dispatch, + this, NULL, NULL); + charon->processor->queue_job(charon->processor, (job_t*)this->job); + + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_dispatcher.h b/src/libcharon/plugins/ha/ha_dispatcher.h new file mode 100644 index 000000000..d2baace3f --- /dev/null +++ b/src/libcharon/plugins/ha/ha_dispatcher.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_dispatcher ha_dispatcher + * @{ @ingroup ha + */ + +#ifndef HA_DISPATCHER_H_ +#define HA_DISPATCHER_H_ + +#include "ha_socket.h" +#include "ha_segments.h" + +typedef struct ha_dispatcher_t ha_dispatcher_t; + +/** + * The dispatcher pulls messages in a thread an processes them. + */ +struct ha_dispatcher_t { + + /** + * Destroy a ha_dispatcher_t. + */ + void (*destroy)(ha_dispatcher_t *this); +}; + +/** + * Create a ha_dispatcher instance pulling from socket. + * + * @param socket socket to pull messages from + * @param segments segments to control based on received messages + * @return dispatcher object + */ +ha_dispatcher_t *ha_dispatcher_create(ha_socket_t *socket, + ha_segments_t *segments); + +#endif /* HA_DISPATCHER_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c new file mode 100644 index 000000000..1f025d0e5 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_ike.c @@ -0,0 +1,280 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_ike.h" + +typedef struct private_ha_ike_t private_ha_ike_t; + +/** + * Private data of an ha_ike_t object. + */ +struct private_ha_ike_t { + + /** + * Public ha_ike_t interface. + */ + ha_ike_t public; + + /** + * socket we use for syncing + */ + ha_socket_t *socket; + + /** + * tunnel securing sync messages + */ + ha_tunnel_t *tunnel; +}; + +/** + * Return condition if it is set on ike_sa + */ +static ike_condition_t copy_condition(ike_sa_t *ike_sa, ike_condition_t cond) +{ + if (ike_sa->has_condition(ike_sa, cond)) + { + return cond; + } + return 0; +} + +/** + * Return extension if it is supported by peers IKE_SA + */ +static ike_extension_t copy_extension(ike_sa_t *ike_sa, ike_extension_t ext) +{ + if (ike_sa->supports_extension(ike_sa, ext)) + { + return ext; + } + return 0; +} + +/** + * Implementation of listener_t.ike_keys + */ +static bool ike_keys(private_ha_ike_t *this, ike_sa_t *ike_sa, + diffie_hellman_t *dh, chunk_t nonce_i, chunk_t nonce_r, + ike_sa_t *rekey) +{ + ha_message_t *m; + chunk_t secret; + proposal_t *proposal; + u_int16_t alg, len; + + if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) + { /* do not sync SA between nodes */ + return TRUE; + } + if (dh->get_shared_secret(dh, &secret) != SUCCESS) + { + return TRUE; + } + + m = ha_message_create(HA_IKE_ADD); + m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa)); + + if (rekey) + { + chunk_t skd; + keymat_t *keymat; + + keymat = rekey->get_keymat(rekey); + m->add_attribute(m, HA_IKE_REKEY_ID, rekey->get_id(rekey)); + m->add_attribute(m, HA_ALG_OLD_PRF, keymat->get_skd(keymat, &skd)); + m->add_attribute(m, HA_OLD_SKD, skd); + } + + proposal = ike_sa->get_proposal(ike_sa); + if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &len)) + { + m->add_attribute(m, HA_ALG_ENCR, alg); + if (len) + { + m->add_attribute(m, HA_ALG_ENCR_LEN, len); + } + } + if (proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL)) + { + m->add_attribute(m, HA_ALG_INTEG, alg); + } + if (proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL)) + { + m->add_attribute(m, HA_ALG_PRF, alg); + } + m->add_attribute(m, HA_NONCE_I, nonce_i); + m->add_attribute(m, HA_NONCE_R, nonce_r); + m->add_attribute(m, HA_SECRET, secret); + chunk_clear(&secret); + + this->socket->push(this->socket, m); + + return TRUE; +} + +/** + * Implementation of listener_t.ike_updown + */ +static bool ike_updown(private_ha_ike_t *this, ike_sa_t *ike_sa, bool up) +{ + ha_message_t *m; + + if (ike_sa->get_state(ike_sa) == IKE_PASSIVE) + { /* only sync active IKE_SAs */ + return TRUE; + } + if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) + { /* do not sync SA between nodes */ + return TRUE; + } + + if (up) + { + iterator_t *iterator; + peer_cfg_t *peer_cfg; + u_int32_t extension, condition; + host_t *addr; + ike_sa_id_t *id; + + peer_cfg = ike_sa->get_peer_cfg(ike_sa); + + condition = copy_condition(ike_sa, COND_NAT_ANY) + | copy_condition(ike_sa, COND_NAT_HERE) + | copy_condition(ike_sa, COND_NAT_THERE) + | copy_condition(ike_sa, COND_NAT_FAKE) + | copy_condition(ike_sa, COND_EAP_AUTHENTICATED) + | copy_condition(ike_sa, COND_CERTREQ_SEEN) + | copy_condition(ike_sa, COND_ORIGINAL_INITIATOR); + + extension = copy_extension(ike_sa, EXT_NATT) + | copy_extension(ike_sa, EXT_MOBIKE) + | copy_extension(ike_sa, EXT_HASH_AND_URL); + + id = ike_sa->get_id(ike_sa); + + m = ha_message_create(HA_IKE_UPDATE); + m->add_attribute(m, HA_IKE_ID, id); + m->add_attribute(m, HA_LOCAL_ID, ike_sa->get_my_id(ike_sa)); + m->add_attribute(m, HA_REMOTE_ID, ike_sa->get_other_id(ike_sa)); + m->add_attribute(m, HA_LOCAL_ADDR, ike_sa->get_my_host(ike_sa)); + m->add_attribute(m, HA_REMOTE_ADDR, ike_sa->get_other_host(ike_sa)); + m->add_attribute(m, HA_CONDITIONS, condition); + m->add_attribute(m, HA_EXTENSIONS, extension); + m->add_attribute(m, HA_CONFIG_NAME, peer_cfg->get_name(peer_cfg)); + iterator = ike_sa->create_additional_address_iterator(ike_sa); + while (iterator->iterate(iterator, (void**)&addr)) + { + m->add_attribute(m, HA_ADDITIONAL_ADDR, addr); + } + iterator->destroy(iterator); + } + else + { + m = ha_message_create(HA_IKE_DELETE); + m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa)); + } + this->socket->push(this->socket, m); + return TRUE; +} + +/** + * Implementation of listener_t.ike_rekey + */ +static bool ike_rekey(private_ha_ike_t *this, ike_sa_t *old, ike_sa_t *new) +{ + ike_updown(this, old, FALSE); + ike_updown(this, new, TRUE); + return TRUE; +} + +/** + * Implementation of listener_t.message + */ +static bool message_hook(private_ha_ike_t *this, ike_sa_t *ike_sa, + message_t *message, bool incoming) +{ + if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) + { /* do not sync SA between nodes */ + return TRUE; + } + + if (message->get_exchange_type(message) != IKE_SA_INIT && + message->get_request(message)) + { /* we sync on requests, but skip it on IKE_SA_INIT */ + ha_message_t *m; + u_int32_t mid; + + m = ha_message_create(HA_IKE_UPDATE); + m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa)); + mid = message->get_message_id(message) + 1; + if (incoming) + { + m->add_attribute(m, HA_RESPOND_MID, mid); + } + else + { + m->add_attribute(m, HA_INITIATE_MID, mid); + } + this->socket->push(this->socket, m); + } + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && + message->get_exchange_type(message) == IKE_AUTH && + !message->get_request(message)) + { /* After IKE_SA has been established, sync peers virtual IP. + * We cannot sync it in the state_change hook, it is installed later. + * TODO: where to sync local VIP? */ + ha_message_t *m; + host_t *vip; + + vip = ike_sa->get_virtual_ip(ike_sa, FALSE); + if (vip) + { + m = ha_message_create(HA_IKE_UPDATE); + m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa)); + m->add_attribute(m, HA_REMOTE_VIP, vip); + this->socket->push(this->socket, m); + } + } + return TRUE; +} + +/** + * Implementation of ha_ike_t.destroy. + */ +static void destroy(private_ha_ike_t *this) +{ + free(this); +} + +/** + * See header + */ +ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel) +{ + private_ha_ike_t *this = malloc_thing(private_ha_ike_t); + + memset(&this->public.listener, 0, sizeof(listener_t)); + this->public.listener.ike_keys = (bool(*)(listener_t*, ike_sa_t *ike_sa, diffie_hellman_t *dh,chunk_t nonce_i, chunk_t nonce_r, ike_sa_t *rekey))ike_keys; + this->public.listener.ike_updown = (bool(*)(listener_t*,ike_sa_t *ike_sa, bool up))ike_updown; + this->public.listener.ike_rekey = (bool(*)(listener_t*,ike_sa_t *old, ike_sa_t *new))ike_rekey; + this->public.listener.message = (bool(*)(listener_t*, ike_sa_t *, message_t *,bool))message_hook; + this->public.destroy = (void(*)(ha_ike_t*))destroy; + + this->socket = socket; + this->tunnel = tunnel; + + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_ike.h b/src/libcharon/plugins/ha/ha_ike.h new file mode 100644 index 000000000..9de210e67 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_ike.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_ike ha_ike + * @{ @ingroup ha + */ + +#ifndef HA_IKE_H_ +#define HA_IKE_H_ + +#include "ha_socket.h" +#include "ha_tunnel.h" +#include "ha_segments.h" + +#include <daemon.h> + +typedef struct ha_ike_t ha_ike_t; + +/** + * Listener to synchronize IKE_SAs. + */ +struct ha_ike_t { + + /** + * Implements bus listener interface. + */ + listener_t listener; + + /** + * Destroy a ha_ike_t. + */ + void (*destroy)(ha_ike_t *this); +}; + +/** + * Create a ha_ike instance. + * + * @param socket socket to use for sending synchronization messages + * @param tunnel tunnel securing sync messages, if any + * @return IKE listener + */ +ha_ike_t *ha_ike_create(ha_socket_t *socket, ha_tunnel_t *tunnel); + +#endif /* HA_IKE_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c new file mode 100644 index 000000000..0ad9c22c3 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_kernel.c @@ -0,0 +1,229 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_kernel.h" + +typedef u_int32_t u32; +typedef u_int8_t u8; + +#include <linux/jhash.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#define CLUSTERIP_DIR "/proc/net/ipt_CLUSTERIP" + +typedef struct private_ha_kernel_t private_ha_kernel_t; + +/** + * Private data of an ha_kernel_t object. + */ +struct private_ha_kernel_t { + + /** + * Public ha_kernel_t interface. + */ + ha_kernel_t public; + + /** + * Init value for jhash + */ + u_int initval; + + /** + * Total number of ClusterIP segments + */ + u_int count; +}; + +/** + * Implementation of ha_kernel_t.in_segment + */ +static bool in_segment(private_ha_kernel_t *this, host_t *host, u_int segment) +{ + if (host->get_family(host) == AF_INET) + { + unsigned long hash; + u_int32_t addr; + + addr = *(u_int32_t*)host->get_address(host).ptr; + hash = jhash_1word(ntohl(addr), this->initval); + + if ((((u_int64_t)hash * this->count) >> 32) + 1 == segment) + { + return TRUE; + } + } + return FALSE; +} + +/** + * Activate/Deactivate a segment for a given clusterip file + */ +static void enable_disable(private_ha_kernel_t *this, u_int segment, + char *file, bool enable) +{ + char cmd[8]; + int fd; + + snprintf(cmd, sizeof(cmd), "%c%d\n", enable ? '+' : '-', segment); + + fd = open(file, O_WRONLY); + if (fd == -1) + { + DBG1(DBG_CFG, "opening CLUSTERIP file '%s' failed: %s", + file, strerror(errno)); + return; + } + if (write(fd, cmd, strlen(cmd) == -1)) + { + DBG1(DBG_CFG, "writing to CLUSTERIP file '%s' failed: %s", + file, strerror(errno)); + } + close(fd); +} + +/** + * Get the currenlty active segments in the kernel for a clusterip file + */ +static segment_mask_t get_active(private_ha_kernel_t *this, char *file) +{ + char buf[256]; + segment_mask_t mask = 0; + ssize_t len; + int fd; + + fd = open(file, O_RDONLY); + if (fd == -1) + { + DBG1(DBG_CFG, "opening CLUSTERIP file '%s' failed: %s", + file, strerror(errno)); + return 0; + } + len = read(fd, buf, sizeof(buf)-1); + if (len == -1) + { + DBG1(DBG_CFG, "reading from CLUSTERIP file '%s' failed: %s", + file, strerror(errno)); + } + else + { + enumerator_t *enumerator; + u_int segment; + char *token; + + buf[len] = '\0'; + enumerator = enumerator_create_token(buf, ",", " "); + while (enumerator->enumerate(enumerator, &token)) + { + segment = atoi(token); + if (segment) + { + mask |= SEGMENTS_BIT(segment); + } + } + enumerator->destroy(enumerator); + } + return mask; +} + +/** + * Implementation of ha_kernel_t.activate + */ +static void activate(private_ha_kernel_t *this, u_int segment) +{ + enumerator_t *enumerator; + char *file; + + enumerator = enumerator_create_directory(CLUSTERIP_DIR); + while (enumerator->enumerate(enumerator, NULL, &file, NULL)) + { + enable_disable(this, segment, file, TRUE); + } + enumerator->destroy(enumerator); +} + +/** + * Implementation of ha_kernel_t.deactivate + */ +static void deactivate(private_ha_kernel_t *this, u_int segment) +{ + enumerator_t *enumerator; + char *file; + + enumerator = enumerator_create_directory(CLUSTERIP_DIR); + while (enumerator->enumerate(enumerator, NULL, &file, NULL)) + { + enable_disable(this, segment, file, FALSE); + } + enumerator->destroy(enumerator); +} + +/** + * Disable all not-yet disabled segments on all clusterip addresses + */ +static void disable_all(private_ha_kernel_t *this) +{ + enumerator_t *enumerator; + segment_mask_t active; + char *file; + int i; + + enumerator = enumerator_create_directory(CLUSTERIP_DIR); + while (enumerator->enumerate(enumerator, NULL, &file, NULL)) + { + active = get_active(this, file); + for (i = 1; i <= this->count; i++) + { + if (active & SEGMENTS_BIT(i)) + { + enable_disable(this, i, file, FALSE); + } + } + } + enumerator->destroy(enumerator); +} + +/** + * Implementation of ha_kernel_t.destroy. + */ +static void destroy(private_ha_kernel_t *this) +{ + free(this); +} + +/** + * See header + */ +ha_kernel_t *ha_kernel_create(u_int count) +{ + private_ha_kernel_t *this = malloc_thing(private_ha_kernel_t); + + this->public.in_segment = (bool(*)(ha_kernel_t*, host_t *host, u_int segment))in_segment; + this->public.activate = (void(*)(ha_kernel_t*, u_int segment))activate; + this->public.deactivate = (void(*)(ha_kernel_t*, u_int segment))deactivate; + this->public.destroy = (void(*)(ha_kernel_t*))destroy; + + this->initval = 0; + this->count = count; + + disable_all(this); + + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_kernel.h b/src/libcharon/plugins/ha/ha_kernel.h new file mode 100644 index 000000000..b37cc7667 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_kernel.h @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_kernel ha_kernel + * @{ @ingroup ha + */ + +#ifndef HA_KERNEL_H_ +#define HA_KERNEL_H_ + +typedef struct ha_kernel_t ha_kernel_t; + +#include "ha_segments.h" + +/** + * HA segment kernel configuration interface. + */ +struct ha_kernel_t { + + /** + * Check if a host is in a segment. + * + * @param host host to check + * @param segment segment + * @return TRUE if host belongs to segment + */ + bool (*in_segment)(ha_kernel_t *this, host_t *host, u_int segment); + + /** + * Activate a segment at kernel level for all cluster addresses. + * + * @param segment segment to activate + */ + void (*activate)(ha_kernel_t *this, u_int segment); + + /** + * Deactivate a segment at kernel level for all cluster addresses. + * + * @param segment segment to deactivate + */ + void (*deactivate)(ha_kernel_t *this, u_int segment); + + /** + * Destroy a ha_kernel_t. + */ + void (*destroy)(ha_kernel_t *this); +}; + +/** + * Create a ha_kernel instance. + * + * @param count total number of segments to use + * @param active bitmask of initially active segments + */ +ha_kernel_t *ha_kernel_create(u_int count); + +#endif /* HA_KERNEL_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c new file mode 100644 index 000000000..54b10f05d --- /dev/null +++ b/src/libcharon/plugins/ha/ha_message.c @@ -0,0 +1,663 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <string.h> +#include <arpa/inet.h> + +#include "ha_message.h" + +#include <daemon.h> + +#define ALLOCATION_BLOCK 64 + +typedef struct private_ha_message_t private_ha_message_t; + +/** + * Private data of an ha_message_t object. + */ +struct private_ha_message_t { + + /** + * Public ha_message_t interface. + */ + ha_message_t public; + + /** + * Allocated size of buf + */ + size_t allocated; + + /** + * Buffer containing encoded data + */ + chunk_t buf; +}; + +typedef struct ike_sa_id_encoding_t ike_sa_id_encoding_t; + +/** + * Encoding if an ike_sa_id_t + */ +struct ike_sa_id_encoding_t { + u_int64_t initiator_spi; + u_int64_t responder_spi; + u_int8_t initiator; +} __attribute__((packed)); + +typedef struct identification_encoding_t identification_encoding_t; + +/** + * Encoding of a identification_t + */ +struct identification_encoding_t { + u_int8_t type; + u_int8_t len; + char encoding[]; +} __attribute__((packed)); + +typedef struct host_encoding_t host_encoding_t; + +/** + * encoding of a host_t + */ +struct host_encoding_t { + u_int16_t port; + u_int8_t family; + char encoding[]; +} __attribute__((packed)); + +typedef struct ts_encoding_t ts_encoding_t; + +/** + * encoding of a traffic_selector_t + */ +struct ts_encoding_t { + u_int8_t type; + u_int8_t protocol; + u_int16_t from_port; + u_int16_t to_port; + u_int8_t dynamic; + char encoding[]; +} __attribute__((packed)); + +/** + * Implementation of ha_message_t.get_type + */ +static ha_message_type_t get_type(private_ha_message_t *this) +{ + return this->buf.ptr[1]; +} + +/** + * check for space in buffer, increase if necessary + */ +static void check_buf(private_ha_message_t *this, size_t len) +{ + int increased = 0; + + while (this->buf.len + len > this->allocated) + { /* double size */ + this->allocated += ALLOCATION_BLOCK; + increased++; + } + if (increased) + { + this->buf.ptr = realloc(this->buf.ptr, this->allocated); + } +} + +/** + * Implementation of ha_message_t.add_attribute + */ +static void add_attribute(private_ha_message_t *this, + ha_message_attribute_t attribute, ...) +{ + size_t len; + va_list args; + + check_buf(this, sizeof(u_int8_t)); + this->buf.ptr[this->buf.len] = attribute; + this->buf.len += sizeof(u_int8_t); + + va_start(args, attribute); + switch (attribute) + { + /* ike_sa_id_t* */ + case HA_IKE_ID: + case HA_IKE_REKEY_ID: + { + ike_sa_id_encoding_t *enc; + ike_sa_id_t *id; + + id = va_arg(args, ike_sa_id_t*); + check_buf(this, sizeof(ike_sa_id_encoding_t)); + enc = (ike_sa_id_encoding_t*)(this->buf.ptr + this->buf.len); + this->buf.len += sizeof(ike_sa_id_encoding_t); + enc->initiator = id->is_initiator(id); + enc->initiator_spi = id->get_initiator_spi(id); + enc->responder_spi = id->get_responder_spi(id); + break; + } + /* identification_t* */ + case HA_LOCAL_ID: + case HA_REMOTE_ID: + { + identification_encoding_t *enc; + identification_t *id; + chunk_t data; + + id = va_arg(args, identification_t*); + data = id->get_encoding(id); + check_buf(this, sizeof(identification_encoding_t) + data.len); + enc = (identification_encoding_t*)(this->buf.ptr + this->buf.len); + this->buf.len += sizeof(identification_encoding_t) + data.len; + enc->type = id->get_type(id); + enc->len = data.len; + memcpy(enc->encoding, data.ptr, data.len); + break; + } + /* host_t* */ + case HA_LOCAL_ADDR: + case HA_REMOTE_ADDR: + case HA_LOCAL_VIP: + case HA_REMOTE_VIP: + case HA_ADDITIONAL_ADDR: + { + host_encoding_t *enc; + host_t *host; + chunk_t data; + + host = va_arg(args, host_t*); + data = host->get_address(host); + check_buf(this, sizeof(host_encoding_t) + data.len); + enc = (host_encoding_t*)(this->buf.ptr + this->buf.len); + this->buf.len += sizeof(host_encoding_t) + data.len; + enc->family = host->get_family(host); + enc->port = htons(host->get_port(host)); + memcpy(enc->encoding, data.ptr, data.len); + break; + } + /* char* */ + case HA_CONFIG_NAME: + { + char *str; + + str = va_arg(args, char*); + len = strlen(str) + 1; + check_buf(this, len); + memcpy(this->buf.ptr + this->buf.len, str, len); + this->buf.len += len; + break; + } + /* u_int8_t */ + case HA_IPSEC_MODE: + case HA_IPCOMP: + { + u_int8_t val; + + val = va_arg(args, u_int); + check_buf(this, sizeof(val)); + this->buf.ptr[this->buf.len] = val; + this->buf.len += sizeof(val); + break; + } + /* u_int16_t */ + case HA_ALG_PRF: + case HA_ALG_OLD_PRF: + case HA_ALG_ENCR: + case HA_ALG_ENCR_LEN: + case HA_ALG_INTEG: + case HA_INBOUND_CPI: + case HA_OUTBOUND_CPI: + case HA_SEGMENT: + { + u_int16_t val; + + val = va_arg(args, u_int); + check_buf(this, sizeof(val)); + *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(val); + this->buf.len += sizeof(val); + break; + } + /** u_int32_t */ + case HA_CONDITIONS: + case HA_EXTENSIONS: + case HA_INBOUND_SPI: + case HA_OUTBOUND_SPI: + case HA_INITIATE_MID: + case HA_RESPOND_MID: + { + u_int32_t val; + + val = va_arg(args, u_int); + check_buf(this, sizeof(val)); + *(u_int32_t*)(this->buf.ptr + this->buf.len) = htonl(val); + this->buf.len += sizeof(val); + break; + } + /** chunk_t */ + case HA_NONCE_I: + case HA_NONCE_R: + case HA_SECRET: + case HA_OLD_SKD: + { + chunk_t chunk; + + chunk = va_arg(args, chunk_t); + check_buf(this, chunk.len + sizeof(u_int16_t)); + *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len); + memcpy(this->buf.ptr + this->buf.len + sizeof(u_int16_t), + chunk.ptr, chunk.len); + this->buf.len += chunk.len + sizeof(u_int16_t);; + break; + } + /** traffic_selector_t */ + case HA_LOCAL_TS: + case HA_REMOTE_TS: + { + ts_encoding_t *enc; + traffic_selector_t *ts; + chunk_t data; + + ts = va_arg(args, traffic_selector_t*); + data = chunk_cata("cc", ts->get_from_address(ts), + ts->get_to_address(ts)); + check_buf(this, sizeof(ts_encoding_t) + data.len); + enc = (ts_encoding_t*)(this->buf.ptr + this->buf.len); + this->buf.len += sizeof(ts_encoding_t) + data.len; + enc->type = ts->get_type(ts); + enc->protocol = ts->get_protocol(ts); + enc->from_port = htons(ts->get_from_port(ts)); + enc->to_port = htons(ts->get_to_port(ts)); + enc->dynamic = ts->is_dynamic(ts); + memcpy(enc->encoding, data.ptr, data.len); + break; + } + default: + { + DBG1(DBG_CFG, "unable to encode, attribute %d unknown", attribute); + this->buf.len -= sizeof(u_int8_t); + break; + } + } + va_end(args); +} + +/** + * Attribute enumerator implementation + */ +typedef struct { + /** implementes enumerator_t */ + enumerator_t public; + /** position in message */ + chunk_t buf; + /** cleanup handler of current element, if any */ + void (*cleanup)(void* data); + /** data to pass to cleanup handler */ + void *cleanup_data; +} attribute_enumerator_t; + +/** + * Implementation of create_attribute_enumerator().enumerate + */ +static bool attribute_enumerate(attribute_enumerator_t *this, + ha_message_attribute_t *attr_out, + ha_message_value_t *value) +{ + ha_message_attribute_t attr; + + if (this->cleanup) + { + this->cleanup(this->cleanup_data); + this->cleanup = NULL; + } + if (this->buf.len < 1) + { + return FALSE; + } + attr = this->buf.ptr[0]; + this->buf = chunk_skip(this->buf, 1); + switch (attr) + { + /* ike_sa_id_t* */ + case HA_IKE_ID: + case HA_IKE_REKEY_ID: + { + ike_sa_id_encoding_t *enc; + + if (this->buf.len < sizeof(ike_sa_id_encoding_t)) + { + return FALSE; + } + enc = (ike_sa_id_encoding_t*)(this->buf.ptr); + value->ike_sa_id = ike_sa_id_create(enc->initiator_spi, + enc->responder_spi, enc->initiator); + *attr_out = attr; + this->cleanup = (void*)value->ike_sa_id->destroy; + this->cleanup_data = value->ike_sa_id; + this->buf = chunk_skip(this->buf, sizeof(ike_sa_id_encoding_t)); + return TRUE; + } + /* identification_t* */ + case HA_LOCAL_ID: + case HA_REMOTE_ID: + { + identification_encoding_t *enc; + + enc = (identification_encoding_t*)(this->buf.ptr); + if (this->buf.len < sizeof(identification_encoding_t) || + this->buf.len < sizeof(identification_encoding_t) + enc->len) + { + return FALSE; + } + value->id = identification_create_from_encoding(enc->type, + chunk_create(enc->encoding, enc->len)); + *attr_out = attr; + this->cleanup = (void*)value->id->destroy; + this->cleanup_data = value->id; + this->buf = chunk_skip(this->buf, + sizeof(identification_encoding_t) + enc->len); + return TRUE; + } + /* host_t* */ + case HA_LOCAL_ADDR: + case HA_REMOTE_ADDR: + case HA_LOCAL_VIP: + case HA_REMOTE_VIP: + case HA_ADDITIONAL_ADDR: + { + host_encoding_t *enc; + + enc = (host_encoding_t*)(this->buf.ptr); + if (this->buf.len < sizeof(host_encoding_t)) + { + return FALSE; + } + value->host = host_create_from_chunk(enc->family, + chunk_create(enc->encoding, + this->buf.len - sizeof(host_encoding_t)), + ntohs(enc->port)); + if (!value->host) + { + return FALSE; + } + *attr_out = attr; + this->cleanup = (void*)value->host->destroy; + this->cleanup_data = value->host; + this->buf = chunk_skip(this->buf, sizeof(host_encoding_t) + + value->host->get_address(value->host).len); + return TRUE; + } + /* char* */ + case HA_CONFIG_NAME: + { + size_t len; + + len = strnlen(this->buf.ptr, this->buf.len); + if (len >= this->buf.len) + { + return FALSE; + } + value->str = this->buf.ptr; + *attr_out = attr; + this->buf = chunk_skip(this->buf, len + 1); + return TRUE; + } + /* u_int8_t */ + case HA_IPSEC_MODE: + case HA_IPCOMP: + { + if (this->buf.len < sizeof(u_int8_t)) + { + return FALSE; + } + value->u8 = *(u_int8_t*)this->buf.ptr; + *attr_out = attr; + this->buf = chunk_skip(this->buf, sizeof(u_int8_t)); + return TRUE; + } + /** u_int16_t */ + case HA_ALG_PRF: + case HA_ALG_OLD_PRF: + case HA_ALG_ENCR: + case HA_ALG_ENCR_LEN: + case HA_ALG_INTEG: + case HA_INBOUND_CPI: + case HA_OUTBOUND_CPI: + case HA_SEGMENT: + { + if (this->buf.len < sizeof(u_int16_t)) + { + return FALSE; + } + value->u16 = ntohs(*(u_int16_t*)this->buf.ptr); + *attr_out = attr; + this->buf = chunk_skip(this->buf, sizeof(u_int16_t)); + return TRUE; + } + /** u_int32_t */ + case HA_CONDITIONS: + case HA_EXTENSIONS: + case HA_INBOUND_SPI: + case HA_OUTBOUND_SPI: + case HA_INITIATE_MID: + case HA_RESPOND_MID: + { + if (this->buf.len < sizeof(u_int32_t)) + { + return FALSE; + } + value->u32 = ntohl(*(u_int32_t*)this->buf.ptr); + *attr_out = attr; + this->buf = chunk_skip(this->buf, sizeof(u_int32_t)); + return TRUE; + } + /** chunk_t */ + case HA_NONCE_I: + case HA_NONCE_R: + case HA_SECRET: + case HA_OLD_SKD: + { + size_t len; + + if (this->buf.len < sizeof(u_int16_t)) + { + return FALSE; + } + len = ntohs(*(u_int16_t*)this->buf.ptr); + this->buf = chunk_skip(this->buf, sizeof(u_int16_t)); + if (this->buf.len < len) + { + return FALSE; + } + value->chunk.len = len; + value->chunk.ptr = this->buf.ptr; + *attr_out = attr; + this->buf = chunk_skip(this->buf, len); + return TRUE; + } + case HA_LOCAL_TS: + case HA_REMOTE_TS: + { + ts_encoding_t *enc; + host_t *host; + int addr_len; + + enc = (ts_encoding_t*)(this->buf.ptr); + if (this->buf.len < sizeof(ts_encoding_t)) + { + return FALSE; + } + switch (enc->type) + { + case TS_IPV4_ADDR_RANGE: + addr_len = 4; + if (this->buf.len < sizeof(ts_encoding_t) + 2 * addr_len) + { + return FALSE; + } + break; + case TS_IPV6_ADDR_RANGE: + addr_len = 16; + if (this->buf.len < sizeof(ts_encoding_t) + 2 * addr_len) + { + return FALSE; + } + break; + default: + return FALSE; + } + if (enc->dynamic) + { + host = host_create_from_chunk(0, + chunk_create(enc->encoding, addr_len), 0); + if (!host) + { + return FALSE; + } + value->ts = traffic_selector_create_dynamic(enc->protocol, + ntohs(enc->from_port), ntohs(enc->to_port)); + value->ts->set_address(value->ts, host); + host->destroy(host); + } + else + { + value->ts = traffic_selector_create_from_bytes(enc->protocol, + enc->type, chunk_create(enc->encoding, addr_len), + ntohs(enc->from_port), + chunk_create(enc->encoding + addr_len, addr_len), + ntohs(enc->to_port)); + if (!value->ts) + { + return FALSE; + } + } + *attr_out = attr; + this->cleanup = (void*)value->ts->destroy; + this->cleanup_data = value->ts; + this->buf = chunk_skip(this->buf, sizeof(ts_encoding_t) + + addr_len * 2); + return TRUE; + } + default: + { + return FALSE; + } + } +} + +/** + * Implementation of create_attribute_enumerator().destroy + */ +static void enum_destroy(attribute_enumerator_t *this) +{ + if (this->cleanup) + { + this->cleanup(this->cleanup_data); + } + free(this); +} + +/** + * Implementation of ha_message_t.create_attribute_enumerator + */ +static enumerator_t* create_attribute_enumerator(private_ha_message_t *this) +{ + attribute_enumerator_t *e = malloc_thing(attribute_enumerator_t); + + e->public.enumerate = (void*)attribute_enumerate; + e->public.destroy = (void*)enum_destroy; + + e->buf = chunk_skip(this->buf, 2); + e->cleanup = NULL; + e->cleanup_data = NULL; + + return &e->public; +} + +/** + * Implementation of ha_message_t.get_encoding + */ +static chunk_t get_encoding(private_ha_message_t *this) +{ + return this->buf; +} + +/** + * Implementation of ha_message_t.destroy. + */ +static void destroy(private_ha_message_t *this) +{ + free(this->buf.ptr); + free(this); +} + + +static private_ha_message_t *ha_message_create_generic() +{ + private_ha_message_t *this = malloc_thing(private_ha_message_t); + + this->public.get_type = (ha_message_type_t(*)(ha_message_t*))get_type; + this->public.add_attribute = (void(*)(ha_message_t*, ha_message_attribute_t attribute, ...))add_attribute; + this->public.create_attribute_enumerator = (enumerator_t*(*)(ha_message_t*))create_attribute_enumerator; + this->public.get_encoding = (chunk_t(*)(ha_message_t*))get_encoding; + this->public.destroy = (void(*)(ha_message_t*))destroy; + + return this; +} + +/** + * See header + */ +ha_message_t *ha_message_create(ha_message_type_t type) +{ + private_ha_message_t *this = ha_message_create_generic(); + + this->allocated = ALLOCATION_BLOCK; + this->buf.ptr = malloc(this->allocated); + this->buf.len = 2; + this->buf.ptr[0] = HA_MESSAGE_VERSION; + this->buf.ptr[1] = type; + + return &this->public; +} + +/** + * See header + */ +ha_message_t *ha_message_parse(chunk_t data) +{ + private_ha_message_t *this; + + if (data.len < 2) + { + DBG1(DBG_CFG, "HA message too short"); + return NULL; + } + if (data.ptr[0] != HA_MESSAGE_VERSION) + { + DBG1(DBG_CFG, "HA message has version %d, expected %d", + data.ptr[0], HA_MESSAGE_VERSION); + return NULL; + } + + this = ha_message_create_generic(); + this->buf = chunk_clone(data); + this->allocated = this->buf.len; + + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h new file mode 100644 index 000000000..b2bc23724 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_message.h @@ -0,0 +1,205 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_message ha_message + * @{ @ingroup ha + */ + +#ifndef HA_MESSAGE_H_ +#define HA_MESSAGE_H_ + +#include <library.h> +#include <utils/host.h> +#include <utils/identification.h> +#include <sa/ike_sa_id.h> +#include <selectors/traffic_selector.h> + +/** + * Protocol version of this implementation + */ +#define HA_MESSAGE_VERSION 1 + +typedef struct ha_message_t ha_message_t; +typedef enum ha_message_type_t ha_message_type_t; +typedef enum ha_message_attribute_t ha_message_attribute_t; +typedef union ha_message_value_t ha_message_value_t; + +/** + * Type of a HA message + */ +enum ha_message_type_t { + /** add a completely new IKE_SA */ + HA_IKE_ADD = 1, + /** update an existing IKE_SA (message IDs, address update, ...) */ + HA_IKE_UPDATE, + /** delete an existing IKE_SA */ + HA_IKE_DELETE, + /** add a new CHILD_SA */ + HA_CHILD_ADD, + /** delete an existing CHILD_SA */ + HA_CHILD_DELETE, + /** segments the sending node is giving up */ + HA_SEGMENT_DROP, + /** segments the sending node is taking over */ + HA_SEGMENT_TAKE, + /** status with the segments the sending node is currently serving */ + HA_STATUS, + /** segments the receiving node is requested to resync */ + HA_RESYNC, +}; + +/** + * Type of attributes contained in a message + */ +enum ha_message_attribute_t { + /** ike_sa_id_t*, to identify IKE_SA */ + HA_IKE_ID = 1, + /** ike_Sa_id_t*, identifies IKE_SA which gets rekeyed */ + HA_IKE_REKEY_ID, + /** identification_t*, local identity */ + HA_LOCAL_ID, + /** identification_t*, remote identity */ + HA_REMOTE_ID, + /** host_t*, local address */ + HA_LOCAL_ADDR, + /** host_t*, remote address */ + HA_REMOTE_ADDR, + /** char*, name of configuration */ + HA_CONFIG_NAME, + /** u_int32_t, bitset of ike_condition_t */ + HA_CONDITIONS, + /** u_int32_t, bitset of ike_extension_t */ + HA_EXTENSIONS, + /** host_t*, local virtual IP */ + HA_LOCAL_VIP, + /** host_t*, remote virtual IP */ + HA_REMOTE_VIP, + /** host_t*, additional MOBIKE peer address */ + HA_ADDITIONAL_ADDR, + /** chunk_t, initiators nonce */ + HA_NONCE_I, + /** chunk_t, responders nonce */ + HA_NONCE_R, + /** chunk_t, diffie hellman shared secret */ + HA_SECRET, + /** chunk_t, SKd of old SA if rekeying */ + HA_OLD_SKD, + /** u_int16_t, pseudo random function */ + HA_ALG_PRF, + /** u_int16_t, old pseudo random function if rekeying */ + HA_ALG_OLD_PRF, + /** u_int16_t, encryption algorithm */ + HA_ALG_ENCR, + /** u_int16_t, encryption key size in bytes */ + HA_ALG_ENCR_LEN, + /** u_int16_t, integrity protection algorithm */ + HA_ALG_INTEG, + /** u_int8_t, IPsec mode, TUNNEL|TRANSPORT|... */ + HA_IPSEC_MODE, + /** u_int8_t, IPComp protocol */ + HA_IPCOMP, + /** u_int32_t, inbound security parameter index */ + HA_INBOUND_SPI, + /** u_int32_t, outbound security parameter index */ + HA_OUTBOUND_SPI, + /** u_int16_t, inbound security parameter index */ + HA_INBOUND_CPI, + /** u_int16_t, outbound security parameter index */ + HA_OUTBOUND_CPI, + /** traffic_selector_t*, local traffic selector */ + HA_LOCAL_TS, + /** traffic_selector_t*, remote traffic selector */ + HA_REMOTE_TS, + /** u_int32_t, initiating message ID */ + HA_INITIATE_MID, + /** u_int32_t, responding message ID */ + HA_RESPOND_MID, + /** u_int16_t, HA segment */ + HA_SEGMENT, +}; + +/** + * Union to enumerate typed attributes in a message + */ +union ha_message_value_t { + u_int8_t u8; + u_int16_t u16; + u_int32_t u32; + char *str; + chunk_t chunk; + ike_sa_id_t *ike_sa_id; + identification_t *id; + host_t *host; + traffic_selector_t *ts; +}; + +/** + * Abstracted message passed between nodes in a HA cluster. + */ +struct ha_message_t { + + /** + * Get the type of the message. + * + * @return message type + */ + ha_message_type_t (*get_type)(ha_message_t *this); + + /** + * Add an attribute to a message. + * + * @param attribute attribute type to add + * @param ... attribute specific data + */ + void (*add_attribute)(ha_message_t *this, + ha_message_attribute_t attribute, ...); + + /** + * Create an enumerator over all attributes in a message. + * + * @return enumerator over attribute, ha_message_value_t + */ + enumerator_t* (*create_attribute_enumerator)(ha_message_t *this); + + /** + * Get the message in a encoded form. + * + * @return chunk pointing to internal data + */ + chunk_t (*get_encoding)(ha_message_t *this); + + /** + * Destroy a ha_message_t. + */ + void (*destroy)(ha_message_t *this); +}; + +/** + * Create a new ha_message instance, ready for adding attributes + * + * @param version protocol version to create a message from + * @param type type of the message + */ +ha_message_t *ha_message_create(ha_message_type_t type); + +/** + * Create a ha_message from encoded data. + * + * @param data encoded message data + */ +ha_message_t *ha_message_parse(chunk_t data); + +#endif /* HA_MESSAGE_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c new file mode 100644 index 000000000..ea255c8ab --- /dev/null +++ b/src/libcharon/plugins/ha/ha_plugin.c @@ -0,0 +1,163 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_plugin.h" +#include "ha_ike.h" +#include "ha_child.h" +#include "ha_socket.h" +#include "ha_tunnel.h" +#include "ha_dispatcher.h" +#include "ha_segments.h" +#include "ha_ctl.h" + +#include <daemon.h> +#include <config/child_cfg.h> + +typedef struct private_ha_plugin_t private_ha_plugin_t; + +/** + * private data of ha plugin + */ +struct private_ha_plugin_t { + + /** + * implements plugin interface + */ + ha_plugin_t public; + + /** + * Communication socket + */ + ha_socket_t *socket; + + /** + * Tunnel securing sync messages. + */ + ha_tunnel_t *tunnel; + + /** + * IKE_SA synchronization + */ + ha_ike_t *ike; + + /** + * CHILD_SA synchronization + */ + ha_child_t *child; + + /** + * Dispatcher to process incoming messages + */ + ha_dispatcher_t *dispatcher; + + /** + * Active/Passive segment management + */ + ha_segments_t *segments; + + /** + * Interface to control segments at kernel level + */ + ha_kernel_t *kernel; + + /** + * Segment control interface via FIFO + */ + ha_ctl_t *ctl; +}; + +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_ha_plugin_t *this) +{ + DESTROY_IF(this->ctl); + charon->bus->remove_listener(charon->bus, &this->segments->listener); + charon->bus->remove_listener(charon->bus, &this->ike->listener); + charon->bus->remove_listener(charon->bus, &this->child->listener); + this->ike->destroy(this->ike); + this->child->destroy(this->child); + this->dispatcher->destroy(this->dispatcher); + this->segments->destroy(this->segments); + this->kernel->destroy(this->kernel); + this->socket->destroy(this->socket); + DESTROY_IF(this->tunnel); + free(this); +} + +/** + * Plugin constructor + */ +plugin_t *ha_plugin_create() +{ + private_ha_plugin_t *this; + char *local, *remote, *secret; + u_int count; + bool fifo, monitor, resync; + + local = lib->settings->get_str(lib->settings, + "charon.plugins.ha.local", NULL); + remote = lib->settings->get_str(lib->settings, + "charon.plugins.ha.remote", NULL); + secret = lib->settings->get_str(lib->settings, + "charon.plugins.ha.secret", NULL); + fifo = lib->settings->get_bool(lib->settings, + "charon.plugins.ha.fifo_interface", TRUE); + monitor = lib->settings->get_bool(lib->settings, + "charon.plugins.ha.monitor", TRUE); + resync = lib->settings->get_bool(lib->settings, + "charon.plugins.ha.resync", TRUE); + count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings, + "charon.plugins.ha.segment_count", 1)); + if (!local || !remote) + { + DBG1(DBG_CFG, "HA config misses local/remote address"); + return NULL; + } + + this = malloc_thing(private_ha_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + this->tunnel = NULL; + this->ctl = NULL; + + if (secret) + { + this->tunnel = ha_tunnel_create(local, remote, secret); + } + this->socket = ha_socket_create(local, remote); + if (!this->socket) + { + DESTROY_IF(this->tunnel); + free(this); + return NULL; + } + this->kernel = ha_kernel_create(count); + this->segments = ha_segments_create(this->socket, this->kernel, this->tunnel, + count, strcmp(local, remote) > 0, monitor, resync); + if (fifo) + { + this->ctl = ha_ctl_create(this->segments); + } + this->dispatcher = ha_dispatcher_create(this->socket, this->segments); + this->ike = ha_ike_create(this->socket, this->tunnel); + this->child = ha_child_create(this->socket, this->tunnel); + charon->bus->add_listener(charon->bus, &this->segments->listener); + charon->bus->add_listener(charon->bus, &this->ike->listener); + charon->bus->add_listener(charon->bus, &this->child->listener); + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/ha/ha_plugin.h b/src/libcharon/plugins/ha/ha_plugin.h new file mode 100644 index 000000000..1ae2fe6dd --- /dev/null +++ b/src/libcharon/plugins/ha/ha_plugin.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha ha + * @ingroup cplugins + * + * @defgroup ha_plugin ha_plugin + * @{ @ingroup ha + */ + +#ifndef HA_PLUGIN_H_ +#define HA_PLUGIN_H_ + +#include <plugins/plugin.h> + +/** + * UDP port we use for communication + */ +#define HA_PORT 4510 + +typedef struct ha_plugin_t ha_plugin_t; + +/** + * Plugin to synchronize state in a high availability cluster. + */ +struct ha_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /* HA_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c new file mode 100644 index 000000000..2199671fc --- /dev/null +++ b/src/libcharon/plugins/ha/ha_segments.c @@ -0,0 +1,503 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_segments.h" + +#include <pthread.h> + +#include <threading/mutex.h> +#include <threading/condvar.h> +#include <utils/linked_list.h> +#include <processing/jobs/callback_job.h> + +#define HEARTBEAT_DELAY 1000 +#define HEARTBEAT_TIMEOUT 2100 + +typedef struct private_ha_segments_t private_ha_segments_t; + +/** + * Private data of an ha_segments_t object. + */ +struct private_ha_segments_t { + + /** + * Public ha_segments_t interface. + */ + ha_segments_t public; + + /** + * communication socket + */ + ha_socket_t *socket; + + /** + * Sync tunnel, if any + */ + ha_tunnel_t *tunnel; + + /** + * Interface to control segments at kernel level + */ + ha_kernel_t *kernel; + + /** + * Mutex to lock segment manipulation + */ + mutex_t *mutex; + + /** + * Condvar to wait for heartbeats + */ + condvar_t *condvar; + + /** + * Job checking for heartbeats + */ + callback_job_t *job; + + /** + * Total number of ClusterIP segments + */ + u_int count; + + /** + * mask of active segments + */ + segment_mask_t active; + + /** + * Node number + */ + u_int node; +}; + +/** + * Log currently active segments + */ +static void log_segments(private_ha_segments_t *this, bool activated, + u_int segment) +{ + char buf[64] = "none", *pos = buf; + int i; + bool first = TRUE; + + for (i = 1; i <= this->count; i++) + { + if (this->active & SEGMENTS_BIT(i)) + { + if (first) + { + first = FALSE; + } + else + { + pos += snprintf(pos, buf + sizeof(buf) - pos, ","); + } + pos += snprintf(pos, buf + sizeof(buf) - pos, "%d", i); + } + } + DBG1(DBG_CFG, "HA segment %d %sactivated, now active: %s", + segment, activated ? "" : "de", buf); +} + +/** + * Enable/Disable a specific segment + */ +static void enable_disable(private_ha_segments_t *this, u_int segment, + bool enable, bool notify) +{ + ike_sa_t *ike_sa; + enumerator_t *enumerator; + ike_sa_state_t old, new; + ha_message_t *message = NULL; + ha_message_type_t type; + bool changes = FALSE; + + if (segment > this->count) + { + return; + } + + if (enable) + { + old = IKE_PASSIVE; + new = IKE_ESTABLISHED; + type = HA_SEGMENT_TAKE; + if (!(this->active & SEGMENTS_BIT(segment))) + { + this->active |= SEGMENTS_BIT(segment); + this->kernel->activate(this->kernel, segment); + changes = TRUE; + } + } + else + { + old = IKE_ESTABLISHED; + new = IKE_PASSIVE; + type = HA_SEGMENT_DROP; + if (this->active & SEGMENTS_BIT(segment)) + { + this->active &= ~SEGMENTS_BIT(segment); + this->kernel->deactivate(this->kernel, segment); + changes = TRUE; + } + } + + if (changes) + { + enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager); + while (enumerator->enumerate(enumerator, &ike_sa)) + { + if (ike_sa->get_state(ike_sa) != old) + { + continue; + } + if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) + { + continue; + } + if (this->kernel->in_segment(this->kernel, + ike_sa->get_other_host(ike_sa), segment)) + { + ike_sa->set_state(ike_sa, new); + } + } + enumerator->destroy(enumerator); + log_segments(this, enable, segment); + } + + if (notify) + { + message = ha_message_create(type); + message->add_attribute(message, HA_SEGMENT, segment); + this->socket->push(this->socket, message); + } +} + +/** + * Enable/Disable all or a specific segment, do locking + */ +static void enable_disable_all(private_ha_segments_t *this, u_int segment, + bool enable, bool notify) +{ + int i; + + this->mutex->lock(this->mutex); + if (segment == 0) + { + for (i = 1; i <= this->count; i++) + { + enable_disable(this, i, enable, notify); + } + } + else + { + enable_disable(this, segment, enable, notify); + } + this->mutex->unlock(this->mutex); +} + +/** + * Implementation of ha_segments_t.activate + */ +static void activate(private_ha_segments_t *this, u_int segment, bool notify) +{ + enable_disable_all(this, segment, TRUE, notify); +} + +/** + * Implementation of ha_segments_t.deactivate + */ +static void deactivate(private_ha_segments_t *this, u_int segment, bool notify) +{ + enable_disable_all(this, segment, FALSE, notify); +} + +/** + * Rekey all children of an IKE_SA + */ +static status_t rekey_children(ike_sa_t *ike_sa) +{ + iterator_t *iterator; + child_sa_t *child_sa; + status_t status = SUCCESS; + + iterator = ike_sa->create_child_sa_iterator(ike_sa); + while (iterator->iterate(iterator, (void**)&child_sa)) + { + DBG1(DBG_CFG, "resyncing CHILD_SA"); + status = ike_sa->rekey_child_sa(ike_sa, child_sa->get_protocol(child_sa), + child_sa->get_spi(child_sa, TRUE)); + if (status == DESTROY_ME) + { + break; + } + } + iterator->destroy(iterator); + return status; +} + +/** + * Implementation of ha_segments_t.resync + */ +static void resync(private_ha_segments_t *this, u_int segment) +{ + ike_sa_t *ike_sa; + enumerator_t *enumerator; + linked_list_t *list; + ike_sa_id_t *id; + + list = linked_list_create(); + this->mutex->lock(this->mutex); + + if (segment > 0 && segment <= this->count) + { + DBG1(DBG_CFG, "resyncing HA segment %d", segment); + + /* we do the actual rekeying in a seperate loop to avoid rekeying + * an SA twice. */ + enumerator = charon->ike_sa_manager->create_enumerator( + charon->ike_sa_manager); + while (enumerator->enumerate(enumerator, &ike_sa)) + { + if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED && + this->kernel->in_segment(this->kernel, + ike_sa->get_other_host(ike_sa), segment)) + { + id = ike_sa->get_id(ike_sa); + list->insert_last(list, id->clone(id)); + } + } + enumerator->destroy(enumerator); + } + this->mutex->unlock(this->mutex); + + while (list->remove_last(list, (void**)&id) == SUCCESS) + { + ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, id); + id->destroy(id); + if (ike_sa) + { + DBG1(DBG_CFG, "resyncing IKE_SA"); + if (ike_sa->rekey(ike_sa) != DESTROY_ME) + { + if (rekey_children(ike_sa) != DESTROY_ME) + { + charon->ike_sa_manager->checkin( + charon->ike_sa_manager, ike_sa); + continue; + } + } + charon->ike_sa_manager->checkin_and_destroy( + charon->ike_sa_manager, ike_sa); + } + } + list->destroy(list); +} + +/** + * Implementation of listener_t.alert + */ +static bool alert_hook(private_ha_segments_t *this, ike_sa_t *ike_sa, + alert_t alert, va_list args) +{ + if (alert == ALERT_SHUTDOWN_SIGNAL) + { + deactivate(this, 0, TRUE); + } + return TRUE; +} + +/** + * Request a resync of all segments + */ +static job_requeue_t request_resync(private_ha_segments_t *this) +{ + ha_message_t *message; + int i; + + message = ha_message_create(HA_RESYNC); + for (i = 1; i <= this->count; i++) + { + message->add_attribute(message, HA_SEGMENT, i); + } + this->socket->push(this->socket, message); + return JOB_REQUEUE_NONE; +} + +/** + * Monitor heartbeat activity of remote node + */ +static job_requeue_t watchdog(private_ha_segments_t *this) +{ + int oldstate; + bool timeout; + + this->mutex->lock(this->mutex); + pthread_cleanup_push((void*)this->mutex->unlock, this->mutex); + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + timeout = this->condvar->timed_wait(this->condvar, this->mutex, + HEARTBEAT_TIMEOUT); + pthread_setcancelstate(oldstate, NULL); + pthread_cleanup_pop(TRUE); + if (timeout) + { + DBG1(DBG_CFG, "no heartbeat received, taking all segments"); + activate(this, 0, TRUE); + /* disable heartbeat detection util we get one */ + this->job = NULL; + return JOB_REQUEUE_NONE; + } + return JOB_REQUEUE_DIRECT; +} + +/** + * Start the heartbeat detection thread + */ +static void start_watchdog(private_ha_segments_t *this) +{ + this->job = callback_job_create((callback_job_cb_t)watchdog, + this, NULL, NULL); + charon->processor->queue_job(charon->processor, (job_t*)this->job); +} + +/** + * Implementation of ha_segments_t.handle_status + */ +static void handle_status(private_ha_segments_t *this, segment_mask_t mask) +{ + segment_mask_t missing; + int i; + + this->mutex->lock(this->mutex); + + missing = ~(this->active | mask); + + for (i = 1; i <= this->count; i++) + { + if (missing & SEGMENTS_BIT(i)) + { + if (this->node == i % 2) + { + DBG1(DBG_CFG, "HA segment %d was not handled, taking", i); + enable_disable(this, i, TRUE, TRUE); + } + else + { + DBG1(DBG_CFG, "HA segment %d was not handled, dropping", i); + enable_disable(this, i, FALSE, TRUE); + } + } + } + + this->mutex->unlock(this->mutex); + this->condvar->signal(this->condvar); + + if (!this->job) + { + DBG1(DBG_CFG, "received heartbeat, reenabling watchdog"); + start_watchdog(this); + } +} + +/** + * Send a status message with our active segments + */ +static job_requeue_t send_status(private_ha_segments_t *this) +{ + ha_message_t *message; + int i; + + message = ha_message_create(HA_STATUS); + + for (i = 1; i <= this->count; i++) + { + if (this->active & SEGMENTS_BIT(i)) + { + message->add_attribute(message, HA_SEGMENT, i); + } + } + + this->socket->push(this->socket, message); + + /* schedule next invocation */ + charon->scheduler->schedule_job_ms(charon->scheduler, (job_t*) + callback_job_create((callback_job_cb_t) + send_status, this, NULL, NULL), + HEARTBEAT_DELAY); + + return JOB_REQUEUE_NONE; +} + +/** + * Implementation of ha_segments_t.destroy. + */ +static void destroy(private_ha_segments_t *this) +{ + if (this->job) + { + this->job->cancel(this->job); + } + this->mutex->destroy(this->mutex); + this->condvar->destroy(this->condvar); + free(this); +} + +/** + * See header + */ +ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel, + ha_tunnel_t *tunnel, u_int count, u_int node, + bool monitor, bool sync) +{ + private_ha_segments_t *this = malloc_thing(private_ha_segments_t); + + memset(&this->public.listener, 0, sizeof(listener_t)); + this->public.listener.alert = (bool(*)(listener_t*, ike_sa_t *, alert_t, va_list))alert_hook; + this->public.activate = (void(*)(ha_segments_t*, u_int segment,bool))activate; + this->public.deactivate = (void(*)(ha_segments_t*, u_int segment,bool))deactivate; + this->public.resync = (void(*)(ha_segments_t*, u_int segment))resync; + this->public.handle_status = (void(*)(ha_segments_t*, segment_mask_t mask))handle_status; + this->public.destroy = (void(*)(ha_segments_t*))destroy; + + this->socket = socket; + this->tunnel = tunnel; + this->kernel = kernel; + this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + this->count = count; + this->node = node; + this->job = NULL; + + /* initially all segments are deactivated */ + this->active = 0; + + if (monitor) + { + send_status(this); + start_watchdog(this); + } + + if (sync) + { + /* request a resync as soon as we are up */ + charon->processor->queue_job(charon->processor, (job_t*) + callback_job_create((callback_job_cb_t)request_resync, + this, NULL, NULL)); + } + + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h new file mode 100644 index 000000000..6d1cd5441 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_segments.h @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_segments ha_segments + * @{ @ingroup ha + */ + +#ifndef HA_SEGMENTS_H_ +#define HA_SEGMENTS_H_ + +#include <daemon.h> + +typedef struct ha_segments_t ha_segments_t; + +typedef u_int16_t segment_mask_t; + +/** + * maximum number of segments + */ +#define SEGMENTS_MAX (sizeof(segment_mask_t)*8) + +/** + * Get the bit in the mask of a segment + */ +#define SEGMENTS_BIT(segment) (0x01 << (segment - 1)) + +#include "ha_socket.h" +#include "ha_tunnel.h" +#include "ha_kernel.h" + +/** + * Segmentation of peers into active and passive. + */ +struct ha_segments_t { + + /** + * Implements listener interface to catch daemon shutdown. + */ + listener_t listener; + + /** + * Activate a set of IKE_SAs identified by a segment. + * + * @param segment numerical segment to takeover, 0 for all + * @param notify wheter to notify other nodes about activation + */ + void (*activate)(ha_segments_t *this, u_int segment, bool notify); + + /** + * Deactivate a set of IKE_SAs identified by a segment. + * + * @param segment numerical segment to takeover, 0 for all + * @param notify wheter to notify other nodes about deactivation + */ + void (*deactivate)(ha_segments_t *this, u_int segment, bool notify); + + /** + * Resync an active segment. + * + * To reintegrade a node into the cluster, resynchronization is reqired. + * IKE_SAs and CHILD_SAs are synced automatically during rekeying. A call + * to this method enforces a rekeying immediately sync all state of a + * segment. + * + * @param segment segment to resync + */ + void (*resync)(ha_segments_t *this, u_int segment); + + /** + * Handle a status message from the remote node. + * + * @param mask segments the remote node is serving actively + */ + void (*handle_status)(ha_segments_t *this, segment_mask_t mask); + + /** + * Destroy a ha_segments_t. + */ + void (*destroy)(ha_segments_t *this); +}; + +/** + * Create a ha_segments instance. + * + * @param socket socket to communicate segment (de-)activation + * @param kernel interface to control segments at kernel level + * @param tunnel HA tunnel + * @param count number of segments the cluster uses + * @param node node, currently 1 or 0 + * @param monitor should we use monitoring functionality + * @param resync request a complete resync on startup + * @return segment object + */ +ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel, + ha_tunnel_t *tunnel, u_int count, u_int node, + bool monitor, bool resync); + +#endif /* HA_SEGMENTS_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_socket.c b/src/libcharon/plugins/ha/ha_socket.c new file mode 100644 index 000000000..b84b02868 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_socket.c @@ -0,0 +1,234 @@ +/* + * Copyright (C) 2008-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_socket.h" +#include "ha_plugin.h" + +#include <sys/types.h> +#include <sys/socket.h> +#include <errno.h> +#include <unistd.h> +#include <pthread.h> + +#include <daemon.h> +#include <utils/host.h> +#include <processing/jobs/callback_job.h> + +typedef struct private_ha_socket_t private_ha_socket_t; + +/** + * Private data of an ha_socket_t object. + */ +struct private_ha_socket_t { + + /** + * Public ha_socket_t interface. + */ + ha_socket_t public; + + /** + * UDP communication socket fd + */ + int fd; + + /** + * local host to receive/send from + */ + host_t *local; + + /** + * remote host to receive/send to + */ + host_t *remote; +}; + +/** + * Data to pass to the send_message() callback job + */ +typedef struct { + ha_message_t *message; + private_ha_socket_t *this; +} job_data_t; + +/** + * Cleanup job data + */ +static void job_data_destroy(job_data_t *this) +{ + this->message->destroy(this->message); + free(this); +} + +/** + * Callback to asynchronously send messages + */ +static job_requeue_t send_message(job_data_t *data) +{ + private_ha_socket_t *this; + chunk_t chunk; + + this = data->this; + chunk = data->message->get_encoding(data->message); + if (send(this->fd, chunk.ptr, chunk.len, 0) < chunk.len) + { + DBG1(DBG_CFG, "pushing HA message failed: %s", strerror(errno)); + } + return JOB_REQUEUE_NONE; +} + +/** + * Implementation of ha_socket_t.push + */ +static void push(private_ha_socket_t *this, ha_message_t *message) +{ + chunk_t chunk; + + /* Try to send synchronously, but non-blocking. */ + chunk = message->get_encoding(message); + if (send(this->fd, chunk.ptr, chunk.len, MSG_DONTWAIT) < chunk.len) + { + if (errno == EAGAIN) + { + callback_job_t *job; + job_data_t *data; + + /* Fallback to asynchronous transmission. This is required, as sendto() + * is a blocking call if it acquires a policy. We could end up in a + * deadlock, as we own an IKE_SA. */ + data = malloc_thing(job_data_t); + data->message = message; + data->this = this; + + job = callback_job_create((callback_job_cb_t)send_message, + data, (void*)job_data_destroy, NULL); + charon->processor->queue_job(charon->processor, (job_t*)job); + return; + } + DBG1(DBG_CFG, "pushing HA message failed: %s", strerror(errno)); + } + message->destroy(message); +} + +/** + * Implementation of ha_socket_t.pull + */ +static ha_message_t *pull(private_ha_socket_t *this) +{ + while (TRUE) + { + ha_message_t *message; + char buf[1024]; + int oldstate; + ssize_t len; + + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, &oldstate); + len = recv(this->fd, buf, sizeof(buf), 0); + pthread_setcancelstate(oldstate, NULL); + if (len <= 0) + { + switch (errno) + { + case ECONNREFUSED: + case EINTR: + continue; + default: + DBG1(DBG_CFG, "pulling HA message failed: %s", + strerror(errno)); + sleep(1); + } + } + message = ha_message_parse(chunk_create(buf, len)); + if (message) + { + return message; + } + } +} + +/** + * Open and connect the HA socket + */ +static bool open_socket(private_ha_socket_t *this) +{ + this->fd = socket(this->local->get_family(this->local), SOCK_DGRAM, 0); + if (this->fd == -1) + { + DBG1(DBG_CFG, "opening HA socket failed: %s", strerror(errno)); + return FALSE; + } + + if (bind(this->fd, this->local->get_sockaddr(this->local), + *this->local->get_sockaddr_len(this->local)) == -1) + { + DBG1(DBG_CFG, "binding HA socket failed: %s", strerror(errno)); + close(this->fd); + this->fd = -1; + return FALSE; + } + if (connect(this->fd, this->remote->get_sockaddr(this->remote), + *this->remote->get_sockaddr_len(this->remote)) == -1) + { + DBG1(DBG_CFG, "connecting HA socket failed: %s", strerror(errno)); + close(this->fd); + this->fd = -1; + return FALSE; + } + + return TRUE; +} + +/** + * Implementation of ha_socket_t.destroy. + */ +static void destroy(private_ha_socket_t *this) +{ + if (this->fd != -1) + { + close(this->fd); + } + DESTROY_IF(this->local); + DESTROY_IF(this->remote); + free(this); +} + +/** + * See header + */ +ha_socket_t *ha_socket_create(char *local, char *remote) +{ + private_ha_socket_t *this = malloc_thing(private_ha_socket_t); + + this->public.push = (void(*)(ha_socket_t*, ha_message_t*))push; + this->public.pull = (ha_message_t*(*)(ha_socket_t*))pull; + this->public.destroy = (void(*)(ha_socket_t*))destroy; + + this->local = host_create_from_dns(local, 0, HA_PORT); + this->remote = host_create_from_dns(remote, 0, HA_PORT); + this->fd = -1; + + if (!this->local || !this->remote) + { + DBG1(DBG_CFG, "invalid local/remote HA address"); + destroy(this); + return NULL; + } + if (!open_socket(this)) + { + destroy(this); + return NULL; + } + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_socket.h b/src/libcharon/plugins/ha/ha_socket.h new file mode 100644 index 000000000..8d398e22b --- /dev/null +++ b/src/libcharon/plugins/ha/ha_socket.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_socket ha_socket + * @{ @ingroup ha + */ + +#ifndef HA_SOCKET_H_ +#define HA_SOCKET_H_ + +#include "ha_message.h" + +#include <sa/ike_sa.h> + +typedef struct ha_socket_t ha_socket_t; + +/** + * Socket to send/received SA synchronization data + */ +struct ha_socket_t { + + /** + * Push synchronization information to the responsible node. + * + * @param message message to send, gets destroyed by push() + */ + void (*push)(ha_socket_t *this, ha_message_t *message); + + /** + * Pull synchronization information from a peer we are responsible. + * + * @return received message + */ + ha_message_t *(*pull)(ha_socket_t *this); + + /** + * Destroy a ha_socket_t. + */ + void (*destroy)(ha_socket_t *this); +}; + +/** + * Create a ha_socket instance. + */ +ha_socket_t *ha_socket_create(char *local, char *remote); + +#endif /* HA_SOCKET_ @}*/ diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c new file mode 100644 index 000000000..b3511e5f0 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -0,0 +1,298 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ha_tunnel.h" +#include "ha_plugin.h" + +#include <daemon.h> +#include <utils/identification.h> +#include <processing/jobs/callback_job.h> + +typedef struct private_ha_tunnel_t private_ha_tunnel_t; +typedef struct ha_backend_t ha_backend_t; +typedef struct ha_creds_t ha_creds_t; + +/** + * Serves credentials for the HA SA + */ +struct ha_creds_t { + + /** + * Implements credential_set_t + */ + credential_set_t public; + + /** + * own identity + */ + identification_t *local; + + /** + * peer identity + */ + identification_t *remote; + + /** + * Shared key to serve + */ + shared_key_t *key; +}; + +/** + * Serves configurations for the HA SA + */ +struct ha_backend_t { + + /** + * Implements backend_t + */ + backend_t public; + + /** + * peer config we serve + */ + peer_cfg_t *cfg; +}; + +/** + * Private data of an ha_tunnel_t object. + */ +struct private_ha_tunnel_t { + + /** + * Public ha_tunnel_t interface. + */ + ha_tunnel_t public; + + /** + * Reqid of installed trap + */ + u_int32_t trap; + + /** + * backend for HA SA + */ + ha_backend_t backend; + + /** + * credential set for HA SA + */ + ha_creds_t creds; +}; + +/** + * Implementation of ha_tunnel_t.is_sa + */ +static bool is_sa(private_ha_tunnel_t *this, ike_sa_t *ike_sa) +{ + peer_cfg_t *cfg = this->backend.cfg; + + return cfg && ike_sa->get_ike_cfg(ike_sa) == cfg->get_ike_cfg(cfg); +} + +/** + * Enumerator over HA shared_key + */ +typedef struct { + /** Implements enumerator_t */ + enumerator_t public; + /** a single secret we serve */ + shared_key_t *key; +} shared_enum_t; + +/** + * Implementation of shared_enum_t.enumerate + */ +static bool shared_enumerate(shared_enum_t *this, shared_key_t **key, + id_match_t *me, id_match_t *other) +{ + if (this->key) + { + if (me) + { + *me = ID_MATCH_PERFECT; + } + if (other) + { + *other = ID_MATCH_PERFECT; + } + *key = this->key; + this->key = NULL; + return TRUE; + } + return FALSE; +} + +/** + * Implements ha_creds_t.create_shared_enumerator + */ +static enumerator_t* create_shared_enumerator(ha_creds_t *this, + shared_key_type_t type, identification_t *me, + identification_t *other) +{ + shared_enum_t *enumerator; + + if (type != SHARED_IKE && type != SHARED_ANY) + { + return NULL; + } + if (me && !me->equals(me, this->local)) + { + return NULL; + } + if (other && !other->equals(other, this->remote)) + { + return NULL; + } + + enumerator = malloc_thing(shared_enum_t); + enumerator->public.enumerate = (void*)shared_enumerate; + enumerator->public.destroy = (void*)free; + enumerator->key = this->key; + + return &enumerator->public; +} + +/** + * Implementation of backend_t.create_peer_cfg_enumerator. + */ +static enumerator_t* create_peer_cfg_enumerator(ha_backend_t *this, + identification_t *me, identification_t *other) +{ + return enumerator_create_single(this->cfg, NULL); +} + +/** + * Implementation of backend_t.create_ike_cfg_enumerator. + */ +static enumerator_t* create_ike_cfg_enumerator(ha_backend_t *this, + host_t *me, host_t *other) +{ + return enumerator_create_single(this->cfg->get_ike_cfg(this->cfg), NULL); +} + +/** + * Install configs and a a trap for secured HA message exchange + */ +static void setup_tunnel(private_ha_tunnel_t *this, + char *local, char *remote, char *secret) +{ + peer_cfg_t *peer_cfg; + ike_cfg_t *ike_cfg; + auth_cfg_t *auth_cfg; + child_cfg_t *child_cfg; + traffic_selector_t *ts; + lifetime_cfg_t lifetime = { + .time = { + .life = 21600, .rekey = 20400, .jitter = 400, + }, + }; + + /* setup credentials */ + this->creds.local = identification_create_from_string(local); + this->creds.remote = identification_create_from_string(remote); + this->creds.key = shared_key_create(SHARED_IKE, + chunk_clone(chunk_create(secret, strlen(secret)))); + this->creds.public.create_private_enumerator = (void*)return_null; + this->creds.public.create_cert_enumerator = (void*)return_null; + this->creds.public.create_shared_enumerator = (void*)create_shared_enumerator; + this->creds.public.create_cdp_enumerator = (void*)return_null; + this->creds.public.cache_cert = (void*)nop; + + charon->credentials->add_set(charon->credentials, &this->creds.public); + + /* create config and backend */ + ike_cfg = ike_cfg_create(FALSE, FALSE, local, IKEV2_UDP_PORT, + remote, IKEV2_UDP_PORT); + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + peer_cfg = peer_cfg_create("ha", 2, ike_cfg, CERT_NEVER_SEND, + UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30, + NULL, NULL, FALSE, NULL, NULL); + + auth_cfg = auth_cfg_create(); + auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); + auth_cfg->add(auth_cfg, AUTH_RULE_IDENTITY, + identification_create_from_string(local)); + peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, TRUE); + + auth_cfg = auth_cfg_create(); + auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); + auth_cfg->add(auth_cfg, AUTH_RULE_IDENTITY, + identification_create_from_string(remote)); + peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE); + + child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, + MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE, 0); + ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); + child_cfg->add_traffic_selector(child_cfg, TRUE, ts); + ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); + child_cfg->add_traffic_selector(child_cfg, TRUE, ts); + ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); + child_cfg->add_traffic_selector(child_cfg, FALSE, ts); + ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); + child_cfg->add_traffic_selector(child_cfg, FALSE, ts); + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + peer_cfg->add_child_cfg(peer_cfg, child_cfg); + + this->backend.cfg = peer_cfg; + this->backend.public.create_peer_cfg_enumerator = (void*)create_peer_cfg_enumerator; + this->backend.public.create_ike_cfg_enumerator = (void*)create_ike_cfg_enumerator; + this->backend.public.get_peer_cfg_by_name = (void*)return_null; + + charon->backends->add_backend(charon->backends, &this->backend.public); + + /* install an acquiring trap */ + this->trap = charon->traps->install(charon->traps, peer_cfg, child_cfg); +} + +/** + * Implementation of ha_tunnel_t.destroy. + */ +static void destroy(private_ha_tunnel_t *this) +{ + if (this->backend.cfg) + { + charon->backends->remove_backend(charon->backends, &this->backend.public); + this->backend.cfg->destroy(this->backend.cfg); + } + if (this->creds.key) + { + charon->credentials->remove_set(charon->credentials, &this->creds.public); + this->creds.key->destroy(this->creds.key); + } + this->creds.local->destroy(this->creds.local); + this->creds.remote->destroy(this->creds.remote); + if (this->trap) + { + charon->traps->uninstall(charon->traps, this->trap); + } + free(this); +} + +/** + * See header + */ +ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret) +{ + private_ha_tunnel_t *this = malloc_thing(private_ha_tunnel_t); + + this->public.is_sa = (bool(*)(ha_tunnel_t*, ike_sa_t *ike_sa))is_sa; + this->public.destroy = (void(*)(ha_tunnel_t*))destroy; + + setup_tunnel(this, local, remote, secret); + + return &this->public; +} + diff --git a/src/libcharon/plugins/ha/ha_tunnel.h b/src/libcharon/plugins/ha/ha_tunnel.h new file mode 100644 index 000000000..085fb6122 --- /dev/null +++ b/src/libcharon/plugins/ha/ha_tunnel.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ha_ ha_tunnel + * @{ @ingroup ha + */ + +#ifndef HA_TUNNEL_H_ +#define HA_TUNNEL_H_ + +#include <sa/ike_sa.h> + +typedef struct ha_tunnel_t ha_tunnel_t; + +/** + * Socket to send/received SA synchronization data + */ +struct ha_tunnel_t { + + /** + * Check if an IKE_SA is used for exchanging HA messages. + * + * @param ike_Sa ike_sa to check + * @return TRUE if IKE_SA is used to secure HA messages + */ + bool (*is_sa)(ha_tunnel_t *this, ike_sa_t *ike_sa); + + /** + * Destroy a ha_tunnel_t. + */ + void (*destroy)(ha_tunnel_t *this); +}; + +/** + * Create a ha_tunnel instance. + * + * @param local local address of HA tunnel + * @param remote remote address of HA tunnel + * @param secret PSK tunnel authentication secret + * @return HA tunnel instance + */ +ha_tunnel_t *ha_tunnel_create(char *local, char *remote, char *secret); + +#endif /* HA_TUNNEL_H_ @}*/ diff --git a/src/libcharon/plugins/kernel_klips/Makefile.am b/src/libcharon/plugins/kernel_klips/Makefile.am new file mode 100644 index 000000000..540bbe106 --- /dev/null +++ b/src/libcharon/plugins/kernel_klips/Makefile.am @@ -0,0 +1,17 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-kernel-klips.la +else +plugin_LTLIBRARIES = libstrongswan-kernel-klips.la +endif + +libstrongswan_kernel_klips_la_SOURCES = \ + kernel_klips_plugin.h kernel_klips_plugin.c \ + kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h + +libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/kernel_klips/Makefile.in b/src/libcharon/plugins/kernel_klips/Makefile.in index bf194ae16..f0d112a0f 100644 --- a/src/charon/plugins/kernel_klips/Makefile.in +++ b/src/libcharon/plugins/kernel_klips/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/kernel_klips +subdir = src/libcharon/plugins/kernel_klips DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_kernel_klips_la_LIBADD = am_libstrongswan_kernel_klips_la_OBJECTS = kernel_klips_plugin.lo \ kernel_klips_ipsec.lo @@ -82,6 +82,9 @@ libstrongswan_kernel_klips_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_kernel_klips_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_kernel_klips_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_kernel_klips_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-kernel-klips.la -libstrongswan_kernel_klips_la_SOURCES = kernel_klips_plugin.h kernel_klips_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-klips.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-klips.la +libstrongswan_kernel_klips_la_SOURCES = \ + kernel_klips_plugin.h kernel_klips_plugin.c \ kernel_klips_ipsec.h kernel_klips_ipsec.c pfkeyv2.h libstrongswan_kernel_klips_la_LDFLAGS = -module -avoid-version @@ -274,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_klips/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/kernel_klips/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_klips/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -295,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-kernel-klips.la: $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_DEPENDENCIES) - $(libstrongswan_kernel_klips_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_LIBADD) $(LIBS) + $(libstrongswan_kernel_klips_la_LINK) $(am_libstrongswan_kernel_klips_la_rpath) $(libstrongswan_kernel_klips_la_OBJECTS) $(libstrongswan_kernel_klips_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +498,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c index fea1b83a1..01df4f71a 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.c @@ -1532,13 +1532,9 @@ static void schedule_expire(private_kernel_klips_ipsec_t *this, charon->scheduler->schedule_job(charon->scheduler, (job_t*)job, time); } -/** - * Implementation of kernel_interface_t.get_spi. - */ -static status_t get_spi(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, - protocol_id_t protocol, u_int32_t reqid, - u_int32_t *spi) +METHOD(kernel_ipsec_t, get_spi, status_t, + private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, + protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { /* we cannot use SADB_GETSPI because KLIPS does not allow us to set the * NAT-T type in an SADB_UPDATE which we would have to use to update the @@ -1573,12 +1569,9 @@ static status_t get_spi(private_kernel_klips_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.get_cpi. - */ -static status_t get_cpi(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) +METHOD(kernel_ipsec_t, get_cpi, status_t, + private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t reqid, u_int16_t *cpi) { return FAILED; } @@ -1695,18 +1688,12 @@ static status_t group_ipip_sa(private_kernel_klips_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.add_sa. - */ -static status_t add_sa(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, - lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts) +METHOD(kernel_ipsec_t, add_sa, status_t, + private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, + protocol_id_t protocol, u_int32_t reqid, lifetime_cfg_t *lifetime, + u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, + ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, + bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1859,14 +1846,10 @@ static status_t add_sa(private_kernel_klips_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.update_sa. - */ -static status_t update_sa(private_kernel_klips_ipsec_t *this, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, - host_t *new_src, host_t *new_dst, - bool encap, bool new_encap) +METHOD(kernel_ipsec_t, update_sa, status_t, + private_kernel_klips_ipsec_t *this, u_int32_t spi, protocol_id_t protocol, + u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, + bool encap, bool new_encap) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1935,22 +1918,16 @@ static status_t update_sa(private_kernel_klips_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.query_sa. - */ -static status_t query_sa(private_kernel_klips_ipsec_t *this, host_t *src, - host_t *dst, u_int32_t spi, protocol_id_t protocol, - u_int64_t *bytes) +METHOD(kernel_ipsec_t, query_sa, status_t, + private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes) { return NOT_SUPPORTED; /* TODO */ } -/** - * Implementation of kernel_interface_t.del_sa. - */ -static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, - host_t *dst, u_int32_t spi, protocol_id_t protocol, - u_int16_t cpi) +METHOD(kernel_ipsec_t, del_sa, status_t, + private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int16_t cpi) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2011,17 +1988,12 @@ static status_t del_sa(private_kernel_klips_ipsec_t *this, host_t *src, return SUCCESS; } -/** - * Implementation of kernel_interface_t.add_policy. - */ -static status_t add_policy(private_kernel_klips_ipsec_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool routed) +METHOD(kernel_ipsec_t, add_policy, status_t, + private_kernel_klips_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, + u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, + bool routed) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2236,13 +2208,9 @@ static status_t add_policy(private_kernel_klips_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.query_policy. - */ -static status_t query_policy(private_kernel_klips_ipsec_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t *use_time) +METHOD(kernel_ipsec_t, query_policy, status_t, + private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { #define IDLE_PREFIX "idle=" static const char *path_eroute = "/proc/net/ipsec_eroute"; @@ -2395,13 +2363,9 @@ static status_t query_policy(private_kernel_klips_ipsec_t *this, return status; } -/** - * Implementation of kernel_interface_t.del_policy. - */ -static status_t del_policy(private_kernel_klips_ipsec_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, bool unrouted) +METHOD(kernel_ipsec_t, del_policy, status_t, + private_kernel_klips_ipsec_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg = (struct sadb_msg*)request, *out; @@ -2592,14 +2556,28 @@ static status_t register_pfkey_socket(private_kernel_klips_ipsec_t *this, u_int8 return SUCCESS; } -/** - * Implementation of kernel_interface_t.destroy. - */ -static void destroy(private_kernel_klips_ipsec_t *this) +METHOD(kernel_ipsec_t, bypass_socket, bool, + private_kernel_klips_ipsec_t *this, int fd, int family) { - this->job->cancel(this->job); - close(this->socket); - close(this->socket_events); + /* KLIPS does not need a bypass policy for IKE */ + return TRUE; +} + +METHOD(kernel_ipsec_t, destroy, void, + private_kernel_klips_ipsec_t *this) +{ + if (this->job) + { + this->job->cancel(this->job); + } + if (this->socket > 0) + { + close(this->socket); + } + if (this->socket_evnets > 0) + { + close(this->socket_events); + } this->mutex_pfkey->destroy(this->mutex_pfkey); this->mutex->destroy(this->mutex); this->ipsec_devices->destroy_function(this->ipsec_devices, (void*)ipsec_dev_destroy); @@ -2614,30 +2592,31 @@ static void destroy(private_kernel_klips_ipsec_t *this) */ kernel_klips_ipsec_t *kernel_klips_ipsec_create() { - private_kernel_klips_ipsec_t *this = malloc_thing(private_kernel_klips_ipsec_t); - - /* public functions */ - this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; - this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; - this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; - this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; - this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; - this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; - this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; - this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - - this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; - - /* private members */ - this->policies = linked_list_create(); - this->allocated_spis = linked_list_create(); - this->installed_sas = linked_list_create(); - this->ipsec_devices = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT); - this->install_routes = lib->settings->get_bool(lib->settings, "charon.install_routes", TRUE); - this->seq = 0; + private_kernel_klips_ipsec_t *this; + + INIT(this, + .public.interface = { + .get_spi = _get_spi, + .get_cpi = _get_cpi, + .add_sa = _add_sa, + .update_sa = _update_sa, + .query_sa = _query_sa, + .del_sa = _del_sa, + .add_policy = _add_policy, + .query_policy = _query_policy, + .del_policy = _del_policy, + .bypass_socket = _bypass_socket, + .destroy = _destroy, + }, + .policies = linked_list_create(), + .allocated_spis = linked_list_create(), + .installed_sas = linked_list_create(), + .ipsec_devices = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT), + .install_routes = lib->settings->get_bool(lib->settings, + "charon.install_routes", TRUE), + ); /* initialize ipsec devices */ init_ipsec_devices(this); @@ -2646,21 +2625,27 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket <= 0) { - charon->kill(charon, "unable to create PF_KEY socket"); + DBG1(DBG_KNL, "unable to create PF_KEY socket"); + destroy(this); + return NULL; } /* create a PF_KEY socket for ACQUIRE & EXPIRE */ this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket_events <= 0) { - charon->kill(charon, "unable to create PF_KEY event socket"); + DBG1(DBG_KNL, "unable to create PF_KEY event socket"); + destroy(this); + return NULL; } /* register the event socket */ if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS || register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS) { - charon->kill(charon, "unable to register PF_KEY event socket"); + DBG1(DBG_KNL, "unable to register PF_KEY event socket"); + destroy(this); + return NULL; } this->job = callback_job_create((callback_job_cb_t)receive_events, @@ -2669,3 +2654,4 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() return &this->public; } + diff --git a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h index 306ec0ada..306ec0ada 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_ipsec.h +++ b/src/libcharon/plugins/kernel_klips/kernel_klips_ipsec.h diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c index b0117c10c..fa5e9eb29 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.c +++ b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_kernel_klips_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *kernel_klips_plugin_create() { private_kernel_klips_plugin_t *this = malloc_thing(private_kernel_klips_plugin_t); diff --git a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h index 123550bf5..6086217ad 100644 --- a/src/charon/plugins/kernel_klips/kernel_klips_plugin.h +++ b/src/libcharon/plugins/kernel_klips/kernel_klips_plugin.h @@ -39,9 +39,4 @@ struct kernel_klips_plugin_t { plugin_t plugin; }; -/** - * Create a kernel_klips_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** KERNEL_KLIPS_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/kernel_klips/pfkeyv2.h b/src/libcharon/plugins/kernel_klips/pfkeyv2.h index 20d1c298d..20d1c298d 100644 --- a/src/charon/plugins/kernel_klips/pfkeyv2.h +++ b/src/libcharon/plugins/kernel_klips/pfkeyv2.h diff --git a/src/charon/plugins/kernel_netlink/Makefile.am b/src/libcharon/plugins/kernel_netlink/Makefile.am index 31d9c6d5c..2bb00ec0d 100644 --- a/src/charon/plugins/kernel_netlink/Makefile.am +++ b/src/libcharon/plugins/kernel_netlink/Makefile.am @@ -1,13 +1,20 @@ -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic \ -DROUTING_TABLE=${routing_table} \ -DROUTING_TABLE_PRIO=${routing_table_prio} +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la +else plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la +endif -libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink_plugin.c \ +libstrongswan_kernel_netlink_la_SOURCES = \ + kernel_netlink_plugin.h kernel_netlink_plugin.c \ kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \ kernel_netlink_shared.h kernel_netlink_shared.c + libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in index 09be50587..8c9965467 100644 --- a/src/charon/plugins/kernel_netlink/Makefile.in +++ b/src/libcharon/plugins/kernel_netlink/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/kernel_netlink +subdir = src/libcharon/plugins/kernel_netlink DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_kernel_netlink_la_LIBADD = am_libstrongswan_kernel_netlink_la_OBJECTS = kernel_netlink_plugin.lo \ kernel_netlink_ipsec.lo kernel_netlink_net.lo \ @@ -83,6 +83,9 @@ libstrongswan_kernel_netlink_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_kernel_netlink_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_kernel_netlink_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_kernel_netlink_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -221,6 +224,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,13 +259,17 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic \ -DROUTING_TABLE=${routing_table} \ -DROUTING_TABLE_PRIO=${routing_table_prio} -plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la -libstrongswan_kernel_netlink_la_SOURCES = kernel_netlink_plugin.h kernel_netlink_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-netlink.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-netlink.la +libstrongswan_kernel_netlink_la_SOURCES = \ + kernel_netlink_plugin.h kernel_netlink_plugin.c \ kernel_netlink_ipsec.h kernel_netlink_ipsec.c kernel_netlink_net.h kernel_netlink_net.c \ kernel_netlink_shared.h kernel_netlink_shared.c @@ -279,9 +287,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/kernel_netlink/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -300,6 +308,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -332,7 +349,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-kernel-netlink.la: $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_DEPENDENCIES) - $(libstrongswan_kernel_netlink_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS) + $(libstrongswan_kernel_netlink_la_LINK) $(am_libstrongswan_kernel_netlink_la_rpath) $(libstrongswan_kernel_netlink_la_OBJECTS) $(libstrongswan_kernel_netlink_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -488,8 +505,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -560,18 +577,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 850876b9d..1b8c1b879 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -181,7 +181,7 @@ static kernel_algorithm_t encryption_algs[] = { {ENCR_AES_GCM_ICV8, "rfc4106(gcm(aes))" }, {ENCR_AES_GCM_ICV12, "rfc4106(gcm(aes))" }, {ENCR_AES_GCM_ICV16, "rfc4106(gcm(aes))" }, -/* {ENCR_NULL_AUTH_AES_GMAC, "***" }, */ + {ENCR_NULL_AUTH_AES_GMAC, "rfc4543(gcm(aes))" }, {ENCR_CAMELLIA_CBC, "cbc(camellia)" }, /* {ENCR_CAMELLIA_CTR, "***" }, */ /* {ENCR_CAMELLIA_CCM_ICV8, "***" }, */ @@ -875,13 +875,9 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.get_spi. - */ -static status_t get_spi(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, - protocol_id_t protocol, u_int32_t reqid, - u_int32_t *spi) +METHOD(kernel_ipsec_t, get_spi, status_t, + private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, + protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { DBG2(DBG_KNL, "getting SPI for reqid {%u}", reqid); @@ -897,12 +893,9 @@ static status_t get_spi(private_kernel_netlink_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.get_cpi. - */ -static status_t get_cpi(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) +METHOD(kernel_ipsec_t, get_cpi, status_t, + private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t reqid, u_int16_t *cpi) { u_int32_t received_spi = 0; @@ -922,18 +915,13 @@ static status_t get_cpi(private_kernel_netlink_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.add_sa. - */ -static status_t add_sa(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, - lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound, - traffic_selector_t* src_ts, traffic_selector_t* dst_ts) +METHOD(kernel_ipsec_t, add_sa, status_t, + private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int32_t reqid, + lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, + u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, + u_int16_t cpi, bool encap, bool inbound, traffic_selector_t* src_ts, + traffic_selector_t* dst_ts) { netlink_buf_t request; char *alg_name; @@ -1007,6 +995,7 @@ static status_t add_sa(private_kernel_netlink_ipsec_t *this, break; case ENCR_AES_CCM_ICV16: case ENCR_AES_GCM_ICV16: + case ENCR_NULL_AUTH_AES_GMAC: case ENCR_CAMELLIA_CCM_ICV16: icv_size += 32; /* FALL */ @@ -1284,12 +1273,9 @@ static status_t get_replay_state(private_kernel_netlink_ipsec_t *this, return FAILED; } -/** - * Implementation of kernel_interface_t.query_sa. - */ -static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, - host_t *dst, u_int32_t spi, protocol_id_t protocol, - u_int64_t *bytes) +METHOD(kernel_ipsec_t, query_sa, status_t, + private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes) { netlink_buf_t request; struct nlmsghdr *out = NULL, *hdr; @@ -1352,12 +1338,10 @@ static status_t query_sa(private_kernel_netlink_ipsec_t *this, host_t *src, free(out); return SUCCESS; } -/** - * Implementation of kernel_interface_t.del_sa. - */ -static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src, - host_t *dst, u_int32_t spi, protocol_id_t protocol, - u_int16_t cpi) + +METHOD(kernel_ipsec_t, del_sa, status_t, + private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int16_t cpi) { netlink_buf_t request; struct nlmsghdr *hdr; @@ -1393,14 +1377,10 @@ static status_t del_sa(private_kernel_netlink_ipsec_t *this, host_t *src, return SUCCESS; } -/** - * Implementation of kernel_interface_t.update_sa. - */ -static status_t update_sa(private_kernel_netlink_ipsec_t *this, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, - host_t *new_src, host_t *new_dst, - bool old_encap, bool new_encap) +METHOD(kernel_ipsec_t, update_sa, status_t, + private_kernel_netlink_ipsec_t *this, u_int32_t spi, protocol_id_t protocol, + u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, + bool old_encap, bool new_encap) { netlink_buf_t request; u_char *pos; @@ -1574,17 +1554,12 @@ static status_t update_sa(private_kernel_netlink_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.add_policy. - */ -static status_t add_policy(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool routed) +METHOD(kernel_ipsec_t, add_policy, status_t, + private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, + u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, + bool routed) { policy_entry_t *current, *policy; bool found = FALSE; @@ -1764,13 +1739,9 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.query_policy. - */ -static status_t query_policy(private_kernel_netlink_ipsec_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t *use_time) +METHOD(kernel_ipsec_t, query_policy, status_t, + private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { netlink_buf_t request; struct nlmsghdr *out = NULL, *hdr; @@ -1843,13 +1814,9 @@ static status_t query_policy(private_kernel_netlink_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.del_policy. - */ -static status_t del_policy(private_kernel_netlink_ipsec_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, bool unrouted) +METHOD(kernel_ipsec_t, del_policy, status_t, + private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { policy_entry_t *current, policy, *to_delete = NULL; route_entry_t *route; @@ -1925,17 +1892,62 @@ static status_t del_policy(private_kernel_netlink_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.destroy. - */ -static void destroy(private_kernel_netlink_ipsec_t *this) +METHOD(kernel_ipsec_t, bypass_socket, bool, + private_kernel_netlink_ipsec_t *this, int fd, int family) +{ + struct xfrm_userpolicy_info policy; + u_int sol, ipsec_policy; + + switch (family) + { + case AF_INET: + sol = SOL_IP; + ipsec_policy = IP_XFRM_POLICY; + break; + case AF_INET6: + sol = SOL_IPV6; + ipsec_policy = IPV6_XFRM_POLICY; + break; + default: + return FALSE; + } + + memset(&policy, 0, sizeof(policy)); + policy.action = XFRM_POLICY_ALLOW; + policy.sel.family = family; + + policy.dir = XFRM_POLICY_OUT; + if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) + { + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", + strerror(errno)); + return FALSE; + } + policy.dir = XFRM_POLICY_IN; + if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) + { + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", + strerror(errno)); + return FALSE; + } + return TRUE; +} + +METHOD(kernel_ipsec_t, destroy, void, + private_kernel_netlink_ipsec_t *this) { enumerator_t *enumerator; policy_entry_t *policy; - this->job->cancel(this->job); - close(this->socket_xfrm_events); - this->socket_xfrm->destroy(this->socket_xfrm); + if (this->job) + { + this->job->cancel(this->job); + } + if (this->socket_xfrm_events > 0) + { + close(this->socket_xfrm_events); + } + DESTROY_IF(this->socket_xfrm); enumerator = this->policies->create_enumerator(this->policies); while (enumerator->enumerate(enumerator, &policy, &policy)) { @@ -1947,87 +1959,35 @@ static void destroy(private_kernel_netlink_ipsec_t *this) free(this); } -/** - * Add bypass policies for IKE on the sockets used by charon - */ -static bool add_bypass_policies() -{ - int fd, family, port; - enumerator_t *sockets; - bool status = TRUE; - - sockets = charon->socket->create_enumerator(charon->socket); - while (sockets->enumerate(sockets, &fd, &family, &port)) - { - struct xfrm_userpolicy_info policy; - u_int sol, ipsec_policy; - - switch (family) - { - case AF_INET: - sol = SOL_IP; - ipsec_policy = IP_XFRM_POLICY; - break; - case AF_INET6: - sol = SOL_IPV6; - ipsec_policy = IPV6_XFRM_POLICY; - break; - default: - continue; - } - - memset(&policy, 0, sizeof(policy)); - policy.action = XFRM_POLICY_ALLOW; - policy.sel.family = family; - - policy.dir = XFRM_POLICY_OUT; - if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) - { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", - strerror(errno)); - status = FALSE; - break; - } - policy.dir = XFRM_POLICY_IN; - if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) - { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", - strerror(errno)); - status = FALSE; - break; - } - } - sockets->destroy(sockets); - return status; -} - /* * Described in header. */ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() { - private_kernel_netlink_ipsec_t *this = malloc_thing(private_kernel_netlink_ipsec_t); + private_kernel_netlink_ipsec_t *this; struct sockaddr_nl addr; int fd; - /* public functions */ - this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; - this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; - this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; - this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; - this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; - this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; - this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; - this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; - - /* private members */ - this->policies = hashtable_create((hashtable_hash_t)policy_hash, - (hashtable_equals_t)policy_equals, 32); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->install_routes = lib->settings->get_bool(lib->settings, - "charon.install_routes", TRUE); + INIT(this, + .public.interface = { + .get_spi = _get_spi, + .get_cpi = _get_cpi, + .add_sa = _add_sa, + .update_sa = _update_sa, + .query_sa = _query_sa, + .del_sa = _del_sa, + .add_policy = _add_policy, + .query_policy = _query_policy, + .del_policy = _del_policy, + .bypass_socket = _bypass_socket, + .destroy = _destroy, + }, + .policies = hashtable_create((hashtable_hash_t)policy_hash, + (hashtable_equals_t)policy_equals, 32), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .install_routes = lib->settings->get_bool(lib->settings, + "charon.install_routes", TRUE), + ); /* disable lifetimes for allocated SPIs in kernel */ fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY); @@ -2038,6 +1998,11 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() } this->socket_xfrm = netlink_socket_create(NETLINK_XFRM); + if (!this->socket_xfrm) + { + destroy(this); + return NULL; + } memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; @@ -2046,24 +2011,22 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM); if (this->socket_xfrm_events <= 0) { - charon->kill(charon, "unable to create XFRM event socket"); + DBG1(DBG_KNL, "unable to create XFRM event socket"); + destroy(this); + return NULL; } addr.nl_groups = XFRMNLGRP(ACQUIRE) | XFRMNLGRP(EXPIRE) | XFRMNLGRP(MIGRATE) | XFRMNLGRP(MAPPING); if (bind(this->socket_xfrm_events, (struct sockaddr*)&addr, sizeof(addr))) { - charon->kill(charon, "unable to bind XFRM event socket"); + DBG1(DBG_KNL, "unable to bind XFRM event socket"); + destroy(this); + return NULL; } - - /* add bypass policies on the sockets used by charon */ - if (!add_bypass_policies()) - { - charon->kill(charon, "unable to add bypass policies on sockets"); - } - this->job = callback_job_create((callback_job_cb_t)receive_events, this, NULL, NULL); charon->processor->queue_job(charon->processor, (job_t*)this->job); return &this->public; } + diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h index 3a45cce06..3a45cce06 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.h diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index 4a9fdf69a..6750458cf 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -14,6 +14,29 @@ * for more details. */ +/* + * Copyright (C) 2010 secunet Security Networks AG + * Copyright (C) 2010 Thomas Egerer + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + #include <sys/socket.h> #include <linux/netlink.h> #include <linux/rtnetlink.h> @@ -158,6 +181,11 @@ struct private_kernel_netlink_net_t { * whether to actually install virtual IPs */ bool install_virtual_ip; + + /** + * list with routing tables to be excluded from route lookup + */ + linked_list_t *rt_exclude; }; /** @@ -764,6 +792,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, chunk_t chunk; size_t len; int best = -1; + enumerator_t *enumerator; host_t *src = NULL, *gtw = NULL; DBG2(DBG_KNL, "getting address to reach %H", dest); @@ -813,6 +842,8 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, chunk_t rta_gtw, rta_src, rta_dst; u_int32_t rta_oif = 0; host_t *new_src, *new_gtw; + bool cont = FALSE; + uintptr_t table; rta_gtw = rta_src = rta_dst = chunk_empty; msg = (struct rtmsg*)(NLMSG_DATA(current)); @@ -844,6 +875,20 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, { /* not better than a previous one */ continue; } + enumerator = this->rt_exclude->create_enumerator(this->rt_exclude); + while (enumerator->enumerate(enumerator, &table)) + { + if (table == msg->rtm_table) + { + cont = TRUE; + break; + } + } + enumerator->destroy(enumerator); + if (cont) + { + continue; + } if (this->routing_table != 0 && msg->rtm_table == this->routing_table) { /* route is from our own ipsec routing table */ @@ -1336,11 +1381,17 @@ static void destroy(private_kernel_netlink_net_t *this) manage_rule(this, RTM_DELRULE, AF_INET6, this->routing_table, this->routing_table_prio); } - - this->job->cancel(this->job); - close(this->socket_events); - this->socket->destroy(this->socket); + if (this->job) + { + this->job->cancel(this->job); + } + if (this->socket_events > 0) + { + close(this->socket_events); + } + DESTROY_IF(this->socket); this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy); + this->rt_exclude->destroy(this->rt_exclude); this->condvar->destroy(this->condvar); this->mutex->destroy(this->mutex); free(this); @@ -1353,6 +1404,8 @@ kernel_netlink_net_t *kernel_netlink_net_create() { private_kernel_netlink_net_t *this = malloc_thing(private_kernel_netlink_net_t); struct sockaddr_nl addr; + enumerator_t *enumerator; + char *exclude; /* public functions */ this->public.interface.get_interface = (char*(*)(kernel_net_t*,host_t*))get_interface_name; @@ -1379,22 +1432,49 @@ kernel_netlink_net_t *kernel_netlink_net_create() this->install_virtual_ip = lib->settings->get_bool(lib->settings, "charon.install_virtual_ip", TRUE); + this->rt_exclude = linked_list_create(); + exclude = lib->settings->get_str(lib->settings, + "charon.ignore_routing_tables", NULL); + if (exclude) + { + char *token; + uintptr_t table; + + enumerator = enumerator_create_token(exclude, " ", " "); + while (enumerator->enumerate(enumerator, &token)) + { + errno = 0; + table = strtoul(token, NULL, 10); + + if (errno == 0) + { + this->rt_exclude->insert_last(this->rt_exclude, (void*)table); + } + } + enumerator->destroy(enumerator); + } + this->socket = netlink_socket_create(NETLINK_ROUTE); + this->job = NULL; memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; /* create and bind RT socket for events (address/interface/route changes) */ this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); - if (this->socket_events <= 0) + if (this->socket_events < 0) { - charon->kill(charon, "unable to create RT event socket"); + DBG1(DBG_KNL, "unable to create RT event socket"); + destroy(this); + return NULL; } addr.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_ROUTE | RTMGRP_LINK; if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) { - charon->kill(charon, "unable to bind RT event socket"); + DBG1(DBG_KNL, "unable to bind RT event socket"); + destroy(this); + return NULL; } this->job = callback_job_create((callback_job_cb_t)receive_events, @@ -1403,7 +1483,9 @@ kernel_netlink_net_t *kernel_netlink_net_create() if (init_address_list(this) != SUCCESS) { - charon->kill(charon, "unable to get interface list"); + DBG1(DBG_KNL, "unable to get interface list"); + destroy(this); + return NULL; } if (this->routing_table) diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h index ff9831d3c..ff9831d3c 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_net.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.h diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c index cdf20f14a..4c61265aa 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.c @@ -46,7 +46,7 @@ static void destroy(private_kernel_netlink_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *kernel_netlink_plugin_create() { private_kernel_netlink_plugin_t *this = malloc_thing(private_kernel_netlink_plugin_t); diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h index ec6036b98..74c9ae24f 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_plugin.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_plugin.h @@ -39,9 +39,4 @@ struct kernel_netlink_plugin_t { plugin_t plugin; }; -/** - * Create a kernel_netlink_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** KERNEL_NETLINK_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index b96186a3a..5ed568150 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -236,7 +236,10 @@ static status_t netlink_send_ack(private_netlink_socket_t *this, struct nlmsghdr */ static void destroy(private_netlink_socket_t *this) { - close(this->socket); + if (this->socket > 0) + { + close(this->socket); + } this->mutex->destroy(this->mutex); free(this); } @@ -244,7 +247,8 @@ static void destroy(private_netlink_socket_t *this) /** * Described in header. */ -netlink_socket_t *netlink_socket_create(int protocol) { +netlink_socket_t *netlink_socket_create(int protocol) +{ private_netlink_socket_t *this = malloc_thing(private_netlink_socket_t); struct sockaddr_nl addr; @@ -262,15 +266,19 @@ netlink_socket_t *netlink_socket_create(int protocol) { this->protocol = protocol; this->socket = socket(AF_NETLINK, SOCK_RAW, protocol); - if (this->socket <= 0) + if (this->socket < 0) { - charon->kill(charon, "unable to create netlink socket"); + DBG1(DBG_KNL, "unable to create netlink socket"); + destroy(this); + return NULL; } addr.nl_groups = 0; if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr))) { - charon->kill(charon, "unable to bind netlink socket"); + DBG1(DBG_KNL, "unable to bind netlink socket"); + destroy(this); + return NULL; } return &this->public; diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h index dfd27a21a..dfd27a21a 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_shared.h +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h diff --git a/src/charon/plugins/kernel_pfkey/Makefile.am b/src/libcharon/plugins/kernel_pfkey/Makefile.am index a72c6a999..778a7f9a9 100644 --- a/src/charon/plugins/kernel_pfkey/Makefile.am +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.am @@ -1,10 +1,17 @@ -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la +else plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la +endif -libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \ +libstrongswan_kernel_pfkey_la_SOURCES = \ + kernel_pfkey_plugin.h kernel_pfkey_plugin.c \ kernel_pfkey_ipsec.h kernel_pfkey_ipsec.c + libstrongswan_kernel_pfkey_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in index 8a0961a7d..2b028ba71 100644 --- a/src/charon/plugins/kernel_pfkey/Makefile.in +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/kernel_pfkey +subdir = src/libcharon/plugins/kernel_pfkey DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_kernel_pfkey_la_LIBADD = am_libstrongswan_kernel_pfkey_la_OBJECTS = kernel_pfkey_plugin.lo \ kernel_pfkey_ipsec.lo @@ -82,6 +82,9 @@ libstrongswan_kernel_pfkey_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_kernel_pfkey_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_kernel_pfkey_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_kernel_pfkey_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la -libstrongswan_kernel_pfkey_la_SOURCES = kernel_pfkey_plugin.h kernel_pfkey_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-pfkey.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-pfkey.la +libstrongswan_kernel_pfkey_la_SOURCES = \ + kernel_pfkey_plugin.h kernel_pfkey_plugin.c \ kernel_pfkey_ipsec.h kernel_pfkey_ipsec.c libstrongswan_kernel_pfkey_la_LDFLAGS = -module -avoid-version @@ -274,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfkey/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -295,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-kernel-pfkey.la: $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_DEPENDENCIES) - $(libstrongswan_kernel_pfkey_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_LIBADD) $(LIBS) + $(libstrongswan_kernel_pfkey_la_LINK) $(am_libstrongswan_kernel_pfkey_la_rpath) $(libstrongswan_kernel_pfkey_la_OBJECTS) $(libstrongswan_kernel_pfkey_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +498,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 9c50746ac..8a7883c8a 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1149,13 +1149,9 @@ static job_requeue_t receive_events(private_kernel_pfkey_ipsec_t *this) return JOB_REQUEUE_DIRECT; } -/** - * Implementation of kernel_interface_t.get_spi. - */ -static status_t get_spi(private_kernel_pfkey_ipsec_t *this, - host_t *src, host_t *dst, - protocol_id_t protocol, u_int32_t reqid, - u_int32_t *spi) +METHOD(kernel_ipsec_t, get_spi, status_t, + private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, + protocol_id_t protocol, u_int32_t reqid, u_int32_t *spi) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1212,28 +1208,19 @@ static status_t get_spi(private_kernel_pfkey_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.get_cpi. - */ -static status_t get_cpi(private_kernel_pfkey_ipsec_t *this, - host_t *src, host_t *dst, - u_int32_t reqid, u_int16_t *cpi) +METHOD(kernel_ipsec_t, get_cpi, status_t, + private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t reqid, u_int16_t *cpi) { return FAILED; } -/** - * Implementation of kernel_interface_t.add_sa. - */ -static status_t add_sa(private_kernel_pfkey_ipsec_t *this, - host_t *src, host_t *dst, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, - lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool encap, bool inbound, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts) +METHOD(kernel_ipsec_t, add_sa, status_t, + private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, + protocol_id_t protocol, u_int32_t reqid, lifetime_cfg_t *lifetime, + u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, chunk_t int_key, + ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, bool encap, + bool inbound, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1374,14 +1361,10 @@ static status_t add_sa(private_kernel_pfkey_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.update_sa. - */ -static status_t update_sa(private_kernel_pfkey_ipsec_t *this, - u_int32_t spi, protocol_id_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, - host_t *new_src, host_t *new_dst, - bool encap, bool new_encap) +METHOD(kernel_ipsec_t, update_sa, status_t, + private_kernel_pfkey_ipsec_t *this, u_int32_t spi, protocol_id_t protocol, + u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, + bool encap, bool new_encap) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1512,12 +1495,9 @@ static status_t update_sa(private_kernel_pfkey_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.query_sa. - */ -static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, - host_t *dst, u_int32_t spi, protocol_id_t protocol, - u_int64_t *bytes) +METHOD(kernel_ipsec_t, query_sa, status_t, + private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int64_t *bytes) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1571,12 +1551,9 @@ static status_t query_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, return SUCCESS; } -/** - * Implementation of kernel_interface_t.del_sa. - */ -static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, - host_t *dst, u_int32_t spi, protocol_id_t protocol, - u_int16_t cpi) +METHOD(kernel_ipsec_t, del_sa, status_t, + private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, + u_int32_t spi, protocol_id_t protocol, u_int16_t cpi) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1623,17 +1600,12 @@ static status_t del_sa(private_kernel_pfkey_ipsec_t *this, host_t *src, return SUCCESS; } -/** - * Implementation of kernel_interface_t.add_policy. - */ -static status_t add_policy(private_kernel_pfkey_ipsec_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t spi, - protocol_id_t protocol, u_int32_t reqid, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - bool routed) +METHOD(kernel_ipsec_t, add_policy, status_t, + private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, u_int32_t spi, protocol_id_t protocol, + u_int32_t reqid, ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, + bool routed) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1828,13 +1800,9 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.query_policy. - */ -static status_t query_policy(private_kernel_pfkey_ipsec_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t *use_time) +METHOD(kernel_ipsec_t, query_policy, status_t, + private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t *use_time) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1935,13 +1903,9 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this, return SUCCESS; } -/** - * Implementation of kernel_interface_t.del_policy. - */ -static status_t del_policy(private_kernel_pfkey_ipsec_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, bool unrouted) +METHOD(kernel_ipsec_t, del_policy, status_t, + private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts, + traffic_selector_t *dst_ts, policy_dir_t direction, bool unrouted) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2049,7 +2013,8 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this, /** * Register a socket for AQUIRE/EXPIRE messages */ -static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8_t satype) +static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, + u_int8_t satype) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2079,77 +2044,71 @@ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, u_int8 return SUCCESS; } -/** - * Implementation of kernel_interface_t.destroy. - */ -static void destroy(private_kernel_pfkey_ipsec_t *this) +METHOD(kernel_ipsec_t, bypass_socket, bool, + private_kernel_pfkey_ipsec_t *this, int fd, int family) { - this->job->cancel(this->job); - close(this->socket); - close(this->socket_events); - this->policies->destroy_function(this->policies, (void*)policy_entry_destroy); - this->mutex->destroy(this->mutex); - this->mutex_pfkey->destroy(this->mutex_pfkey); - free(this); -} + struct sadb_x_policy policy; + u_int sol, ipsec_policy; -/** - * Add bypass policies for IKE on the sockets of charon - */ -static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) -{ - int fd, family, port; - enumerator_t *sockets; - bool status = TRUE; - - sockets = charon->socket->create_enumerator(charon->socket); - while (sockets->enumerate(sockets, &fd, &family, &port)) + switch (family) { - struct sadb_x_policy policy; - u_int sol, ipsec_policy; - - switch (family) - { - case AF_INET: - { - sol = SOL_IP; - ipsec_policy = IP_IPSEC_POLICY; - break; - } - case AF_INET6: - { - sol = SOL_IPV6; - ipsec_policy = IPV6_IPSEC_POLICY; - break; - } - default: - continue; - } - - memset(&policy, 0, sizeof(policy)); - policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); - policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; - policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; - - policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; - if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) + case AF_INET: { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", - strerror(errno)); - status = FALSE; + sol = SOL_IP; + ipsec_policy = IP_IPSEC_POLICY; break; } - policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND; - if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) + case AF_INET6: { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", - strerror(errno)); - status = FALSE; + sol = SOL_IPV6; + ipsec_policy = IPV6_IPSEC_POLICY; break; } + default: + return FALSE; + } + + memset(&policy, 0, sizeof(policy)); + policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); + policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; + policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; + + policy.sadb_x_policy_dir = IPSEC_DIR_OUTBOUND; + if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) + { + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", + strerror(errno)); + return FALSE; + } + policy.sadb_x_policy_dir = IPSEC_DIR_INBOUND; + if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) + { + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", + strerror(errno)); + return FALSE; } - sockets->destroy(sockets); - return status; + return TRUE; +} + +METHOD(kernel_ipsec_t, destroy, void, + private_kernel_pfkey_ipsec_t *this) +{ + if (this->job) + { + this->job->cancel(this->job); + } + if (this->socket > 0) + { + close(this->socket); + } + if (this->socket_events > 0) + { + close(this->socket_events); + } + this->policies->destroy_function(this->policies, (void*)policy_entry_destroy); + this->mutex->destroy(this->mutex); + this->mutex_pfkey->destroy(this->mutex_pfkey); + free(this); } /* @@ -2157,54 +2116,54 @@ static bool add_bypass_policies(private_kernel_pfkey_ipsec_t *this) */ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() { - private_kernel_pfkey_ipsec_t *this = malloc_thing(private_kernel_pfkey_ipsec_t); - - /* public functions */ - this->public.interface.get_spi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,protocol_id_t,u_int32_t,u_int32_t*))get_spi; - this->public.interface.get_cpi = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,u_int16_t*))get_cpi; - this->public.interface.add_sa = (status_t(*)(kernel_ipsec_t *,host_t*,host_t*,u_int32_t,protocol_id_t,u_int32_t,lifetime_cfg_t*,u_int16_t,chunk_t,u_int16_t,chunk_t,ipsec_mode_t,u_int16_t,u_int16_t,bool,bool,traffic_selector_t*,traffic_selector_t*))add_sa; - this->public.interface.update_sa = (status_t(*)(kernel_ipsec_t*,u_int32_t,protocol_id_t,u_int16_t,host_t*,host_t*,host_t*,host_t*,bool,bool))update_sa; - this->public.interface.query_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int64_t*))query_sa; - this->public.interface.del_sa = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,u_int32_t,protocol_id_t,u_int16_t))del_sa; - this->public.interface.add_policy = (status_t(*)(kernel_ipsec_t*,host_t*,host_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t,protocol_id_t,u_int32_t,ipsec_mode_t,u_int16_t,u_int16_t,bool))add_policy; - this->public.interface.query_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,u_int32_t*))query_policy; - this->public.interface.del_policy = (status_t(*)(kernel_ipsec_t*,traffic_selector_t*,traffic_selector_t*,policy_dir_t,bool))del_policy; - - this->public.interface.destroy = (void(*)(kernel_ipsec_t*)) destroy; - - /* private members */ - this->policies = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT); - this->install_routes = lib->settings->get_bool(lib->settings, - "charon.install_routes", TRUE); - this->seq = 0; + private_kernel_pfkey_ipsec_t *this; + + INIT(this, + .public.interface = { + .get_spi = _get_spi, + .get_cpi = _get_cpi, + .add_sa = _add_sa, + .update_sa = _update_sa, + .query_sa = _query_sa, + .del_sa = _del_sa, + .add_policy = _add_policy, + .query_policy = _query_policy, + .del_policy = _del_policy, + .bypass_socket = _bypass_socket, + .destroy = _destroy, + }, + .policies = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT), + .install_routes = lib->settings->get_bool(lib->settings, + "charon.install_routes", TRUE), + ); /* create a PF_KEY socket to communicate with the kernel */ this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket <= 0) { - charon->kill(charon, "unable to create PF_KEY socket"); + DBG1(DBG_KNL, "unable to create PF_KEY socket"); + destroy(this); + return NULL; } /* create a PF_KEY socket for ACQUIRE & EXPIRE */ this->socket_events = socket(PF_KEY, SOCK_RAW, PF_KEY_V2); if (this->socket_events <= 0) { - charon->kill(charon, "unable to create PF_KEY event socket"); - } - - /* add bypass policies on the sockets used by charon */ - if (!add_bypass_policies(this)) - { - charon->kill(charon, "unable to add bypass policies on sockets"); + DBG1(DBG_KNL, "unable to create PF_KEY event socket"); + destroy(this); + return NULL; } /* register the event socket */ if (register_pfkey_socket(this, SADB_SATYPE_ESP) != SUCCESS || register_pfkey_socket(this, SADB_SATYPE_AH) != SUCCESS) { - charon->kill(charon, "unable to register PF_KEY event socket"); + DBG1(DBG_KNL, "unable to register PF_KEY event socket"); + destroy(this); + return NULL; } this->job = callback_job_create((callback_job_cb_t)receive_events, @@ -2213,3 +2172,4 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() return &this->public; } + diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h index 649f93733..649f93733 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.h diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c index 3380c328c..b84ccf150 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_kernel_pfkey_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *kernel_pfkey_plugin_create() { private_kernel_pfkey_plugin_t *this = malloc_thing(private_kernel_pfkey_plugin_t); diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h index 2f168aa9c..ecccc6303 100644 --- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_plugin.h +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_plugin.h @@ -39,9 +39,4 @@ struct kernel_pfkey_plugin_t { plugin_t plugin; }; -/** - * Create a kernel_pfkey_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** KERNEL_PFKEY_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/kernel_pfroute/Makefile.am b/src/libcharon/plugins/kernel_pfroute/Makefile.am index 0065d9b0a..83db48160 100644 --- a/src/charon/plugins/kernel_pfroute/Makefile.am +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.am @@ -1,10 +1,17 @@ -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la +else plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la +endif -libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \ +libstrongswan_kernel_pfroute_la_SOURCES = \ + kernel_pfroute_plugin.h kernel_pfroute_plugin.c \ kernel_pfroute_net.h kernel_pfroute_net.c + libstrongswan_kernel_pfroute_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in index da8c7585f..3a4d2c3b5 100644 --- a/src/charon/plugins/kernel_pfroute/Makefile.in +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/kernel_pfroute +subdir = src/libcharon/plugins/kernel_pfroute DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_kernel_pfroute_la_LIBADD = am_libstrongswan_kernel_pfroute_la_OBJECTS = kernel_pfroute_plugin.lo \ kernel_pfroute_net.lo @@ -82,6 +82,9 @@ libstrongswan_kernel_pfroute_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_kernel_pfroute_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_kernel_pfroute_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_kernel_pfroute_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,10 +258,14 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la -libstrongswan_kernel_pfroute_la_SOURCES = kernel_pfroute_plugin.h kernel_pfroute_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-kernel-pfroute.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-kernel-pfroute.la +libstrongswan_kernel_pfroute_la_SOURCES = \ + kernel_pfroute_plugin.h kernel_pfroute_plugin.c \ kernel_pfroute_net.h kernel_pfroute_net.c libstrongswan_kernel_pfroute_la_LDFLAGS = -module -avoid-version @@ -274,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/kernel_pfroute/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -295,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-kernel-pfroute.la: $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_DEPENDENCIES) - $(libstrongswan_kernel_pfroute_la_LINK) -rpath $(plugindir) $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_LIBADD) $(LIBS) + $(libstrongswan_kernel_pfroute_la_LINK) $(am_libstrongswan_kernel_pfroute_la_rpath) $(libstrongswan_kernel_pfroute_la_OBJECTS) $(libstrongswan_kernel_pfroute_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +498,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index 9f1baf5b5..97c019b58 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -650,9 +650,18 @@ static status_t init_address_list(private_kernel_pfroute_net_t *this) */ static void destroy(private_kernel_pfroute_net_t *this) { - this->job->cancel(this->job); - close(this->socket); - close(this->socket_events); + if (this->job) + { + this->job->cancel(this->job); + } + if (this->socket > 0) + { + close(this->socket); + } + if (this->socket_events) + { + close(this->socket_events); + } this->ifaces->destroy_function(this->ifaces, (void*)iface_entry_destroy); this->mutex->destroy(this->mutex); this->mutex_pfroute->destroy(this->mutex_pfroute); @@ -684,19 +693,25 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() this->mutex_pfroute = mutex_create(MUTEX_TYPE_DEFAULT); this->seq = 0; + this->socket_events = 0; + this->job = NULL; /* create a PF_ROUTE socket to communicate with the kernel */ this->socket = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); - if (this->socket <= 0) + if (this->socket < 0) { - charon->kill(charon, "unable to create PF_ROUTE socket"); + DBG1(DBG_KNL, "unable to create PF_ROUTE socket"); + destroy(this); + return NULL; } /* create a PF_ROUTE socket to receive events */ this->socket_events = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); - if (this->socket_events <= 0) + if (this->socket_events < 0) { - charon->kill(charon, "unable to create PF_ROUTE event socket"); + DBG1(DBG_KNL, "unable to create PF_ROUTE event socket"); + destroy(this); + return NULL; } this->job = callback_job_create((callback_job_cb_t)receive_events, @@ -705,7 +720,9 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() if (init_address_list(this) != SUCCESS) { - charon->kill(charon, "unable to get interface list"); + DBG1(DBG_KNL, "unable to get interface list"); + destroy(this); + return NULL; } return &this->public; diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h index 10c3c9eb7..10c3c9eb7 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_net.h +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.h diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c index e73cbeafb..97139fb56 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.c @@ -45,7 +45,7 @@ static void destroy(private_kernel_pfroute_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *kernel_pfroute_plugin_create() { private_kernel_pfroute_plugin_t *this = malloc_thing(private_kernel_pfroute_plugin_t); diff --git a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.h b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h index 6caf097c6..50642a572 100644 --- a/src/charon/plugins/kernel_pfroute/kernel_pfroute_plugin.h +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_plugin.h @@ -39,9 +39,4 @@ struct kernel_pfroute_plugin_t { plugin_t plugin; }; -/** - * Create a kernel_pfroute_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** KERNEL_PFROUTE_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/load_tester/Makefile.am b/src/libcharon/plugins/load_tester/Makefile.am new file mode 100644 index 000000000..cdd0445a9 --- /dev/null +++ b/src/libcharon/plugins/load_tester/Makefile.am @@ -0,0 +1,21 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-load-tester.la +else +plugin_LTLIBRARIES = libstrongswan-load-tester.la +endif + +libstrongswan_load_tester_la_SOURCES = \ + load_tester_plugin.c load_tester_plugin.h \ + load_tester_config.c load_tester_config.h \ + load_tester_creds.c load_tester_creds.h \ + load_tester_ipsec.c load_tester_ipsec.h \ + load_tester_listener.c load_tester_listener.h \ + load_tester_diffie_hellman.c load_tester_diffie_hellman.h + +libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 70c7d3c99..8965aff78 100644 --- a/src/charon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/load_tester +subdir = src/libcharon/plugins/load_tester DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_load_tester_la_LIBADD = am_libstrongswan_load_tester_la_OBJECTS = load_tester_plugin.lo \ load_tester_config.lo load_tester_creds.lo \ @@ -84,6 +84,9 @@ libstrongswan_load_tester_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_load_tester_la_LDFLAGS) \ $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_load_tester_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_load_tester_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -222,6 +225,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -256,16 +260,19 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-load-tester.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-load-tester.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-load-tester.la libstrongswan_load_tester_la_SOURCES = \ - load_tester_plugin.c load_tester_plugin.h \ - load_tester_config.c load_tester_config.h \ - load_tester_creds.c load_tester_creds.h \ - load_tester_ipsec.c load_tester_ipsec.h \ - load_tester_listener.c load_tester_listener.h \ - load_tester_diffie_hellman.c load_tester_diffie_hellman.h + load_tester_plugin.c load_tester_plugin.h \ + load_tester_config.c load_tester_config.h \ + load_tester_creds.c load_tester_creds.h \ + load_tester_ipsec.c load_tester_ipsec.h \ + load_tester_listener.c load_tester_listener.h \ + load_tester_diffie_hellman.c load_tester_diffie_hellman.h libstrongswan_load_tester_la_LDFLAGS = -module -avoid-version all: all-am @@ -281,9 +288,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/load_tester/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -302,6 +309,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -334,7 +350,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-load-tester.la: $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_DEPENDENCIES) - $(libstrongswan_load_tester_la_LINK) -rpath $(plugindir) $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_LIBADD) $(LIBS) + $(libstrongswan_load_tester_la_LINK) $(am_libstrongswan_load_tester_la_rpath) $(libstrongswan_load_tester_la_OBJECTS) $(libstrongswan_load_tester_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -492,8 +508,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -564,18 +580,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 82f408d45..c1f98f2fe 100644 --- a/src/charon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -78,6 +78,11 @@ struct private_load_tester_config_t { * incremental numbering of generated configs */ u_int num; + + /** + * Dynamic source port, if used + */ + u_int16_t port; }; /** @@ -189,7 +194,16 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) } }; - ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote); + if (this->port && num) + { + ike_cfg = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", this->port + num - 1, this->remote, IKEV2_NATT_PORT); + } + else + { + ike_cfg = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", IKEV2_UDP_PORT, this->remote, IKEV2_UDP_PORT); + } ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); peer_cfg = peer_cfg_create("load-test", 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */ @@ -308,6 +322,9 @@ load_tester_config_t *load_tester_config_create() this->responder_auth = lib->settings->get_str(lib->settings, "charon.plugins.load-tester.responder_auth", "pubkey"); + this->port = lib->settings->get_int(lib->settings, + "charon.plugins.load-tester.dynamic_port", 0); + this->num = 1; this->peer_cfg = generate_config(this, 0); diff --git a/src/charon/plugins/load_tester/load_tester_config.h b/src/libcharon/plugins/load_tester/load_tester_config.h index c22387743..c22387743 100644 --- a/src/charon/plugins/load_tester/load_tester_config.h +++ b/src/libcharon/plugins/load_tester/load_tester_config.h diff --git a/src/charon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c index 890703c1a..890703c1a 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.c +++ b/src/libcharon/plugins/load_tester/load_tester_creds.c diff --git a/src/charon/plugins/load_tester/load_tester_creds.h b/src/libcharon/plugins/load_tester/load_tester_creds.h index fb3541164..fb3541164 100644 --- a/src/charon/plugins/load_tester/load_tester_creds.h +++ b/src/libcharon/plugins/load_tester/load_tester_creds.h diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c index d5ec3599b..d5ec3599b 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.c +++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c diff --git a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h index 672157fb8..672157fb8 100644 --- a/src/charon/plugins/load_tester/load_tester_diffie_hellman.h +++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.h diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index 1218443cc..1218443cc 100644 --- a/src/charon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c diff --git a/src/charon/plugins/load_tester/load_tester_ipsec.h b/src/libcharon/plugins/load_tester/load_tester_ipsec.h index 1e1bff84a..1e1bff84a 100644 --- a/src/charon/plugins/load_tester/load_tester_ipsec.h +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.h diff --git a/src/charon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c index 96b0cf1ec..96b0cf1ec 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.c +++ b/src/libcharon/plugins/load_tester/load_tester_listener.c diff --git a/src/charon/plugins/load_tester/load_tester_listener.h b/src/libcharon/plugins/load_tester/load_tester_listener.h index b9599294c..b9599294c 100644 --- a/src/charon/plugins/load_tester/load_tester_listener.h +++ b/src/libcharon/plugins/load_tester/load_tester_listener.h diff --git a/src/charon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index e25f97423..46145b803 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -173,7 +173,7 @@ static void destroy(private_load_tester_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *load_tester_plugin_create() { private_load_tester_plugin_t *this; u_int i, shutdown_on = 0; diff --git a/src/charon/plugins/load_tester/load_tester_plugin.h b/src/libcharon/plugins/load_tester/load_tester_plugin.h index e33f06ac7..15f2d1127 100644 --- a/src/charon/plugins/load_tester/load_tester_plugin.h +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.h @@ -41,9 +41,4 @@ struct load_tester_plugin_t { plugin_t plugin; }; -/** - * Create a load_tester_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** LOAD_TESTER_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/medcli/Makefile.am b/src/libcharon/plugins/medcli/Makefile.am new file mode 100644 index 000000000..cdff8d854 --- /dev/null +++ b/src/libcharon/plugins/medcli/Makefile.am @@ -0,0 +1,19 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-medcli.la +else +plugin_LTLIBRARIES = libstrongswan-medcli.la +endif + +libstrongswan_medcli_la_SOURCES = \ + medcli_plugin.h medcli_plugin.c \ + medcli_creds.h medcli_creds.c \ + medcli_config.h medcli_config.c \ + medcli_listener.h medcli_listener.c + +libstrongswan_medcli_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 47eeecd5b..539890ec3 100644 --- a/src/charon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/medcli +subdir = src/libcharon/plugins/medcli DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_medcli_la_LIBADD = am_libstrongswan_medcli_la_OBJECTS = medcli_plugin.lo medcli_creds.lo \ medcli_config.lo medcli_listener.lo @@ -81,6 +81,9 @@ libstrongswan_medcli_la_OBJECTS = \ libstrongswan_medcli_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_medcli_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_medcli_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_medcli_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,13 +257,17 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-medcli.la -libstrongswan_medcli_la_SOURCES = medcli_plugin.h medcli_plugin.c \ - medcli_creds.h medcli_creds.c \ - medcli_config.h medcli_config.c \ - medcli_listener.h medcli_listener.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-medcli.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-medcli.la +libstrongswan_medcli_la_SOURCES = \ + medcli_plugin.h medcli_plugin.c \ + medcli_creds.h medcli_creds.c \ + medcli_config.h medcli_config.c \ + medcli_listener.h medcli_listener.c libstrongswan_medcli_la_LDFLAGS = -module -avoid-version all: all-am @@ -275,9 +283,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/medcli/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -296,6 +304,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +345,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-medcli.la: $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_DEPENDENCIES) - $(libstrongswan_medcli_la_LINK) -rpath $(plugindir) $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_LIBADD) $(LIBS) + $(libstrongswan_medcli_la_LINK) $(am_libstrongswan_medcli_la_rpath) $(libstrongswan_medcli_la_OBJECTS) $(libstrongswan_medcli_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -484,8 +501,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -556,18 +573,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 2e49ebbf7..e355d55f7 100644 --- a/src/charon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -120,7 +120,8 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam DESTROY_IF(e); return NULL; } - ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", address); + ike_cfg = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", IKEV2_UDP_PORT, address, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); med_cfg = peer_cfg_create( "mediation", 2, ike_cfg, @@ -395,7 +396,8 @@ medcli_config_t *medcli_config_create(database_t *db) this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300); - this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); + this->ike = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); schedule_autoinit(this); diff --git a/src/charon/plugins/medcli/medcli_config.h b/src/libcharon/plugins/medcli/medcli_config.h index 36c20adf7..36c20adf7 100644 --- a/src/charon/plugins/medcli/medcli_config.h +++ b/src/libcharon/plugins/medcli/medcli_config.h diff --git a/src/charon/plugins/medcli/medcli_creds.c b/src/libcharon/plugins/medcli/medcli_creds.c index 9729df3f5..9729df3f5 100644 --- a/src/charon/plugins/medcli/medcli_creds.c +++ b/src/libcharon/plugins/medcli/medcli_creds.c diff --git a/src/charon/plugins/medcli/medcli_creds.h b/src/libcharon/plugins/medcli/medcli_creds.h index 4b5402653..4b5402653 100644 --- a/src/charon/plugins/medcli/medcli_creds.h +++ b/src/libcharon/plugins/medcli/medcli_creds.h diff --git a/src/charon/plugins/medcli/medcli_listener.c b/src/libcharon/plugins/medcli/medcli_listener.c index 142f02e6c..142f02e6c 100644 --- a/src/charon/plugins/medcli/medcli_listener.c +++ b/src/libcharon/plugins/medcli/medcli_listener.c diff --git a/src/charon/plugins/medcli/medcli_listener.h b/src/libcharon/plugins/medcli/medcli_listener.h index 4768beccd..4768beccd 100644 --- a/src/charon/plugins/medcli/medcli_listener.h +++ b/src/libcharon/plugins/medcli/medcli_listener.h diff --git a/src/charon/plugins/medcli/medcli_plugin.c b/src/libcharon/plugins/medcli/medcli_plugin.c index 148eded61..397168d46 100644 --- a/src/charon/plugins/medcli/medcli_plugin.c +++ b/src/libcharon/plugins/medcli/medcli_plugin.c @@ -72,7 +72,7 @@ static void destroy(private_medcli_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *medcli_plugin_create() { char *uri; private_medcli_plugin_t *this = malloc_thing(private_medcli_plugin_t); diff --git a/src/charon/plugins/medcli/medcli_plugin.h b/src/libcharon/plugins/medcli/medcli_plugin.h index 06f674b37..44e7bb525 100644 --- a/src/charon/plugins/medcli/medcli_plugin.h +++ b/src/libcharon/plugins/medcli/medcli_plugin.h @@ -39,9 +39,4 @@ struct medcli_plugin_t { plugin_t plugin; }; -/** - * Create a medcli_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** MEDCLI_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/medsrv/Makefile.am b/src/libcharon/plugins/medsrv/Makefile.am new file mode 100644 index 000000000..7f5c8e2b3 --- /dev/null +++ b/src/libcharon/plugins/medsrv/Makefile.am @@ -0,0 +1,18 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-medsrv.la +else +plugin_LTLIBRARIES = libstrongswan-medsrv.la +endif + +libstrongswan_medsrv_la_SOURCES = \ + medsrv_plugin.h medsrv_plugin.c \ + medsrv_creds.h medsrv_creds.c \ + medsrv_config.h medsrv_config.c + +libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index c72887889..a103a1340 100644 --- a/src/charon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/medsrv +subdir = src/libcharon/plugins/medsrv DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_medsrv_la_LIBADD = am_libstrongswan_medsrv_la_OBJECTS = medsrv_plugin.lo medsrv_creds.lo \ medsrv_config.lo @@ -81,6 +81,9 @@ libstrongswan_medsrv_la_OBJECTS = \ libstrongswan_medsrv_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_medsrv_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_medsrv_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_medsrv_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,12 +257,16 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-medsrv.la -libstrongswan_medsrv_la_SOURCES = medsrv_plugin.h medsrv_plugin.c \ - medsrv_creds.h medsrv_creds.c \ - medsrv_config.h medsrv_config.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-medsrv.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-medsrv.la +libstrongswan_medsrv_la_SOURCES = \ + medsrv_plugin.h medsrv_plugin.c \ + medsrv_creds.h medsrv_creds.c \ + medsrv_config.h medsrv_config.c libstrongswan_medsrv_la_LDFLAGS = -module -avoid-version all: all-am @@ -274,9 +282,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/medsrv/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -295,6 +303,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -327,7 +344,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-medsrv.la: $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_DEPENDENCIES) - $(libstrongswan_medsrv_la_LINK) -rpath $(plugindir) $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_LIBADD) $(LIBS) + $(libstrongswan_medsrv_la_LINK) $(am_libstrongswan_medsrv_la_rpath) $(libstrongswan_medsrv_la_OBJECTS) $(libstrongswan_medsrv_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -482,8 +499,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -554,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index 3df720967..c23955ad0 100644 --- a/src/charon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -145,7 +145,8 @@ medsrv_config_t *medsrv_config_create(database_t *db) this->db = db; this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200); this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300); - this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0"); + this->ike = ike_cfg_create(FALSE, FALSE, + "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT); this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE)); return &this->public; diff --git a/src/charon/plugins/medsrv/medsrv_config.h b/src/libcharon/plugins/medsrv/medsrv_config.h index fc8b0e972..fc8b0e972 100644 --- a/src/charon/plugins/medsrv/medsrv_config.h +++ b/src/libcharon/plugins/medsrv/medsrv_config.h diff --git a/src/charon/plugins/medsrv/medsrv_creds.c b/src/libcharon/plugins/medsrv/medsrv_creds.c index 8d1643908..8d1643908 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.c +++ b/src/libcharon/plugins/medsrv/medsrv_creds.c diff --git a/src/charon/plugins/medsrv/medsrv_creds.h b/src/libcharon/plugins/medsrv/medsrv_creds.h index d08adf3bf..d08adf3bf 100644 --- a/src/charon/plugins/medsrv/medsrv_creds.h +++ b/src/libcharon/plugins/medsrv/medsrv_creds.h diff --git a/src/charon/plugins/medsrv/medsrv_plugin.c b/src/libcharon/plugins/medsrv/medsrv_plugin.c index 7c533f10e..262d26d6b 100644 --- a/src/charon/plugins/medsrv/medsrv_plugin.c +++ b/src/libcharon/plugins/medsrv/medsrv_plugin.c @@ -64,7 +64,7 @@ static void destroy(private_medsrv_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *medsrv_plugin_create() { char *uri; private_medsrv_plugin_t *this = malloc_thing(private_medsrv_plugin_t); diff --git a/src/charon/plugins/medsrv/medsrv_plugin.h b/src/libcharon/plugins/medsrv/medsrv_plugin.h index 4b183994f..8736822ee 100644 --- a/src/charon/plugins/medsrv/medsrv_plugin.h +++ b/src/libcharon/plugins/medsrv/medsrv_plugin.h @@ -39,9 +39,4 @@ struct medsrv_plugin_t { plugin_t plugin; }; -/** - * Create a medsrv_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** MEDSRV_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/nm/Makefile.am b/src/libcharon/plugins/nm/Makefile.am new file mode 100644 index 000000000..8e12a72be --- /dev/null +++ b/src/libcharon/plugins/nm/Makefile.am @@ -0,0 +1,21 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon ${nm_CFLAGS} + +AM_CFLAGS = -rdynamic \ + -DNM_CA_DIR=\"${nm_ca_dir}\" + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-nm.la +else +plugin_LTLIBRARIES = libstrongswan-nm.la +endif + +libstrongswan_nm_la_SOURCES = \ + nm_plugin.h nm_plugin.c \ + nm_service.h nm_service.c \ + nm_creds.h nm_creds.c \ + nm_handler.h nm_handler.c + +libstrongswan_nm_la_LDFLAGS = -module -avoid-version +libstrongswan_nm_la_LIBADD = ${nm_LIBS} diff --git a/src/charon/plugins/nm/Makefile.in b/src/libcharon/plugins/nm/Makefile.in index 90a50cfae..c7f288f54 100644 --- a/src/charon/plugins/nm/Makefile.in +++ b/src/libcharon/plugins/nm/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/nm +subdir = src/libcharon/plugins/nm DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = libstrongswan_nm_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_nm_la_OBJECTS = nm_plugin.lo nm_service.lo \ @@ -81,6 +81,8 @@ libstrongswan_nm_la_OBJECTS = $(am_libstrongswan_nm_la_OBJECTS) libstrongswan_nm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_nm_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_nm_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_nm_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,16 +256,19 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${nm_CFLAGS} +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon ${nm_CFLAGS} + AM_CFLAGS = -rdynamic \ -DNM_CA_DIR=\"${nm_ca_dir}\" -plugin_LTLIBRARIES = libstrongswan-nm.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-nm.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-nm.la libstrongswan_nm_la_SOURCES = \ - nm_plugin.h nm_plugin.c \ - nm_service.h nm_service.c \ - nm_creds.h nm_creds.c \ - nm_handler.h nm_handler.c + nm_plugin.h nm_plugin.c \ + nm_service.h nm_service.c \ + nm_creds.h nm_creds.c \ + nm_handler.h nm_handler.c libstrongswan_nm_la_LDFLAGS = -module -avoid-version libstrongswan_nm_la_LIBADD = ${nm_LIBS} @@ -279,9 +285,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/nm/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/nm/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/nm/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -300,6 +306,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -332,7 +347,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-nm.la: $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_DEPENDENCIES) - $(libstrongswan_nm_la_LINK) -rpath $(plugindir) $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_LIBADD) $(LIBS) + $(libstrongswan_nm_la_LINK) $(am_libstrongswan_nm_la_rpath) $(libstrongswan_nm_la_OBJECTS) $(libstrongswan_nm_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -488,8 +503,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -560,18 +575,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/nm/nm_creds.c b/src/libcharon/plugins/nm/nm_creds.c index 193838e6b..193838e6b 100644 --- a/src/charon/plugins/nm/nm_creds.c +++ b/src/libcharon/plugins/nm/nm_creds.c diff --git a/src/charon/plugins/nm/nm_creds.h b/src/libcharon/plugins/nm/nm_creds.h index b55cff31e..b55cff31e 100644 --- a/src/charon/plugins/nm/nm_creds.h +++ b/src/libcharon/plugins/nm/nm_creds.h diff --git a/src/charon/plugins/nm/nm_handler.c b/src/libcharon/plugins/nm/nm_handler.c index eacb54dda..eacb54dda 100644 --- a/src/charon/plugins/nm/nm_handler.c +++ b/src/libcharon/plugins/nm/nm_handler.c diff --git a/src/charon/plugins/nm/nm_handler.h b/src/libcharon/plugins/nm/nm_handler.h index bb35ce767..bb35ce767 100644 --- a/src/charon/plugins/nm/nm_handler.h +++ b/src/libcharon/plugins/nm/nm_handler.h diff --git a/src/charon/plugins/nm/nm_plugin.c b/src/libcharon/plugins/nm/nm_plugin.c index daf2cc660..6087f6589 100644 --- a/src/charon/plugins/nm/nm_plugin.c +++ b/src/libcharon/plugins/nm/nm_plugin.c @@ -18,6 +18,7 @@ #include "nm_creds.h" #include "nm_handler.h" +#include <hydra.h> #include <daemon.h> #include <processing/jobs/callback_job.h> @@ -84,7 +85,7 @@ static void destroy(private_nm_plugin_t *this) g_object_unref(this->plugin); } charon->credentials->remove_set(charon->credentials, &this->creds->set); - lib->attributes->remove_handler(lib->attributes, &this->handler->handler); + hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); this->creds->destroy(this->creds); this->handler->destroy(this->handler); free(this); @@ -93,7 +94,7 @@ static void destroy(private_nm_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *nm_plugin_create() { private_nm_plugin_t *this = malloc_thing(private_nm_plugin_t); @@ -108,7 +109,7 @@ plugin_t *plugin_create() this->creds = nm_creds_create(); this->handler = nm_handler_create(); - lib->attributes->add_handler(lib->attributes, &this->handler->handler); + hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); charon->credentials->add_set(charon->credentials, &this->creds->set); this->plugin = nm_strongswan_plugin_new(this->creds, this->handler); if (!this->plugin) diff --git a/src/charon/plugins/nm/nm_plugin.h b/src/libcharon/plugins/nm/nm_plugin.h index 18d053e11..b64b3edf6 100644 --- a/src/charon/plugins/nm/nm_plugin.h +++ b/src/libcharon/plugins/nm/nm_plugin.h @@ -39,9 +39,4 @@ struct nm_plugin_t { plugin_t plugin; }; -/** - * Create a nm_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** NM_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/nm/nm_service.c b/src/libcharon/plugins/nm/nm_service.c index b05383c2b..cdf7dc962 100644 --- a/src/charon/plugins/nm/nm_service.c +++ b/src/libcharon/plugins/nm/nm_service.c @@ -423,7 +423,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, /** * Set up configurations */ - ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address); + ike_cfg = ike_cfg_create(TRUE, encap, + "0.0.0.0", IKEV2_UDP_PORT, (char*)address, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); peer_cfg = peer_cfg_create(priv->name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ diff --git a/src/charon/plugins/nm/nm_service.h b/src/libcharon/plugins/nm/nm_service.h index b00000b6f..b00000b6f 100644 --- a/src/charon/plugins/nm/nm_service.h +++ b/src/libcharon/plugins/nm/nm_service.h diff --git a/src/charon/plugins/resolve/Makefile.am b/src/libcharon/plugins/resolve/Makefile.am index 9d18b00b4..f8830d42e 100644 --- a/src/charon/plugins/resolve/Makefile.am +++ b/src/libcharon/plugins/resolve/Makefile.am @@ -1,13 +1,18 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic \ - -DRESOLV_CONF=\"${resolv_conf}\" + -DRESOLV_CONF=\"${resolv_conf}\" +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-resolve.la +else plugin_LTLIBRARIES = libstrongswan-resolve.la -libstrongswan_resolve_la_SOURCES = \ - resolve_plugin.h resolve_plugin.c \ - resolve_handler.h resolve_handler.c -libstrongswan_resolve_la_LDFLAGS = -module -avoid-version +endif +libstrongswan_resolve_la_SOURCES = \ + resolve_plugin.h resolve_plugin.c \ + resolve_handler.h resolve_handler.c +libstrongswan_resolve_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index 478935752..92ee85539 100644 --- a/src/charon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/resolve +subdir = src/libcharon/plugins/resolve DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_resolve_la_LIBADD = am_libstrongswan_resolve_la_OBJECTS = resolve_plugin.lo \ resolve_handler.lo @@ -81,6 +81,9 @@ libstrongswan_resolve_la_OBJECTS = \ libstrongswan_resolve_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_resolve_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_resolve_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_resolve_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,14 +257,17 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic \ - -DRESOLV_CONF=\"${resolv_conf}\" + -DRESOLV_CONF=\"${resolv_conf}\" -plugin_LTLIBRARIES = libstrongswan-resolve.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-resolve.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-resolve.la libstrongswan_resolve_la_SOURCES = \ - resolve_plugin.h resolve_plugin.c \ - resolve_handler.h resolve_handler.c + resolve_plugin.h resolve_plugin.c \ + resolve_handler.h resolve_handler.c libstrongswan_resolve_la_LDFLAGS = -module -avoid-version all: all-am @@ -276,9 +283,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/resolve/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/resolve/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -297,6 +304,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -329,7 +345,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-resolve.la: $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_DEPENDENCIES) - $(libstrongswan_resolve_la_LINK) -rpath $(plugindir) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS) + $(libstrongswan_resolve_la_LINK) $(am_libstrongswan_resolve_la_rpath) $(libstrongswan_resolve_la_OBJECTS) $(libstrongswan_resolve_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -483,8 +499,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -555,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c index 714c751a6..714c751a6 100644 --- a/src/charon/plugins/resolve/resolve_handler.c +++ b/src/libcharon/plugins/resolve/resolve_handler.c diff --git a/src/charon/plugins/resolve/resolve_handler.h b/src/libcharon/plugins/resolve/resolve_handler.h index 77bf9781c..77bf9781c 100644 --- a/src/charon/plugins/resolve/resolve_handler.h +++ b/src/libcharon/plugins/resolve/resolve_handler.h diff --git a/src/charon/plugins/resolve/resolve_plugin.c b/src/libcharon/plugins/resolve/resolve_plugin.c index c564981ef..502129593 100644 --- a/src/charon/plugins/resolve/resolve_plugin.c +++ b/src/libcharon/plugins/resolve/resolve_plugin.c @@ -16,7 +16,7 @@ #include "resolve_plugin.h" #include "resolve_handler.h" -#include <daemon.h> +#include <hydra.h> typedef struct private_resolve_plugin_t private_resolve_plugin_t; @@ -41,7 +41,7 @@ struct private_resolve_plugin_t { */ static void destroy(private_resolve_plugin_t *this) { - lib->attributes->remove_handler(lib->attributes, &this->handler->handler); + hydra->attributes->remove_handler(hydra->attributes, &this->handler->handler); this->handler->destroy(this->handler); free(this); } @@ -49,13 +49,13 @@ static void destroy(private_resolve_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *resolve_plugin_create() { private_resolve_plugin_t *this = malloc_thing(private_resolve_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; this->handler = resolve_handler_create(); - lib->attributes->add_handler(lib->attributes, &this->handler->handler); + hydra->attributes->add_handler(hydra->attributes, &this->handler->handler); return &this->public.plugin; } diff --git a/src/charon/plugins/resolve/resolve_plugin.h b/src/libcharon/plugins/resolve/resolve_plugin.h index d7e09f284..0148b10d7 100644 --- a/src/charon/plugins/resolve/resolve_plugin.h +++ b/src/libcharon/plugins/resolve/resolve_plugin.h @@ -39,9 +39,4 @@ struct resolve_plugin_t { plugin_t plugin; }; -/** - * Create a resolve_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** RESOLVE_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/smp/Makefile.am b/src/libcharon/plugins/smp/Makefile.am index a434b388b..f17235835 100644 --- a/src/charon/plugins/smp/Makefile.am +++ b/src/libcharon/plugins/smp/Makefile.am @@ -1,10 +1,17 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS} +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon ${xml_CFLAGS} AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\" +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-smp.la +else plugin_LTLIBRARIES = libstrongswan-smp.la -libstrongswan_smp_la_SOURCES = smp.h smp.c -libstrongswan_smp_la_LDFLAGS = -module -avoid-version -libstrongswan_smp_la_LIBADD = ${xml_LIBS} +endif + +libstrongswan_smp_la_SOURCES = \ + smp.h smp.c +libstrongswan_smp_la_LDFLAGS = -module -avoid-version +libstrongswan_smp_la_LIBADD = ${xml_LIBS} diff --git a/src/charon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 7512cd2f7..b88283f38 100644 --- a/src/charon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/smp +subdir = src/libcharon/plugins/smp DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = libstrongswan_smp_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_smp_la_OBJECTS = smp.lo @@ -80,6 +80,8 @@ libstrongswan_smp_la_OBJECTS = $(am_libstrongswan_smp_la_OBJECTS) libstrongswan_smp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_smp_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_smp_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_smp_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -252,10 +255,15 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon ${xml_CFLAGS} +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon ${xml_CFLAGS} + AM_CFLAGS = -rdynamic -DIPSEC_PIDDIR=\"${piddir}\" -plugin_LTLIBRARIES = libstrongswan-smp.la -libstrongswan_smp_la_SOURCES = smp.h smp.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-smp.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-smp.la +libstrongswan_smp_la_SOURCES = \ + smp.h smp.c + libstrongswan_smp_la_LDFLAGS = -module -avoid-version libstrongswan_smp_la_LIBADD = ${xml_LIBS} all: all-am @@ -271,9 +279,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/smp/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -292,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -324,7 +341,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-smp.la: $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_DEPENDENCIES) - $(libstrongswan_smp_la_LINK) -rpath $(plugindir) $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_LIBADD) $(LIBS) + $(libstrongswan_smp_la_LINK) $(am_libstrongswan_smp_la_rpath) $(libstrongswan_smp_la_OBJECTS) $(libstrongswan_smp_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -477,8 +494,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -549,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index 21e682a0a..64820eb45 100644 --- a/src/charon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -720,7 +720,7 @@ static void destroy(private_smp_t *this) /* * Described in header file */ -plugin_t *plugin_create() +plugin_t *smp_plugin_create() { struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"}; private_smp_t *this = malloc_thing(private_smp_t); diff --git a/src/charon/plugins/smp/smp.h b/src/libcharon/plugins/smp/smp.h index 5ec9f3bf8..74c85fb5f 100644 --- a/src/charon/plugins/smp/smp.h +++ b/src/libcharon/plugins/smp/smp.h @@ -42,9 +42,4 @@ struct smp_t { plugin_t plugin; }; -/** - * Create a smp plugin instance. - */ -plugin_t *plugin_create(); - #endif /** XML_H_ @}*/ diff --git a/src/libcharon/plugins/socket_default/Makefile.am b/src/libcharon/plugins/socket_default/Makefile.am new file mode 100644 index 000000000..635a1c548 --- /dev/null +++ b/src/libcharon/plugins/socket_default/Makefile.am @@ -0,0 +1,17 @@ + +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-socket-default.la +else +plugin_LTLIBRARIES = libstrongswan-socket-default.la +endif + +libstrongswan_socket_default_la_SOURCES = \ + socket_default_socket.h socket_default_socket.c \ + socket_default_plugin.h socket_default_plugin.c + +libstrongswan_socket_default_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in new file mode 100644 index 000000000..03c438acd --- /dev/null +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -0,0 +1,590 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/socket_default +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_socket_default_la_LIBADD = +am_libstrongswan_socket_default_la_OBJECTS = socket_default_socket.lo \ + socket_default_plugin.lo +libstrongswan_socket_default_la_OBJECTS = \ + $(am_libstrongswan_socket_default_la_OBJECTS) +libstrongswan_socket_default_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_socket_default_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_socket_default_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_socket_default_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_socket_default_la_SOURCES) +DIST_SOURCES = $(libstrongswan_socket_default_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-default.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-default.la +libstrongswan_socket_default_la_SOURCES = \ + socket_default_socket.h socket_default_socket.c \ + socket_default_plugin.h socket_default_plugin.c + +libstrongswan_socket_default_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-socket-default.la: $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_DEPENDENCIES) + $(libstrongswan_socket_default_la_LINK) $(am_libstrongswan_socket_default_la_rpath) $(libstrongswan_socket_default_la_OBJECTS) $(libstrongswan_socket_default_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_default_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_default_socket.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.c b/src/libcharon/plugins/socket_default/socket_default_plugin.c new file mode 100644 index 000000000..45390ddae --- /dev/null +++ b/src/libcharon/plugins/socket_default/socket_default_plugin.c @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "socket_default_plugin.h" + +#include "socket_default_socket.h" + +#include <daemon.h> + +typedef struct private_socket_default_plugin_t private_socket_default_plugin_t; + +/** + * Private data of socket plugin + */ +struct private_socket_default_plugin_t { + + /** + * Implements plugin interface + */ + socket_default_plugin_t public; + + /** + * Socket instance. + */ + socket_default_socket_t *socket; +}; + +METHOD(plugin_t, destroy, void, + private_socket_default_plugin_t *this) +{ + charon->socket->remove_socket(charon->socket, &this->socket->socket); + this->socket->destroy(this->socket); + free(this); +} + +/* + * see header file + */ +plugin_t *socket_default_plugin_create() +{ + private_socket_default_plugin_t *this; + + INIT(this, + .public.plugin.destroy = _destroy, + .socket = socket_default_socket_create(), + ); + + if (!this->socket) + { + free(this); + return NULL; + } + charon->socket->add_socket(charon->socket, &this->socket->socket); + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/socket_default/socket_default_plugin.h b/src/libcharon/plugins/socket_default/socket_default_plugin.h new file mode 100644 index 000000000..6270d93ad --- /dev/null +++ b/src/libcharon/plugins/socket_default/socket_default_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup socket_default socket_default + * @ingroup cplugins + * + * @defgroup socket_default_plugin socket_default_plugin + * @{ @ingroup socket_default + */ + +#ifndef SOCKET_DEFAULT_PLUGIN_H_ +#define SOCKET_DEFAULT_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct socket_default_plugin_t socket_default_plugin_t; + +/** + * Default socket implementation plugin. + */ +struct socket_default_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** SOCKET_DEFAULT_PLUGIN_H_ @}*/ diff --git a/src/charon/network/socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index 81f860b15..bc998182e 100644 --- a/src/charon/network/socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2006-2009 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger - * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -23,6 +23,8 @@ #define __EXTENSIONS__ #endif +#include "socket_default_socket.h" + #include <sys/types.h> #include <sys/socket.h> #include <string.h> @@ -40,11 +42,12 @@ #include <sys/sysctl.h> #endif -#include "socket.h" - #include <daemon.h> #include <threading/thread.h> +/* Maximum size of a packet */ +#define MAX_PACKET 5000 + /* length of non-esp marker */ #define MARKER_LEN sizeof(u_int32_t) @@ -82,16 +85,17 @@ static const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; #endif -typedef struct private_socket_t private_socket_t; +typedef struct private_socket_default_socket_t private_socket_default_socket_t; /** * Private data of an socket_t object */ -struct private_socket_t { +struct private_socket_default_socket_t { + /** * public functions */ - socket_t public; + socket_default_socket_t public; /** * IPv4 socket (500) @@ -114,10 +118,8 @@ struct private_socket_t { int ipv6_natt; }; -/** - * implementation of socket_t.receive - */ -static status_t receiver(private_socket_t *this, packet_t **packet) +METHOD(socket_t, receiver, status_t, + private_socket_default_socket_t *this, packet_t **packet) { char buffer[MAX_PACKET]; chunk_t data; @@ -304,10 +306,8 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return SUCCESS; } -/** - * implementation of socket_t.send - */ -status_t sender(private_socket_t *this, packet_t *packet) +METHOD(socket_t, sender, status_t, + private_socket_default_socket_t *this, packet_t *packet) { int sport, skt, family; ssize_t bytes_sent; @@ -446,7 +446,8 @@ status_t sender(private_socket_t *this, packet_t *packet) /** * open a socket to send and receive packets */ -static int open_socket(private_socket_t *this, int family, u_int16_t port) +static int open_socket(private_socket_default_socket_t *this, + int family, u_int16_t port) { int on = TRUE; struct sockaddr_storage addr; @@ -520,6 +521,12 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) } } + if (!charon->kernel_interface->bypass_socket(charon->kernel_interface, + skt, family)) + { + DBG1(DBG_NET, "installing IKE bypass policy failed"); + } + #ifndef __APPLE__ { /* enable UDP decapsulation globally, only for one socket needed */ @@ -534,68 +541,8 @@ static int open_socket(private_socket_t *this, int family, u_int16_t port) return skt; } -/** - * enumerator for underlying sockets - */ -typedef struct { - /** implements enumerator_t */ - enumerator_t public; - /** sockets we enumerate */ - private_socket_t *socket; - /** counter */ - int index; -} socket_enumerator_t; - -/** - * enumerate function for socket_enumerator_t - */ -static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port) -{ - static const struct { - int fd_offset; - int family; - int port; - } sockets[] = { - { offsetof(private_socket_t, ipv4), AF_INET, IKEV2_UDP_PORT }, - { offsetof(private_socket_t, ipv6), AF_INET6, IKEV2_UDP_PORT }, - { offsetof(private_socket_t, ipv4_natt), AF_INET, IKEV2_NATT_PORT }, - { offsetof(private_socket_t, ipv6_natt), AF_INET6, IKEV2_NATT_PORT } - }; - - while(++this->index < countof(sockets)) - { - int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset); - if (!sock) - { - continue; - } - *fd = sock; - *family = sockets[this->index].family; - *port = sockets[this->index].port; - return TRUE; - } - return FALSE; -} - -/** - * implementation of socket_t.create_enumerator - */ -static enumerator_t *create_enumerator(private_socket_t *this) -{ - socket_enumerator_t *enumerator; - - enumerator = malloc_thing(socket_enumerator_t); - enumerator->index = -1; - enumerator->socket = this; - enumerator->public.enumerate = (void*)enumerate; - enumerator->public.destroy = (void*)free; - return &enumerator->public; -} - -/** - * implementation of socket_t.destroy - */ -static void destroy(private_socket_t *this) +METHOD(socket_default_socket_t, destroy, void, + private_socket_default_socket_t *this) { if (this->ipv4) { @@ -619,20 +566,19 @@ static void destroy(private_socket_t *this) /* * See header for description */ -socket_t *socket_create() +socket_default_socket_t *socket_default_socket_create() { - private_socket_t *this = malloc_thing(private_socket_t); - - /* public functions */ - this->public.send = (status_t(*)(socket_t*, packet_t*))sender; - this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver; - this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator; - this->public.destroy = (void(*)(socket_t*)) destroy; - - this->ipv4 = 0; - this->ipv6 = 0; - this->ipv4_natt = 0; - this->ipv6_natt = 0; + private_socket_default_socket_t *this; + + INIT(this, + .public = { + .socket = { + .send = _sender, + .receive = _receiver, + }, + .destroy = _destroy, + }, + ); #ifdef __APPLE__ { @@ -678,8 +624,8 @@ socket_t *socket_create() { DBG1(DBG_NET, "could not create any sockets"); destroy(this); - charon->kill(charon, "socket initialization failed"); + return NULL; } - return (socket_t*)this; + return &this->public; } diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.h b/src/libcharon/plugins/socket_default/socket_default_socket.h new file mode 100644 index 000000000..755016662 --- /dev/null +++ b/src/libcharon/plugins/socket_default/socket_default_socket.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup socket_default_socket socket_default_socket + * @{ @ingroup socket_default + */ + +#ifndef SOCKET_DEFAULT_SOCKET_H_ +#define SOCKET_DEFAULT_SOCKET_H_ + +typedef struct socket_default_socket_t socket_default_socket_t; + +#include <network/socket.h> + +/** + * Default socket, binds to port 500/4500 using any IPv4/IPv6 address. + */ +struct socket_default_socket_t { + + /** + * Implements the socket_t interface. + */ + socket_t socket; + + /** + * Destroy a socket_default_socket_t. + */ + void (*destroy)(socket_default_socket_t *this); +}; + +/** + * Create a socket_default_socket instance. + */ +socket_default_socket_t *socket_default_socket_create(); + +#endif /** SOCKET_DEFAULT_SOCKET_H_ @}*/ diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.am b/src/libcharon/plugins/socket_dynamic/Makefile.am new file mode 100644 index 000000000..914945535 --- /dev/null +++ b/src/libcharon/plugins/socket_dynamic/Makefile.am @@ -0,0 +1,17 @@ + +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-socket-dynamic.la +else +plugin_LTLIBRARIES = libstrongswan-socket-dynamic.la +endif + +libstrongswan_socket_dynamic_la_SOURCES = \ + socket_dynamic_plugin.h socket_dynamic_plugin.c \ + socket_dynamic_socket.h socket_dynamic_socket.c + +libstrongswan_socket_dynamic_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in new file mode 100644 index 000000000..3a5fb3778 --- /dev/null +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -0,0 +1,590 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/socket_dynamic +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_socket_dynamic_la_LIBADD = +am_libstrongswan_socket_dynamic_la_OBJECTS = socket_dynamic_plugin.lo \ + socket_dynamic_socket.lo +libstrongswan_socket_dynamic_la_OBJECTS = \ + $(am_libstrongswan_socket_dynamic_la_OBJECTS) +libstrongswan_socket_dynamic_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_socket_dynamic_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_socket_dynamic_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_socket_dynamic_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_socket_dynamic_la_SOURCES) +DIST_SOURCES = $(libstrongswan_socket_dynamic_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-dynamic.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-dynamic.la +libstrongswan_socket_dynamic_la_SOURCES = \ + socket_dynamic_plugin.h socket_dynamic_plugin.c \ + socket_dynamic_socket.h socket_dynamic_socket.c + +libstrongswan_socket_dynamic_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-socket-dynamic.la: $(libstrongswan_socket_dynamic_la_OBJECTS) $(libstrongswan_socket_dynamic_la_DEPENDENCIES) + $(libstrongswan_socket_dynamic_la_LINK) $(am_libstrongswan_socket_dynamic_la_rpath) $(libstrongswan_socket_dynamic_la_OBJECTS) $(libstrongswan_socket_dynamic_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_dynamic_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_dynamic_socket.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c new file mode 100644 index 000000000..3410fc7a4 --- /dev/null +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.c @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "socket_dynamic_plugin.h" + +#include "socket_dynamic_socket.h" + +#include <daemon.h> + +typedef struct private_socket_dynamic_plugin_t private_socket_dynamic_plugin_t; + +/** + * Private data of socket plugin + */ +struct private_socket_dynamic_plugin_t { + + /** + * Implements plugin interface + */ + socket_dynamic_plugin_t public; + + /** + * Socket instance. + */ + socket_dynamic_socket_t *socket; +}; + +METHOD(plugin_t, destroy, void, + private_socket_dynamic_plugin_t *this) +{ + charon->socket->remove_socket(charon->socket, &this->socket->socket); + this->socket->destroy(this->socket); + free(this); +} + +/* + * see header file + */ +plugin_t *socket_dynamic_plugin_create() +{ + private_socket_dynamic_plugin_t *this; + + INIT(this, + .public.plugin.destroy = _destroy, + .socket = socket_dynamic_socket_create(), + ); + + if (!this->socket) + { + free(this); + return NULL; + } + charon->socket->add_socket(charon->socket, &this->socket->socket); + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h new file mode 100644 index 000000000..8d870795f --- /dev/null +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup socket_dynamic socket_dynamic + * @ingroup cplugins + * + * @defgroup socket_dynamic_plugin socket_dynamic_plugin + * @{ @ingroup socket_dynamic + */ + +#ifndef SOCKET_DYNAMIC_PLUGIN_H_ +#define SOCKET_DYNAMIC_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct socket_dynamic_plugin_t socket_dynamic_plugin_t; + +/** + * Plugin providing a socket that binds ports dynamically. + */ +struct socket_dynamic_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** SOCKET_DYNAMIC_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c new file mode 100644 index 000000000..a7db59ce5 --- /dev/null +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c @@ -0,0 +1,620 @@ +/* + * Copyright (C) 2006-2009 Tobias Brunner + * Copyright (C) 2006 Daniel Roethlisberger + * Copyright (C) 2005-2010 Martin Willi + * Copyright (C) 2005 Jan Hutter + * Hochschule fuer Technik Rapperswil + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/* for struct in6_pktinfo */ +#define _GNU_SOURCE + +#include "socket_dynamic_socket.h" + +#include <sys/types.h> +#include <sys/socket.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <stdlib.h> +#include <fcntl.h> +#include <sys/ioctl.h> +#include <netinet/in_systm.h> +#include <netinet/in.h> +#include <netinet/ip.h> +#include <netinet/udp.h> +#include <net/if.h> + +#include <daemon.h> +#include <threading/thread.h> +#include <threading/rwlock.h> +#include <utils/hashtable.h> + +/* Maximum size of a packet */ +#define MAX_PACKET 5000 + +/* length of non-esp marker */ +#define MARKER_LEN sizeof(u_int32_t) + +/* from linux/udp.h */ +#ifndef UDP_ENCAP +#define UDP_ENCAP 100 +#endif /*UDP_ENCAP*/ + +#ifndef UDP_ENCAP_ESPINUDP +#define UDP_ENCAP_ESPINUDP 2 +#endif /*UDP_ENCAP_ESPINUDP*/ + +/* these are not defined on some platforms */ +#ifndef SOL_IP +#define SOL_IP IPPROTO_IP +#endif +#ifndef SOL_IPV6 +#define SOL_IPV6 IPPROTO_IPV6 +#endif +#ifndef SOL_UDP +#define SOL_UDP IPPROTO_UDP +#endif + +/* IPV6_RECVPKTINFO is defined in RFC 3542 which obsoletes RFC 2292 that + * previously defined IPV6_PKTINFO */ +#ifndef IPV6_RECVPKTINFO +#define IPV6_RECVPKTINFO IPV6_PKTINFO +#endif + +typedef struct private_socket_dynamic_socket_t private_socket_dynamic_socket_t; +typedef struct dynsock_t dynsock_t; + +/** + * Private data of an socket_t object + */ +struct private_socket_dynamic_socket_t { + + /** + * public functions + */ + socket_dynamic_socket_t public; + + /** + * Hashtable of bound sockets + */ + hashtable_t *sockets; + + /** + * Lock for sockets hashtable + */ + rwlock_t *lock; + + /** + * Notification pipe to signal receiver + */ + int notify[2]; +}; + +/** + * Struct for a dynamically allocated socket + */ +struct dynsock_t { + + /** + * File descriptor of socket + */ + int fd; + + /** + * Address family + */ + int family; + + /** + * Bound source port + */ + u_int16_t port; +}; + +/** + * Hash function for hashtable + */ +static u_int hash(dynsock_t *key) +{ + return (key->family << 16) | key->port; +} + +/** + * Equals function for hashtable + */ +static bool equals(dynsock_t *a, dynsock_t *b) +{ + return a->family == b->family && a->port == b->port; +} + +/** + * Create a fd_set from all bound sockets + */ +static int build_fds(private_socket_dynamic_socket_t *this, fd_set *fds) +{ + enumerator_t *enumerator; + dynsock_t *key, *value; + int maxfd; + + FD_ZERO(fds); + FD_SET(this->notify[0], fds); + maxfd = this->notify[0]; + + this->lock->read_lock(this->lock); + enumerator = this->sockets->create_enumerator(this->sockets); + while (enumerator->enumerate(enumerator, &key, &value)) + { + FD_SET(value->fd, fds); + maxfd = max(maxfd, value->fd); + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + + return maxfd + 1; +} + +/** + * Find the socket select()ed + */ +static dynsock_t* scan_fds(private_socket_dynamic_socket_t *this, fd_set *fds) +{ + enumerator_t *enumerator; + dynsock_t *key, *value, *selected = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->sockets->create_enumerator(this->sockets); + while (enumerator->enumerate(enumerator, &key, &value)) + { + if (FD_ISSET(value->fd, fds)) + { + selected = value; + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + + return selected; +} + +/** + * Receive a packet from a given socket fd + */ +static packet_t *receive_packet(private_socket_dynamic_socket_t *this, + dynsock_t *skt) +{ + host_t *source = NULL, *dest = NULL; + ssize_t len; + char buffer[MAX_PACKET]; + chunk_t data; + packet_t *packet; + struct msghdr msg; + struct cmsghdr *cmsgptr; + struct iovec iov; + char ancillary[64]; + union { + struct sockaddr_in in4; + struct sockaddr_in6 in6; + } src; + + msg.msg_name = &src; + msg.msg_namelen = sizeof(src); + iov.iov_base = buffer; + iov.iov_len = sizeof(buffer); + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = ancillary; + msg.msg_controllen = sizeof(ancillary); + msg.msg_flags = 0; + len = recvmsg(skt->fd, &msg, 0); + if (len < 0) + { + DBG1(DBG_NET, "error reading socket: %s", strerror(errno)); + return NULL; + } + DBG3(DBG_NET, "received packet %b", buffer, len); + + if (len < MARKER_LEN) + { + DBG3(DBG_NET, "received packet too short (%d bytes)", len); + return NULL; + } + + /* read ancillary data to get destination address */ + for (cmsgptr = CMSG_FIRSTHDR(&msg); cmsgptr != NULL; + cmsgptr = CMSG_NXTHDR(&msg, cmsgptr)) + { + if (cmsgptr->cmsg_len == 0) + { + DBG1(DBG_NET, "error reading ancillary data"); + return NULL; + } + + if (cmsgptr->cmsg_level == SOL_IPV6 && + cmsgptr->cmsg_type == IPV6_PKTINFO) + { + struct in6_pktinfo *pktinfo; + struct sockaddr_in6 dst; + + pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr); + memset(&dst, 0, sizeof(dst)); + memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr)); + dst.sin6_family = AF_INET6; + dst.sin6_port = htons(skt->port); + dest = host_create_from_sockaddr((sockaddr_t*)&dst); + } + if (cmsgptr->cmsg_level == SOL_IP && + cmsgptr->cmsg_type == IP_PKTINFO) + { + struct in_pktinfo *pktinfo; + struct sockaddr_in dst; + + pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr); + memset(&dst, 0, sizeof(dst)); + memcpy(&dst.sin_addr, &pktinfo->ipi_addr, sizeof(dst.sin_addr)); + + dst.sin_family = AF_INET; + dst.sin_port = htons(skt->port); + dest = host_create_from_sockaddr((sockaddr_t*)&dst); + } + if (dest) + { + break; + } + } + if (dest == NULL) + { + DBG1(DBG_NET, "error reading IP header"); + return NULL; + } + source = host_create_from_sockaddr((sockaddr_t*)&src); + DBG2(DBG_NET, "received packet: from %#H to %#H", source, dest); + data = chunk_create(buffer, len); + + packet = packet_create(); + packet->set_source(packet, source); + packet->set_destination(packet, dest); + /* we assume a non-ESP marker if none of the ports is on 500 */ + if (dest->get_port(dest) != IKEV2_UDP_PORT && + source->get_port(source) != IKEV2_UDP_PORT) + { + data = chunk_skip(data, MARKER_LEN); + } + packet->set_data(packet, chunk_clone(data)); + return packet; +} + +METHOD(socket_t, receiver, status_t, + private_socket_dynamic_socket_t *this, packet_t **packet) +{ + dynsock_t *selected; + packet_t *pkt; + bool oldstate; + fd_set fds; + int maxfd; + + while (TRUE) + { + maxfd = build_fds(this, &fds); + + DBG2(DBG_NET, "waiting for data on sockets"); + oldstate = thread_cancelability(TRUE); + if (select(maxfd, &fds, NULL, NULL, NULL) <= 0) + { + thread_cancelability(oldstate); + return FAILED; + } + thread_cancelability(oldstate); + + if (FD_ISSET(this->notify[0], &fds)) + { /* got notified, read garbage, rebuild fdset */ + char buf[1]; + + ignore_result(read(this->notify[0], buf, sizeof(buf))); + DBG2(DBG_NET, "rebuilding fdset due to newly bound ports"); + continue; + } + selected = scan_fds(this, &fds); + if (selected) + { + break; + } + } + pkt = receive_packet(this, selected); + if (pkt) + { + *packet = pkt; + return SUCCESS; + } + return FAILED; +} + +/** + * open a socket to send and receive packets + */ +static int open_socket(private_socket_dynamic_socket_t *this, + int family, u_int16_t port) +{ + int on = TRUE, type = UDP_ENCAP_ESPINUDP; + struct sockaddr_storage addr; + socklen_t addrlen; + u_int sol, pktinfo = 0; + int fd; + + memset(&addr, 0, sizeof(addr)); + /* precalculate constants depending on address family */ + switch (family) + { + case AF_INET: + { + struct sockaddr_in *sin = (struct sockaddr_in *)&addr; + sin->sin_family = AF_INET; + sin->sin_addr.s_addr = INADDR_ANY; + sin->sin_port = htons(port); + addrlen = sizeof(struct sockaddr_in); + sol = SOL_IP; + pktinfo = IP_PKTINFO; + break; + } + case AF_INET6: + { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&addr; + sin6->sin6_family = AF_INET6; + memset(&sin6->sin6_addr, 0, sizeof(sin6->sin6_addr)); + sin6->sin6_port = htons(port); + addrlen = sizeof(struct sockaddr_in6); + sol = SOL_IPV6; + pktinfo = IPV6_RECVPKTINFO; + break; + } + default: + return 0; + } + + fd = socket(family, SOCK_DGRAM, IPPROTO_UDP); + if (fd < 0) + { + DBG1(DBG_NET, "could not open socket: %s", strerror(errno)); + return 0; + } + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (void*)&on, sizeof(on)) < 0) + { + DBG1(DBG_NET, "unable to set SO_REUSEADDR on socket: %s", strerror(errno)); + close(fd); + return 0; + } + + /* bind the socket */ + if (bind(fd, (struct sockaddr *)&addr, addrlen) < 0) + { + DBG1(DBG_NET, "unable to bind socket: %s", strerror(errno)); + close(fd); + return 0; + } + + /* get additional packet info on receive */ + if (setsockopt(fd, sol, pktinfo, &on, sizeof(on)) < 0) + { + DBG1(DBG_NET, "unable to set IP_PKTINFO on socket: %s", strerror(errno)); + close(fd); + return 0; + } + + if (!charon->kernel_interface->bypass_socket(charon->kernel_interface, + fd, family)) + { + DBG1(DBG_NET, "installing IKE bypass policy failed"); + } + + /* enable UDP decapsulation on each socket */ + if (setsockopt(fd, SOL_UDP, UDP_ENCAP, &type, sizeof(type)) < 0) + { + DBG1(DBG_NET, "unable to set UDP_ENCAP: %s", strerror(errno)); + } + return fd; +} + +/** + * Find/Create a socket to send from host + */ +static dynsock_t *find_socket(private_socket_dynamic_socket_t *this, + int family, u_int16_t port) +{ + dynsock_t *skt, lookup = { + .family = family, + .port = port, + }; + char buf[] = {0x01}; + int fd; + + this->lock->read_lock(this->lock); + skt = this->sockets->get(this->sockets, &lookup); + this->lock->unlock(this->lock); + if (skt) + { + return skt; + } + fd = open_socket(this, family, port); + if (!fd) + { + return NULL; + } + INIT(skt, + .family = family, + .port = port, + .fd = fd, + ); + this->lock->write_lock(this->lock); + this->sockets->put(this->sockets, skt, skt); + this->lock->unlock(this->lock); + /* notify receiver thread to reread socket list */ + ignore_result(write(this->notify[1], buf, sizeof(buf))); + + return skt; +} + +METHOD(socket_t, sender, status_t, + private_socket_dynamic_socket_t *this, packet_t *packet) +{ + dynsock_t *skt; + host_t *src, *dst; + int port, family; + ssize_t len; + chunk_t data, marked; + struct msghdr msg; + struct cmsghdr *cmsg; + struct iovec iov; + + src = packet->get_source(packet); + dst = packet->get_destination(packet); + family = src->get_family(src); + port = src->get_port(src); + skt = find_socket(this, family, port); + if (!skt) + { + return FAILED; + } + + data = packet->get_data(packet); + DBG2(DBG_NET, "sending packet: from %#H to %#H", src, dst); + + /* use non-ESP marker if none of the ports is 500, not for keep alives */ + if (port != IKEV2_UDP_PORT && dst->get_port(dst) != IKEV2_UDP_PORT && + !(data.len == 1 && data.ptr[0] == 0xFF)) + { + /* add non esp marker to packet */ + if (data.len > MAX_PACKET - MARKER_LEN) + { + DBG1(DBG_NET, "unable to send packet: it's too big (%d bytes)", + data.len); + return FAILED; + } + marked = chunk_alloc(data.len + MARKER_LEN); + memset(marked.ptr, 0, MARKER_LEN); + memcpy(marked.ptr + MARKER_LEN, data.ptr, data.len); + /* let the packet do the clean up for us */ + packet->set_data(packet, marked); + data = marked; + } + + memset(&msg, 0, sizeof(struct msghdr)); + msg.msg_name = dst->get_sockaddr(dst);; + msg.msg_namelen = *dst->get_sockaddr_len(dst); + iov.iov_base = data.ptr; + iov.iov_len = data.len; + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_flags = 0; + + if (!src->is_anyaddr(src)) + { + if (family == AF_INET) + { + struct in_addr *addr; + struct sockaddr_in *sin; + char buf[CMSG_SPACE(sizeof(struct in_pktinfo))]; + struct in_pktinfo *pktinfo; + + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_IP; + cmsg->cmsg_type = IP_PKTINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); + pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg); + memset(pktinfo, 0, sizeof(struct in_pktinfo)); + addr = &pktinfo->ipi_spec_dst; + sin = (struct sockaddr_in*)src->get_sockaddr(src); + memcpy(addr, &sin->sin_addr, sizeof(struct in_addr)); + } + else + { + char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; + struct in6_pktinfo *pktinfo; + struct sockaddr_in6 *sin; + + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_IPV6; + cmsg->cmsg_type = IPV6_PKTINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); + pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg); + memset(pktinfo, 0, sizeof(struct in6_pktinfo)); + sin = (struct sockaddr_in6*)src->get_sockaddr(src); + memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); + } + } + + len = sendmsg(skt->fd, &msg, 0); + if (len != data.len) + { + DBG1(DBG_NET, "error writing to socket: %s", strerror(errno)); + return FAILED; + } + return SUCCESS; +} + +METHOD(socket_dynamic_socket_t, destroy, void, + private_socket_dynamic_socket_t *this) +{ + enumerator_t *enumerator; + dynsock_t *key, *value; + + enumerator = this->sockets->create_enumerator(this->sockets); + while (enumerator->enumerate(enumerator, &key, &value)) + { + close(value->fd); + free(value); + } + enumerator->destroy(enumerator); + this->sockets->destroy(this->sockets); + this->lock->destroy(this->lock); + + close(this->notify[0]); + close(this->notify[1]); + free(this); +} + +/* + * See header for description + */ +socket_dynamic_socket_t *socket_dynamic_socket_create() +{ + private_socket_dynamic_socket_t *this; + + INIT(this, + .public = { + .socket = { + .send = _sender, + .receive = _receiver, + }, + .destroy = _destroy, + }, + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + if (pipe(this->notify) != 0) + { + DBG1(DBG_NET, "creating notify pipe for dynamic socket failed"); + free(this); + return NULL; + } + + this->sockets = hashtable_create((void*)hash, (void*)equals, 8); + + return &this->public; +} + diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h new file mode 100644 index 000000000..72551e545 --- /dev/null +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup socket_dynamic_socket socket_dynamic_socket + * @{ @ingroup socket_dynamic + */ + +#ifndef SOCKET_DYNAMIC_SOCKET_H_ +#define SOCKET_DYNAMIC_SOCKET_H_ + +typedef struct socket_dynamic_socket_t socket_dynamic_socket_t; + +#include <network/socket.h> + +/** + * A socket implementation binding to ports on demand as required. + */ +struct socket_dynamic_socket_t { + + /** + * Implements the socket_t interface. + */ + socket_t socket; + + /** + * Destroy a socket_dynamic_socket_t. + */ + void (*destroy)(socket_dynamic_socket_t *this); +}; + +/** + * Create a socket_dynamic_socket instance. + */ +socket_dynamic_socket_t *socket_dynamic_socket_create(); + +#endif /** SOCKET_DYNAMIC_SOCKET_H_ @}*/ diff --git a/src/libcharon/plugins/socket_raw/Makefile.am b/src/libcharon/plugins/socket_raw/Makefile.am new file mode 100644 index 000000000..2109ae5f3 --- /dev/null +++ b/src/libcharon/plugins/socket_raw/Makefile.am @@ -0,0 +1,17 @@ + +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-socket-raw.la +else +plugin_LTLIBRARIES = libstrongswan-socket-raw.la +endif + +libstrongswan_socket_raw_la_SOURCES = \ + socket_raw_plugin.h socket_raw_plugin.c \ + socket_raw_socket.h socket_raw_socket.c + +libstrongswan_socket_raw_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/socket_raw/Makefile.in b/src/libcharon/plugins/socket_raw/Makefile.in new file mode 100644 index 000000000..65ad6a7a9 --- /dev/null +++ b/src/libcharon/plugins/socket_raw/Makefile.in @@ -0,0 +1,590 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libcharon/plugins/socket_raw +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_socket_raw_la_LIBADD = +am_libstrongswan_socket_raw_la_OBJECTS = socket_raw_plugin.lo \ + socket_raw_socket.lo +libstrongswan_socket_raw_la_OBJECTS = \ + $(am_libstrongswan_socket_raw_la_OBJECTS) +libstrongswan_socket_raw_la_LINK = $(LIBTOOL) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_socket_raw_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_socket_raw_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_socket_raw_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_socket_raw_la_SOURCES) +DIST_SOURCES = $(libstrongswan_socket_raw_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-socket-raw.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-socket-raw.la +libstrongswan_socket_raw_la_SOURCES = \ + socket_raw_plugin.h socket_raw_plugin.c \ + socket_raw_socket.h socket_raw_socket.c + +libstrongswan_socket_raw_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_raw/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libcharon/plugins/socket_raw/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-socket-raw.la: $(libstrongswan_socket_raw_la_OBJECTS) $(libstrongswan_socket_raw_la_DEPENDENCIES) + $(libstrongswan_socket_raw_la_LINK) $(am_libstrongswan_socket_raw_la_rpath) $(libstrongswan_socket_raw_la_OBJECTS) $(libstrongswan_socket_raw_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_raw_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/socket_raw_socket.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libcharon/plugins/socket_raw/socket_raw_plugin.c b/src/libcharon/plugins/socket_raw/socket_raw_plugin.c new file mode 100644 index 000000000..5b011abcf --- /dev/null +++ b/src/libcharon/plugins/socket_raw/socket_raw_plugin.c @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "socket_raw_plugin.h" + +#include "socket_raw_socket.h" + +#include <daemon.h> + +typedef struct private_socket_raw_plugin_t private_socket_raw_plugin_t; + +/** + * Private data of socket plugin + */ +struct private_socket_raw_plugin_t { + + /** + * Implements plugin interface + */ + socket_raw_plugin_t public; + + /** + * Raw socket instance. + */ + socket_raw_socket_t *socket; +}; + +METHOD(plugin_t, destroy, void, + private_socket_raw_plugin_t *this) +{ + charon->socket->remove_socket(charon->socket, &this->socket->socket); + this->socket->destroy(this->socket); + free(this); +} + +/* + * see header file + */ +plugin_t *socket_raw_plugin_create() +{ + private_socket_raw_plugin_t *this; + + INIT(this, + .public.plugin.destroy = _destroy, + .socket = socket_raw_socket_create(), + ); + + if (!this->socket) + { + free(this); + return NULL; + } + charon->socket->add_socket(charon->socket, &this->socket->socket); + + return &this->public.plugin; +} + diff --git a/src/libcharon/plugins/socket_raw/socket_raw_plugin.h b/src/libcharon/plugins/socket_raw/socket_raw_plugin.h new file mode 100644 index 000000000..a692b7594 --- /dev/null +++ b/src/libcharon/plugins/socket_raw/socket_raw_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup socket_raw socket_raw + * @ingroup cplugins + * + * @defgroup socket_raw_plugin socket_raw_plugin + * @{ @ingroup socket_raw + */ + +#ifndef SOCKET_RAW_PLUGIN_H_ +#define SOCKET_RAW_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct socket_raw_plugin_t socket_raw_plugin_t; + +/** + * RAW socket implementation plugin. + */ +struct socket_raw_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** SOCKET_RAW_PLUGIN_H_ @}*/ diff --git a/src/charon/network/socket-raw.c b/src/libcharon/plugins/socket_raw/socket_raw_socket.c index 6cc0463b2..e0155fa87 100644 --- a/src/charon/network/socket-raw.c +++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2006 Tobias Brunner, Daniel Roethlisberger - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -18,6 +18,8 @@ /* for struct in6_pktinfo */ #define _GNU_SOURCE +#include "socket_raw_socket.h" + #include <sys/types.h> #include <sys/socket.h> #include <string.h> @@ -34,11 +36,12 @@ #include <linux/filter.h> #include <net/if.h> -#include "socket.h" - #include <daemon.h> #include <threading/thread.h> +/* Maximum size of a packet */ +#define MAX_PACKET 5000 + /* constants for packet handling */ #define IP_LEN sizeof(struct iphdr) #define IP6_LEN sizeof(struct ip6_hdr) @@ -65,62 +68,61 @@ #define IPV6_2292PKTINFO 2 #endif /*IPV6_2292PKTINFO*/ -typedef struct private_socket_t private_socket_t; +typedef struct private_socket_raw_socket_t private_socket_raw_socket_t; /** * Private data of an socket_t object */ -struct private_socket_t{ +struct private_socket_raw_socket_t { + /** * public functions */ - socket_t public; - - /** - * regular port - */ - int port; - - /** - * port used for nat-t - */ - int natt_port; - - /** - * raw receiver socket for IPv4 - */ - int recv4; - - /** - * raw receiver socket for IPv6 - */ - int recv6; - - /** - * send socket on regular port for IPv4 - */ - int send4; - - /** - * send socket on regular port for IPv6 - */ - int send6; - - /** - * send socket on nat-t port for IPv4 - */ - int send4_natt; - - /** - * send socket on nat-t port for IPv6 - */ - int send6_natt; + socket_raw_socket_t public; + + /** + * regular port + */ + int port; + + /** + * port used for nat-t + */ + int natt_port; + + /** + * raw receiver socket for IPv4 + */ + int recv4; + + /** + * raw receiver socket for IPv6 + */ + int recv6; + + /** + * send socket on regular port for IPv4 + */ + int send4; + + /** + * send socket on regular port for IPv6 + */ + int send6; + + /** + * send socket on nat-t port for IPv4 + */ + int send4_natt; + + /** + * send socket on nat-t port for IPv6 + */ + int send6_natt; }; -/** - * implementation of socket_t.receive - */ -static status_t receiver(private_socket_t *this, packet_t **packet) +METHOD(socket_t, receiver, status_t, + private_socket_raw_socket_t *this, packet_t **packet) { char buffer[MAX_PACKET]; chunk_t data; @@ -296,10 +298,8 @@ static status_t receiver(private_socket_t *this, packet_t **packet) return SUCCESS; } -/** - * implementation of socket_t.send - */ -status_t sender(private_socket_t *this, packet_t *packet) +METHOD(socket_t, sender, status_t, + private_socket_raw_socket_t *this, packet_t *packet) { int sport, skt, family; ssize_t bytes_sent; @@ -423,7 +423,8 @@ status_t sender(private_socket_t *this, packet_t *packet) /** * open a socket to send packets */ -static int open_send_socket(private_socket_t *this, int family, u_int16_t port) +static int open_send_socket(private_socket_raw_socket_t *this, + int family, u_int16_t port) { int on = TRUE; int type = UDP_ENCAP_ESPINUDP; @@ -491,13 +492,19 @@ static int open_send_socket(private_socket_t *this, int family, u_int16_t port) } } + if (!charon->kernel_interface->bypass_socket(charon->kernel_interface, + skt, family)) + { + DBG1(DBG_NET, "installing bypass policy on send socket failed"); + } + return skt; } /** * open a socket to receive packets */ -static int open_recv_socket(private_socket_t *this, int family) +static int open_recv_socket(private_socket_raw_socket_t *this, int family) { int skt; int on = TRUE; @@ -589,73 +596,17 @@ static int open_recv_socket(private_socket_t *this, int family) return 0; } - return skt; -} - -/** - * enumerator for underlying sockets - */ -typedef struct { - /** implements enumerator_t */ - enumerator_t public; - /** sockets we enumerate */ - private_socket_t *socket; - /** counter */ - int index; -} socket_enumerator_t; - -/** - * enumerate function for socket_enumerator_t - */ -static bool enumerate(socket_enumerator_t *this, int *fd, int *family, int *port) -{ - static const struct { - int fd_offset; - int family; - int port; - } sockets[] = { - { offsetof(private_socket_t, recv4), AF_INET, IKEV2_UDP_PORT }, - { offsetof(private_socket_t, recv6), AF_INET6, IKEV2_UDP_PORT }, - { offsetof(private_socket_t, send4), AF_INET, IKEV2_UDP_PORT }, - { offsetof(private_socket_t, send6), AF_INET6, IKEV2_UDP_PORT }, - { offsetof(private_socket_t, send4_natt), AF_INET, IKEV2_NATT_PORT }, - { offsetof(private_socket_t, send6_natt), AF_INET6, IKEV2_NATT_PORT } - }; - - while(++this->index < countof(sockets)) + if (!charon->kernel_interface->bypass_socket(charon->kernel_interface, + skt, family)) { - int sock = *(int*)((char*)this->socket + sockets[this->index].fd_offset); - if (!sock) - { - continue; - } - *fd = sock; - *family = sockets[this->index].family; - *port = sockets[this->index].port; - return TRUE; + DBG1(DBG_NET, "installing bypass policy on receive socket failed"); } - return FALSE; -} -/** - * implementation of socket_t.create_enumerator - */ -static enumerator_t *create_enumerator(private_socket_t *this) -{ - socket_enumerator_t *enumerator; - - enumerator = malloc_thing(socket_enumerator_t); - enumerator->index = -1; - enumerator->socket = this; - enumerator->public.enumerate = (void*)enumerate; - enumerator->public.destroy = (void*)free; - return &enumerator->public; + return skt; } -/** - * implementation of socket_t.destroy - */ -static void destroy(private_socket_t *this) +METHOD(socket_raw_socket_t, destroy, void, + private_socket_raw_socket_t *this) { if (this->recv4) { @@ -687,22 +638,19 @@ static void destroy(private_socket_t *this) /* * See header for description */ -socket_t *socket_create() +socket_raw_socket_t *socket_raw_socket_create() { - private_socket_t *this = malloc_thing(private_socket_t); - - /* public functions */ - this->public.send = (status_t(*)(socket_t*, packet_t*))sender; - this->public.receive = (status_t(*)(socket_t*, packet_t**))receiver; - this->public.create_enumerator = (enumerator_t*(*)(socket_t*))create_enumerator; - this->public.destroy = (void(*)(socket_t*)) destroy; - - this->recv4 = 0; - this->recv6 = 0; - this->send4 = 0; - this->send6 = 0; - this->send4_natt = 0; - this->send6_natt = 0; + private_socket_raw_socket_t *this; + + INIT(this, + .public = { + .socket = { + .send = _sender, + .receive = _receiver, + }, + .destroy = _destroy, + }, + ); this->recv4 = open_recv_socket(this, AF_INET); if (this->recv4 == 0) @@ -754,8 +702,8 @@ socket_t *socket_create() { DBG1(DBG_NET, "could not create any sockets"); destroy(this); - charon->kill(charon, "socket initialization failed"); + return NULL; } - return (socket_t*)this; + return &this->public; } diff --git a/src/libcharon/plugins/socket_raw/socket_raw_socket.h b/src/libcharon/plugins/socket_raw/socket_raw_socket.h new file mode 100644 index 000000000..94cf666e8 --- /dev/null +++ b/src/libcharon/plugins/socket_raw/socket_raw_socket.h @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup socket_raw_socket socket_raw_socket + * @{ @ingroup socket_raw + */ + +#ifndef SOCKET_RAW_SOCKET_H_ +#define SOCKET_RAW_SOCKET_H_ + +typedef struct socket_raw_socket_t socket_raw_socket_t; + +#include <network/socket.h> + +/** + * Raw socket, binds to port 500/4500 using any IPv4/IPv6 address. + * + * This imeplementation uses raw sockets to allow binding of other daemons + * (pluto) to UDP/500/4500. An installed "Linux socket filter" filters out + * all non-IKEv2 traffic and handles just IKEv2 messages. An other daemon + * must handle all traffic separately, e.g. ignore IKEv2 traffic, since charon + * handles that. + */ +struct socket_raw_socket_t { + + /** + * Implements the socket_t interface. + */ + socket_t socket; + + /** + * Destroy a socket_raw_socket_t. + */ + void (*destroy)(socket_raw_socket_t *this); +}; + +/** + * Create a socket_raw_socket instance. + */ +socket_raw_socket_t *socket_raw_socket_create(); + +#endif /** SOCKET_RAW_SOCKET_H_ @}*/ diff --git a/src/charon/plugins/sql/Makefile.am b/src/libcharon/plugins/sql/Makefile.am index 60135bf08..68b7e8cb2 100644 --- a/src/charon/plugins/sql/Makefile.am +++ b/src/libcharon/plugins/sql/Makefile.am @@ -1,12 +1,18 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic \ -DPLUGINS=\""${libstrongswan_plugins}\"" +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-sql.la +else plugin_LTLIBRARIES = libstrongswan-sql.la +endif + libstrongswan_sql_la_SOURCES = \ - sql_plugin.h sql_plugin.c sql_config.h sql_config.c \ - sql_cred.h sql_cred.c sql_logger.h sql_logger.c -libstrongswan_sql_la_LDFLAGS = -module -avoid-version + sql_plugin.h sql_plugin.c sql_config.h sql_config.c \ + sql_cred.h sql_cred.c sql_logger.h sql_logger.c +libstrongswan_sql_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index ef9c33a1c..5803dc898 100644 --- a/src/charon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/sql +subdir = src/libcharon/plugins/sql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_sql_la_LIBADD = am_libstrongswan_sql_la_OBJECTS = sql_plugin.lo sql_config.lo \ sql_cred.lo sql_logger.lo @@ -80,6 +80,8 @@ libstrongswan_sql_la_OBJECTS = $(am_libstrongswan_sql_la_OBJECTS) libstrongswan_sql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_sql_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_sql_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_sql_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -252,14 +255,17 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic \ -DPLUGINS=\""${libstrongswan_plugins}\"" -plugin_LTLIBRARIES = libstrongswan-sql.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sql.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sql.la libstrongswan_sql_la_SOURCES = \ - sql_plugin.h sql_plugin.c sql_config.h sql_config.c \ - sql_cred.h sql_cred.c sql_logger.h sql_logger.c + sql_plugin.h sql_plugin.c sql_config.h sql_config.c \ + sql_cred.h sql_cred.c sql_logger.h sql_logger.c libstrongswan_sql_la_LDFLAGS = -module -avoid-version all: all-am @@ -275,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/sql/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -296,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-sql.la: $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_DEPENDENCIES) - $(libstrongswan_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_LIBADD) $(LIBS) + $(libstrongswan_sql_la_LINK) $(am_libstrongswan_sql_la_rpath) $(libstrongswan_sql_la_OBJECTS) $(libstrongswan_sql_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -484,8 +499,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -556,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index afee0896c..23366898a 100644 --- a/src/charon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -182,7 +182,8 @@ static ike_cfg_t *build_ike_cfg(private_sql_config_t *this, enumerator_t *e, { ike_cfg_t *ike_cfg; - ike_cfg = ike_cfg_create(certreq, force_encap, local, remote); + ike_cfg = ike_cfg_create(certreq, force_encap, + local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT); /* TODO: read proposal from db */ ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); return ike_cfg; diff --git a/src/charon/plugins/sql/sql_config.h b/src/libcharon/plugins/sql/sql_config.h index 700d00a97..700d00a97 100644 --- a/src/charon/plugins/sql/sql_config.h +++ b/src/libcharon/plugins/sql/sql_config.h diff --git a/src/charon/plugins/sql/sql_cred.c b/src/libcharon/plugins/sql/sql_cred.c index 12f4ab045..12f4ab045 100644 --- a/src/charon/plugins/sql/sql_cred.c +++ b/src/libcharon/plugins/sql/sql_cred.c diff --git a/src/charon/plugins/sql/sql_cred.h b/src/libcharon/plugins/sql/sql_cred.h index 7f387398e..7f387398e 100644 --- a/src/charon/plugins/sql/sql_cred.h +++ b/src/libcharon/plugins/sql/sql_cred.h diff --git a/src/charon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c index d350c4c3d..d350c4c3d 100644 --- a/src/charon/plugins/sql/sql_logger.c +++ b/src/libcharon/plugins/sql/sql_logger.c diff --git a/src/charon/plugins/sql/sql_logger.h b/src/libcharon/plugins/sql/sql_logger.h index a933705da..a933705da 100644 --- a/src/charon/plugins/sql/sql_logger.h +++ b/src/libcharon/plugins/sql/sql_logger.h diff --git a/src/charon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c index e2e410a8a..e2d2d63b3 100644 --- a/src/charon/plugins/sql/sql_plugin.c +++ b/src/libcharon/plugins/sql/sql_plugin.c @@ -71,7 +71,7 @@ static void destroy(private_sql_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *sql_plugin_create() { char *uri; private_sql_plugin_t *this; diff --git a/src/charon/plugins/sql/sql_plugin.h b/src/libcharon/plugins/sql/sql_plugin.h index 8de04a891..c6f9ba905 100644 --- a/src/charon/plugins/sql/sql_plugin.h +++ b/src/libcharon/plugins/sql/sql_plugin.h @@ -39,9 +39,4 @@ struct sql_plugin_t { plugin_t plugin; }; -/** - * Create a sql_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** SQL_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/stroke/Makefile.am b/src/libcharon/plugins/stroke/Makefile.am new file mode 100644 index 000000000..40888a40b --- /dev/null +++ b/src/libcharon/plugins/stroke/Makefile.am @@ -0,0 +1,27 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/stroke + +AM_CFLAGS = \ +-rdynamic \ +-DIPSEC_CONFDIR=\"${sysconfdir}\" \ +-DIPSEC_PIDDIR=\"${piddir}\" + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-stroke.la +else +plugin_LTLIBRARIES = libstrongswan-stroke.la +endif + +libstrongswan_stroke_la_SOURCES = \ + stroke_plugin.h stroke_plugin.c \ + stroke_socket.h stroke_socket.c \ + stroke_config.h stroke_config.c \ + stroke_control.h stroke_control.c \ + stroke_cred.h stroke_cred.c \ + stroke_ca.h stroke_ca.c \ + stroke_attribute.h stroke_attribute.c \ + stroke_list.h stroke_list.c \ + stroke_shared_key.h stroke_shared_key.c + +libstrongswan_stroke_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 6e6b3b813..8815ba741 100644 --- a/src/charon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/stroke +subdir = src/libcharon/plugins/stroke DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_stroke_la_LIBADD = am_libstrongswan_stroke_la_OBJECTS = stroke_plugin.lo stroke_socket.lo \ stroke_config.lo stroke_control.lo stroke_cred.lo stroke_ca.lo \ @@ -82,6 +82,9 @@ libstrongswan_stroke_la_OBJECTS = \ libstrongswan_stroke_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_stroke_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_stroke_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_stroke_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,22 +258,26 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon -I$(top_srcdir)/src/stroke +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon -I$(top_srcdir)/src/stroke + AM_CFLAGS = \ -rdynamic \ -DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" -plugin_LTLIBRARIES = libstrongswan-stroke.la -libstrongswan_stroke_la_SOURCES = stroke_plugin.h stroke_plugin.c \ - stroke_socket.h stroke_socket.c \ - stroke_config.h stroke_config.c \ - stroke_control.h stroke_control.c \ - stroke_cred.h stroke_cred.c \ - stroke_ca.h stroke_ca.c \ - stroke_attribute.h stroke_attribute.c \ - stroke_list.h stroke_list.c \ - stroke_shared_key.h stroke_shared_key.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-stroke.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-stroke.la +libstrongswan_stroke_la_SOURCES = \ + stroke_plugin.h stroke_plugin.c \ + stroke_socket.h stroke_socket.c \ + stroke_config.h stroke_config.c \ + stroke_control.h stroke_control.c \ + stroke_cred.h stroke_cred.c \ + stroke_ca.h stroke_ca.c \ + stroke_attribute.h stroke_attribute.c \ + stroke_list.h stroke_list.c \ + stroke_shared_key.h stroke_shared_key.c libstrongswan_stroke_la_LDFLAGS = -module -avoid-version all: all-am @@ -285,9 +293,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/stroke/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -306,6 +314,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -338,7 +355,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-stroke.la: $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_DEPENDENCIES) - $(libstrongswan_stroke_la_LINK) -rpath $(plugindir) $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_LIBADD) $(LIBS) + $(libstrongswan_stroke_la_LINK) $(am_libstrongswan_stroke_la_rpath) $(libstrongswan_stroke_la_OBJECTS) $(libstrongswan_stroke_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -499,8 +516,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -571,18 +588,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libcharon/plugins/stroke/stroke_attribute.c b/src/libcharon/plugins/stroke/stroke_attribute.c new file mode 100644 index 000000000..1e4615e12 --- /dev/null +++ b/src/libcharon/plugins/stroke/stroke_attribute.c @@ -0,0 +1,226 @@ +/* + * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "stroke_attribute.h" + +#include <daemon.h> +#include <attributes/mem_pool.h> +#include <utils/linked_list.h> +#include <threading/rwlock.h> + +typedef struct private_stroke_attribute_t private_stroke_attribute_t; + +/** + * private data of stroke_attribute + */ +struct private_stroke_attribute_t { + + /** + * public functions + */ + stroke_attribute_t public; + + /** + * list of pools, contains mem_pool_t + */ + linked_list_t *pools; + + /** + * rwlock to lock access to pools + */ + rwlock_t *lock; +}; + +/** + * find a pool by name + */ +static mem_pool_t *find_pool(private_stroke_attribute_t *this, char *name) +{ + enumerator_t *enumerator; + mem_pool_t *current, *found = NULL; + + enumerator = this->pools->create_enumerator(this->pools); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (streq(name, current->get_name(current))) + { + found = current; + break; + } + } + enumerator->destroy(enumerator); + return found; +} + +METHOD(attribute_provider_t, acquire_address, host_t*, + private_stroke_attribute_t *this, char *name, identification_t *id, + host_t *requested) +{ + mem_pool_t *pool; + host_t *addr = NULL; + this->lock->read_lock(this->lock); + pool = find_pool(this, name); + if (pool) + { + addr = pool->acquire_address(pool, id, requested); + } + this->lock->unlock(this->lock); + return addr; +} + +METHOD(attribute_provider_t, release_address, bool, + private_stroke_attribute_t *this, char *name, host_t *address, + identification_t *id) +{ + mem_pool_t *pool; + bool found = FALSE; + this->lock->read_lock(this->lock); + pool = find_pool(this, name); + if (pool) + { + found = pool->release_address(pool, address, id); + } + this->lock->unlock(this->lock); + return found; +} + +METHOD(stroke_attribute_t, add_pool, void, + private_stroke_attribute_t *this, stroke_msg_t *msg) +{ + if (msg->add_conn.other.sourceip_mask) + { + mem_pool_t *pool; + host_t *base = NULL; + u_int32_t bits = 0; + + /* if %config, add an empty pool, otherwise */ + if (msg->add_conn.other.sourceip) + { + DBG1(DBG_CFG, "adding virtual IP address pool '%s': %s/%d", + msg->add_conn.name, msg->add_conn.other.sourceip, + msg->add_conn.other.sourceip_mask); + base = host_create_from_string(msg->add_conn.other.sourceip, 0); + if (!base) + { + DBG1(DBG_CFG, "virtual IP address invalid, discarded"); + return; + } + bits = msg->add_conn.other.sourceip_mask; + } + pool = mem_pool_create(msg->add_conn.name, base, bits); + DESTROY_IF(base); + + this->lock->write_lock(this->lock); + this->pools->insert_last(this->pools, pool); + this->lock->unlock(this->lock); + } +} + +METHOD(stroke_attribute_t, del_pool, void, + private_stroke_attribute_t *this, stroke_msg_t *msg) +{ + enumerator_t *enumerator; + mem_pool_t *pool; + + this->lock->write_lock(this->lock); + enumerator = this->pools->create_enumerator(this->pools); + while (enumerator->enumerate(enumerator, &pool)) + { + if (streq(msg->del_conn.name, pool->get_name(pool))) + { + this->pools->remove_at(this->pools, enumerator); + pool->destroy(pool); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +/** + * Pool enumerator filter function, converts pool_t to name, size, ... + */ +static bool pool_filter(void *lock, mem_pool_t **poolp, const char **name, + void *d1, u_int *size, void *d2, u_int *online, + void *d3, u_int *offline) +{ + mem_pool_t *pool = *poolp; + *name = pool->get_name(pool); + *size = pool->get_size(pool); + *online = pool->get_online(pool); + *offline = pool->get_offline(pool); + return TRUE; +} + +METHOD(stroke_attribute_t, create_pool_enumerator, enumerator_t*, + private_stroke_attribute_t *this) +{ + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->pools->create_enumerator(this->pools), + (void*)pool_filter, + this->lock, (void*)this->lock->unlock); +} + +METHOD(stroke_attribute_t, create_lease_enumerator, enumerator_t*, + private_stroke_attribute_t *this, char *name) +{ + mem_pool_t *pool; + this->lock->read_lock(this->lock); + pool = find_pool(this, name); + if (!pool) + { + this->lock->unlock(this->lock); + return NULL; + } + return enumerator_create_cleaner(pool->create_lease_enumerator(pool), + (void*)this->lock->unlock, this->lock); +} + +METHOD(stroke_attribute_t, destroy, void, + private_stroke_attribute_t *this) +{ + this->lock->destroy(this->lock); + this->pools->destroy_offset(this->pools, offsetof(mem_pool_t, destroy)); + free(this); +} + +/* + * see header file + */ +stroke_attribute_t *stroke_attribute_create() +{ + private_stroke_attribute_t *this; + + INIT(this, + .public = { + .provider = { + .acquire_address = _acquire_address, + .release_address = _release_address, + .create_attribute_enumerator = enumerator_create_empty, + }, + .add_pool = _add_pool, + .del_pool = _del_pool, + .create_pool_enumerator = _create_pool_enumerator, + .create_lease_enumerator = _create_lease_enumerator, + .destroy = _destroy, + }, + .pools = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + return &this->public; +} + diff --git a/src/charon/plugins/stroke/stroke_attribute.h b/src/libcharon/plugins/stroke/stroke_attribute.h index cf6c950a6..249a9899b 100644 --- a/src/charon/plugins/stroke/stroke_attribute.h +++ b/src/libcharon/plugins/stroke/stroke_attribute.h @@ -37,15 +37,14 @@ struct stroke_attribute_t { attribute_provider_t provider; /** - * Add a virtual IP address. + * Add a virtual IP address pool. * * @param msg stroke message - * @param end end of stroke message that contains virtual IP. */ void (*add_pool)(stroke_attribute_t *this, stroke_msg_t *msg); /** - * Remove a virtual IP address. + * Remove a virtual IP address pool. * * @param msg stroke message */ @@ -68,10 +67,11 @@ struct stroke_attribute_t { * identification_t *id, host_t *address, bool online * * @param pool name of the pool to enumerate - * @return enumerator, NULL if pool not found + * @return enumerator, NULL if pool not found */ enumerator_t* (*create_lease_enumerator)(stroke_attribute_t *this, char *pool); + /** * Destroy a stroke_attribute instance. */ diff --git a/src/charon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 49146f18b..49146f18b 100644 --- a/src/charon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c diff --git a/src/charon/plugins/stroke/stroke_ca.h b/src/libcharon/plugins/stroke/stroke_ca.h index 21af912ea..21af912ea 100644 --- a/src/charon/plugins/stroke/stroke_ca.h +++ b/src/libcharon/plugins/stroke/stroke_ca.h diff --git a/src/charon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 0752f3c93..bbc1e7a31 100644 --- a/src/charon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -232,9 +232,9 @@ static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg } } ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND, - msg->add_conn.force_encap, - msg->add_conn.me.address, - msg->add_conn.other.address); + msg->add_conn.force_encap, + msg->add_conn.me.address, msg->add_conn.me.ikeport, + msg->add_conn.other.address, msg->add_conn.other.ikeport); add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL); return ike_cfg; } @@ -697,7 +697,7 @@ static void add_ts(private_stroke_config_t *this, if (!end->subnets) { - net = host_create_from_string(end->address, IKEV2_UDP_PORT); + net = host_create_from_string(end->address, 0); if (net) { ts = traffic_selector_create_from_subnet(net, 0, end->protocol, @@ -726,7 +726,7 @@ static void add_ts(private_stroke_config_t *this, intbits = atoi(bits + 1); } - net = host_create_from_string(start, IKEV2_UDP_PORT); + net = host_create_from_string(start, 0); if (net) { ts = traffic_selector_create_from_subnet(net, intbits, diff --git a/src/charon/plugins/stroke/stroke_config.h b/src/libcharon/plugins/stroke/stroke_config.h index 05e4665ca..05e4665ca 100644 --- a/src/charon/plugins/stroke/stroke_config.h +++ b/src/libcharon/plugins/stroke/stroke_config.h diff --git a/src/charon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index a03aef697..a03aef697 100644 --- a/src/charon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c diff --git a/src/charon/plugins/stroke/stroke_control.h b/src/libcharon/plugins/stroke/stroke_control.h index 9b49bdc31..9b49bdc31 100644 --- a/src/charon/plugins/stroke/stroke_control.h +++ b/src/libcharon/plugins/stroke/stroke_control.h diff --git a/src/charon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index bc0b2f6fc..e0a5210a9 100644 --- a/src/charon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -993,6 +993,7 @@ static void load_secrets(private_stroke_cred_t *this, char *file, int level, } else if ((match("PSK", &token) && (type = SHARED_IKE)) || (match("EAP", &token) && (type = SHARED_EAP)) || + (match("NTLM", &token) && (type = SHARED_NT_HASH)) || (match("XAUTH", &token) && (type = SHARED_EAP))) { stroke_shared_key_t *shared_key; diff --git a/src/charon/plugins/stroke/stroke_cred.h b/src/libcharon/plugins/stroke/stroke_cred.h index ccee7d87c..ccee7d87c 100644 --- a/src/charon/plugins/stroke/stroke_cred.h +++ b/src/libcharon/plugins/stroke/stroke_cred.h diff --git a/src/charon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index c2a98da33..c2a98da33 100644 --- a/src/charon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c diff --git a/src/charon/plugins/stroke/stroke_list.h b/src/libcharon/plugins/stroke/stroke_list.h index b5bedc6c2..b5bedc6c2 100644 --- a/src/charon/plugins/stroke/stroke_list.h +++ b/src/libcharon/plugins/stroke/stroke_list.h diff --git a/src/charon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c index 61ae10953..4361e5050 100644 --- a/src/charon/plugins/stroke/stroke_plugin.c +++ b/src/libcharon/plugins/stroke/stroke_plugin.c @@ -48,7 +48,7 @@ static void destroy(private_stroke_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *stroke_plugin_create() { private_stroke_plugin_t *this = malloc_thing(private_stroke_plugin_t); diff --git a/src/charon/plugins/stroke/stroke_plugin.h b/src/libcharon/plugins/stroke/stroke_plugin.h index 3a1e81df6..464979910 100644 --- a/src/charon/plugins/stroke/stroke_plugin.h +++ b/src/libcharon/plugins/stroke/stroke_plugin.h @@ -42,9 +42,4 @@ struct stroke_plugin_t { plugin_t plugin; }; -/** - * Instanciate stroke plugin. - */ -plugin_t *plugin_create(); - #endif /** STROKE_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/stroke/stroke_shared_key.c b/src/libcharon/plugins/stroke/stroke_shared_key.c index 4f716e83a..4f716e83a 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.c +++ b/src/libcharon/plugins/stroke/stroke_shared_key.c diff --git a/src/charon/plugins/stroke/stroke_shared_key.h b/src/libcharon/plugins/stroke/stroke_shared_key.h index 05ad55083..05ad55083 100644 --- a/src/charon/plugins/stroke/stroke_shared_key.h +++ b/src/libcharon/plugins/stroke/stroke_shared_key.h diff --git a/src/charon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 820e097f1..56c18da38 100644 --- a/src/charon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -25,6 +25,7 @@ #include <errno.h> #include <processing/jobs/callback_job.h> +#include <hydra.h> #include <daemon.h> #include <threading/thread.h> @@ -624,7 +625,7 @@ static void destroy(private_stroke_socket_t *this) charon->credentials->remove_set(charon->credentials, &this->ca->set); charon->credentials->remove_set(charon->credentials, &this->cred->set); charon->backends->remove_backend(charon->backends, &this->config->backend); - lib->attributes->remove_provider(lib->attributes, &this->attribute->provider); + hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider); this->cred->destroy(this->cred); this->ca->destroy(this->ca); this->config->destroy(this->config); @@ -659,7 +660,7 @@ stroke_socket_t *stroke_socket_create() charon->credentials->add_set(charon->credentials, &this->ca->set); charon->credentials->add_set(charon->credentials, &this->cred->set); charon->backends->add_backend(charon->backends, &this->config->backend); - lib->attributes->add_provider(lib->attributes, &this->attribute->provider); + hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider); this->job = callback_job_create((callback_job_cb_t)receive, this, NULL, NULL); diff --git a/src/charon/plugins/stroke/stroke_socket.h b/src/libcharon/plugins/stroke/stroke_socket.h index 2aac8be9b..2aac8be9b 100644 --- a/src/charon/plugins/stroke/stroke_socket.h +++ b/src/libcharon/plugins/stroke/stroke_socket.h diff --git a/src/libcharon/plugins/uci/Makefile.am b/src/libcharon/plugins/uci/Makefile.am new file mode 100644 index 000000000..6decdb9da --- /dev/null +++ b/src/libcharon/plugins/uci/Makefile.am @@ -0,0 +1,19 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-uci.la +else +plugin_LTLIBRARIES = libstrongswan-uci.la +endif + +libstrongswan_uci_la_SOURCES = \ + uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \ + uci_config.h uci_config.c uci_creds.h uci_creds.c \ + uci_control.h uci_control.c + +libstrongswan_uci_la_LDFLAGS = -module -avoid-version +libstrongswan_uci_la_LIBADD = -luci diff --git a/src/charon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index 00436f509..c10829bb3 100644 --- a/src/charon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/uci +subdir = src/libcharon/plugins/uci DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_uci_la_DEPENDENCIES = am_libstrongswan_uci_la_OBJECTS = uci_plugin.lo uci_parser.lo \ uci_config.lo uci_creds.lo uci_control.lo @@ -80,6 +80,8 @@ libstrongswan_uci_la_OBJECTS = $(am_libstrongswan_uci_la_OBJECTS) libstrongswan_uci_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_uci_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_uci_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_uci_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -252,13 +255,16 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-uci.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-uci.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-uci.la libstrongswan_uci_la_SOURCES = \ - uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \ - uci_config.h uci_config.c uci_creds.h uci_creds.c \ - uci_control.h uci_control.c + uci_plugin.h uci_plugin.c uci_parser.h uci_parser.c \ + uci_config.h uci_config.c uci_creds.h uci_creds.c \ + uci_control.h uci_control.c libstrongswan_uci_la_LDFLAGS = -module -avoid-version libstrongswan_uci_la_LIBADD = -luci @@ -275,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/uci/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -296,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-uci.la: $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_DEPENDENCIES) - $(libstrongswan_uci_la_LINK) -rpath $(plugindir) $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_LIBADD) $(LIBS) + $(libstrongswan_uci_la_LINK) $(am_libstrongswan_uci_la_rpath) $(libstrongswan_uci_la_OBJECTS) $(libstrongswan_uci_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -485,8 +500,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -557,18 +572,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index a6ee970ad..bd58afbf0 100644 --- a/src/charon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -170,7 +170,8 @@ static bool peer_enumerator_enumerate(peer_enumerator_t *this, peer_cfg_t **cfg) &ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey)) { DESTROY_IF(this->peer_cfg); - ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr); + ike_cfg = ike_cfg_create(FALSE, FALSE, + local_addr, IKEV2_UDP_PORT, remote_addr, IKEV2_UDP_PORT); ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); this->peer_cfg = peer_cfg_create( name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, @@ -268,7 +269,8 @@ static bool ike_enumerator_enumerate(ike_enumerator_t *this, ike_cfg_t **cfg) &local_addr, &remote_addr, &ike_proposal)) { DESTROY_IF(this->ike_cfg); - this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr); + this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, IKEV2_UDP_PORT, + remote_addr, IKEV2_UDP_PORT); this->ike_cfg->add_proposal(this->ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); diff --git a/src/charon/plugins/uci/uci_config.h b/src/libcharon/plugins/uci/uci_config.h index 130f15d85..130f15d85 100644 --- a/src/charon/plugins/uci/uci_config.h +++ b/src/libcharon/plugins/uci/uci_config.h diff --git a/src/charon/plugins/uci/uci_control.c b/src/libcharon/plugins/uci/uci_control.c index 3c4928be4..3c4928be4 100644 --- a/src/charon/plugins/uci/uci_control.c +++ b/src/libcharon/plugins/uci/uci_control.c diff --git a/src/charon/plugins/uci/uci_control.h b/src/libcharon/plugins/uci/uci_control.h index 794220aa1..794220aa1 100644 --- a/src/charon/plugins/uci/uci_control.h +++ b/src/libcharon/plugins/uci/uci_control.h diff --git a/src/charon/plugins/uci/uci_creds.c b/src/libcharon/plugins/uci/uci_creds.c index 4d664feb2..4d664feb2 100644 --- a/src/charon/plugins/uci/uci_creds.c +++ b/src/libcharon/plugins/uci/uci_creds.c diff --git a/src/charon/plugins/uci/uci_creds.h b/src/libcharon/plugins/uci/uci_creds.h index a283ed9f5..a283ed9f5 100644 --- a/src/charon/plugins/uci/uci_creds.h +++ b/src/libcharon/plugins/uci/uci_creds.h diff --git a/src/charon/plugins/uci/uci_parser.c b/src/libcharon/plugins/uci/uci_parser.c index 6de55d218..6de55d218 100644 --- a/src/charon/plugins/uci/uci_parser.c +++ b/src/libcharon/plugins/uci/uci_parser.c diff --git a/src/charon/plugins/uci/uci_parser.h b/src/libcharon/plugins/uci/uci_parser.h index 7217e507a..7217e507a 100644 --- a/src/charon/plugins/uci/uci_parser.h +++ b/src/libcharon/plugins/uci/uci_parser.h diff --git a/src/charon/plugins/uci/uci_plugin.c b/src/libcharon/plugins/uci/uci_plugin.c index 2a79b9109..742fcf4d0 100644 --- a/src/charon/plugins/uci/uci_plugin.c +++ b/src/libcharon/plugins/uci/uci_plugin.c @@ -75,7 +75,7 @@ static void destroy(private_uci_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *uci_plugin_create() { private_uci_plugin_t *this = malloc_thing(private_uci_plugin_t); diff --git a/src/charon/plugins/uci/uci_plugin.h b/src/libcharon/plugins/uci/uci_plugin.h index e7743227c..980ab26fd 100644 --- a/src/charon/plugins/uci/uci_plugin.h +++ b/src/libcharon/plugins/uci/uci_plugin.h @@ -40,9 +40,4 @@ struct uci_plugin_t { plugin_t plugin; }; -/** - * Create a uci_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** UCI_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/unit_tester/Makefile.am b/src/libcharon/plugins/unit_tester/Makefile.am new file mode 100644 index 000000000..e27d1f859 --- /dev/null +++ b/src/libcharon/plugins/unit_tester/Makefile.am @@ -0,0 +1,29 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-unit-tester.la +else +plugin_LTLIBRARIES = libstrongswan-unit-tester.la +endif + +libstrongswan_unit_tester_la_SOURCES = \ + unit_tester.c unit_tester.h tests.h \ + tests/test_enumerator.c \ + tests/test_auth_info.c \ + tests/test_curl.c \ + tests/test_mysql.c \ + tests/test_sqlite.c \ + tests/test_mutex.c \ + tests/test_rsa_gen.c \ + tests/test_cert.c \ + tests/test_med_db.c \ + tests/test_chunk.c \ + tests/test_pool.c \ + tests/test_agent.c \ + tests/test_id.c + +libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in index 9926c43e8..6ca43a38f 100644 --- a/src/charon/plugins/unit_tester/Makefile.in +++ b/src/libcharon/plugins/unit_tester/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/unit_tester +subdir = src/libcharon/plugins/unit_tester DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_unit_tester_la_LIBADD = am_libstrongswan_unit_tester_la_OBJECTS = unit_tester.lo \ test_enumerator.lo test_auth_info.lo test_curl.lo \ @@ -85,6 +85,9 @@ libstrongswan_unit_tester_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_unit_tester_la_LDFLAGS) \ $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_unit_tester_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_unit_tester_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -223,6 +226,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -257,23 +261,27 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-unit-tester.la -libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \ - tests/test_enumerator.c \ - tests/test_auth_info.c \ - tests/test_curl.c \ - tests/test_mysql.c \ - tests/test_sqlite.c \ - tests/test_mutex.c \ - tests/test_rsa_gen.c \ - tests/test_cert.c \ - tests/test_med_db.c \ - tests/test_chunk.c \ - tests/test_pool.c \ - tests/test_agent.c \ - tests/test_id.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-unit-tester.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-unit-tester.la +libstrongswan_unit_tester_la_SOURCES = \ + unit_tester.c unit_tester.h tests.h \ + tests/test_enumerator.c \ + tests/test_auth_info.c \ + tests/test_curl.c \ + tests/test_mysql.c \ + tests/test_sqlite.c \ + tests/test_mutex.c \ + tests/test_rsa_gen.c \ + tests/test_cert.c \ + tests/test_med_db.c \ + tests/test_chunk.c \ + tests/test_pool.c \ + tests/test_agent.c \ + tests/test_id.c libstrongswan_unit_tester_la_LDFLAGS = -module -avoid-version all: all-am @@ -289,9 +297,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/unit_tester/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/unit_tester/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/unit_tester/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -310,6 +318,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -342,7 +359,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-unit-tester.la: $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_DEPENDENCIES) - $(libstrongswan_unit_tester_la_LINK) -rpath $(plugindir) $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_LIBADD) $(LIBS) + $(libstrongswan_unit_tester_la_LINK) $(am_libstrongswan_unit_tester_la_rpath) $(libstrongswan_unit_tester_la_OBJECTS) $(libstrongswan_unit_tester_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -599,8 +616,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -671,18 +688,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/unit_tester/tests.h b/src/libcharon/plugins/unit_tester/tests.h index 96313d390..96313d390 100644 --- a/src/charon/plugins/unit_tester/tests.h +++ b/src/libcharon/plugins/unit_tester/tests.h diff --git a/src/charon/plugins/unit_tester/tests/test_agent.c b/src/libcharon/plugins/unit_tester/tests/test_agent.c index baab629be..baab629be 100644 --- a/src/charon/plugins/unit_tester/tests/test_agent.c +++ b/src/libcharon/plugins/unit_tester/tests/test_agent.c diff --git a/src/charon/plugins/unit_tester/tests/test_auth_info.c b/src/libcharon/plugins/unit_tester/tests/test_auth_info.c index d6abe7a05..d6abe7a05 100644 --- a/src/charon/plugins/unit_tester/tests/test_auth_info.c +++ b/src/libcharon/plugins/unit_tester/tests/test_auth_info.c diff --git a/src/charon/plugins/unit_tester/tests/test_cert.c b/src/libcharon/plugins/unit_tester/tests/test_cert.c index 3b00421f8..3b00421f8 100644 --- a/src/charon/plugins/unit_tester/tests/test_cert.c +++ b/src/libcharon/plugins/unit_tester/tests/test_cert.c diff --git a/src/charon/plugins/unit_tester/tests/test_chunk.c b/src/libcharon/plugins/unit_tester/tests/test_chunk.c index 2e0905b2c..2e0905b2c 100644 --- a/src/charon/plugins/unit_tester/tests/test_chunk.c +++ b/src/libcharon/plugins/unit_tester/tests/test_chunk.c diff --git a/src/charon/plugins/unit_tester/tests/test_curl.c b/src/libcharon/plugins/unit_tester/tests/test_curl.c index 21656a94e..21656a94e 100644 --- a/src/charon/plugins/unit_tester/tests/test_curl.c +++ b/src/libcharon/plugins/unit_tester/tests/test_curl.c diff --git a/src/charon/plugins/unit_tester/tests/test_enumerator.c b/src/libcharon/plugins/unit_tester/tests/test_enumerator.c index edbf0f5bb..edbf0f5bb 100644 --- a/src/charon/plugins/unit_tester/tests/test_enumerator.c +++ b/src/libcharon/plugins/unit_tester/tests/test_enumerator.c diff --git a/src/charon/plugins/unit_tester/tests/test_id.c b/src/libcharon/plugins/unit_tester/tests/test_id.c index 868a2ca8b..868a2ca8b 100644 --- a/src/charon/plugins/unit_tester/tests/test_id.c +++ b/src/libcharon/plugins/unit_tester/tests/test_id.c diff --git a/src/charon/plugins/unit_tester/tests/test_med_db.c b/src/libcharon/plugins/unit_tester/tests/test_med_db.c index 7fd78b0bc..7fd78b0bc 100644 --- a/src/charon/plugins/unit_tester/tests/test_med_db.c +++ b/src/libcharon/plugins/unit_tester/tests/test_med_db.c diff --git a/src/charon/plugins/unit_tester/tests/test_mutex.c b/src/libcharon/plugins/unit_tester/tests/test_mutex.c index 77085cb2f..77085cb2f 100644 --- a/src/charon/plugins/unit_tester/tests/test_mutex.c +++ b/src/libcharon/plugins/unit_tester/tests/test_mutex.c diff --git a/src/charon/plugins/unit_tester/tests/test_mysql.c b/src/libcharon/plugins/unit_tester/tests/test_mysql.c index 252441ef8..252441ef8 100644 --- a/src/charon/plugins/unit_tester/tests/test_mysql.c +++ b/src/libcharon/plugins/unit_tester/tests/test_mysql.c diff --git a/src/charon/plugins/unit_tester/tests/test_pool.c b/src/libcharon/plugins/unit_tester/tests/test_pool.c index 109c06fda..a68246fff 100644 --- a/src/charon/plugins/unit_tester/tests/test_pool.c +++ b/src/libcharon/plugins/unit_tester/tests/test_pool.c @@ -14,9 +14,10 @@ */ #include <time.h> -#include <pthread.h> #include <library.h> +#include <threading/thread.h> +#include <hydra.h> #define ALLOCS 1000 #define THREADS 20 @@ -39,8 +40,8 @@ static void* testing(void *thread) /* allocate addresses */ for (i = 0; i < ALLOCS; i++) { - addr[i] = lib->attributes->acquire_address(lib->attributes, - "test", id[i], NULL); + addr[i] = hydra->attributes->acquire_address(hydra->attributes, + "test", id[i], NULL); if (!addr[i]) { return (void*)FALSE; @@ -50,8 +51,8 @@ static void* testing(void *thread) /* release addresses */ for (i = 0; i < ALLOCS; i++) { - lib->attributes->release_address(lib->attributes, - "test", addr[i], id[i]); + hydra->attributes->release_address(hydra->attributes, + "test", addr[i], id[i]); } /* cleanup */ @@ -69,21 +70,20 @@ static void* testing(void *thread) ******************************************************************************/ bool test_pool() { + thread_t *threads[THREADS]; uintptr_t i; - void *res; - pthread_t thread[THREADS]; for (i = 0; i < THREADS; i++) { - if (pthread_create(&thread[i], NULL, (void*)testing, (void*)i) < 0) + if (!(threads[i] = thread_create((thread_main_t)testing, (void*)i))) { return FALSE; } } for (i = 0; i < THREADS; i++) { - pthread_join(thread[i], &res); - if (res == NULL) + bool *res = threads[i]->join(threads[i]); + if (!res) { return FALSE; } diff --git a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c index 59da15644..59da15644 100644 --- a/src/charon/plugins/unit_tester/tests/test_rsa_gen.c +++ b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c diff --git a/src/charon/plugins/unit_tester/tests/test_sqlite.c b/src/libcharon/plugins/unit_tester/tests/test_sqlite.c index dd8d1955e..dd8d1955e 100644 --- a/src/charon/plugins/unit_tester/tests/test_sqlite.c +++ b/src/libcharon/plugins/unit_tester/tests/test_sqlite.c diff --git a/src/charon/plugins/unit_tester/unit_tester.c b/src/libcharon/plugins/unit_tester/unit_tester.c index 3c39688c6..5f6f94e03 100644 --- a/src/charon/plugins/unit_tester/unit_tester.c +++ b/src/libcharon/plugins/unit_tester/unit_tester.c @@ -103,7 +103,7 @@ static void destroy(private_unit_tester_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *unit_tester_plugin_create() { private_unit_tester_t *this = malloc_thing(private_unit_tester_t); diff --git a/src/charon/plugins/unit_tester/unit_tester.h b/src/libcharon/plugins/unit_tester/unit_tester.h index 79d5bc021..08784f6f4 100644 --- a/src/charon/plugins/unit_tester/unit_tester.h +++ b/src/libcharon/plugins/unit_tester/unit_tester.h @@ -41,9 +41,4 @@ struct unit_tester_t { plugin_t plugin; }; -/** - * Create a unit_tester plugin. - */ -plugin_t *plugin_create(); - #endif /** UNIT_TESTER_H_ @}*/ diff --git a/src/charon/plugins/updown/Makefile.am b/src/libcharon/plugins/updown/Makefile.am index 6cad02a96..312c8d7e8 100644 --- a/src/charon/plugins/updown/Makefile.am +++ b/src/libcharon/plugins/updown/Makefile.am @@ -1,12 +1,17 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-updown.la +else plugin_LTLIBRARIES = libstrongswan-updown.la -libstrongswan_updown_la_SOURCES = \ - updown_plugin.h updown_plugin.c \ - updown_listener.h updown_listener.c -libstrongswan_updown_la_LDFLAGS = -module -avoid-version +endif +libstrongswan_updown_la_SOURCES = \ + updown_plugin.h updown_plugin.c \ + updown_listener.h updown_listener.c +libstrongswan_updown_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 78ba19d65..d3c509a32 100644 --- a/src/charon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/updown +subdir = src/libcharon/plugins/updown DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_updown_la_LIBADD = am_libstrongswan_updown_la_OBJECTS = updown_plugin.lo \ updown_listener.lo @@ -81,6 +81,9 @@ libstrongswan_updown_la_OBJECTS = \ libstrongswan_updown_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_updown_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_updown_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_updown_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,12 +257,15 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-updown.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-updown.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-updown.la libstrongswan_updown_la_SOURCES = \ - updown_plugin.h updown_plugin.c \ - updown_listener.h updown_listener.c + updown_plugin.h updown_plugin.c \ + updown_listener.h updown_listener.c libstrongswan_updown_la_LDFLAGS = -module -avoid-version all: all-am @@ -274,9 +281,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/updown/Makefile + $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -295,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -327,7 +343,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-updown.la: $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_DEPENDENCIES) - $(libstrongswan_updown_la_LINK) -rpath $(plugindir) $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_LIBADD) $(LIBS) + $(libstrongswan_updown_la_LINK) $(am_libstrongswan_updown_la_rpath) $(libstrongswan_updown_la_OBJECTS) $(libstrongswan_updown_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +497,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index 5a6746f92..5a6746f92 100644 --- a/src/charon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c diff --git a/src/charon/plugins/updown/updown_listener.h b/src/libcharon/plugins/updown/updown_listener.h index 5b866c4e5..5b866c4e5 100644 --- a/src/charon/plugins/updown/updown_listener.h +++ b/src/libcharon/plugins/updown/updown_listener.h diff --git a/src/charon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c index 6cb0efdcd..9d0591e62 100644 --- a/src/charon/plugins/updown/updown_plugin.c +++ b/src/libcharon/plugins/updown/updown_plugin.c @@ -49,7 +49,7 @@ static void destroy(private_updown_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *updown_plugin_create() { private_updown_plugin_t *this = malloc_thing(private_updown_plugin_t); diff --git a/src/charon/plugins/updown/updown_plugin.h b/src/libcharon/plugins/updown/updown_plugin.h index 2873b499d..abcb953a0 100644 --- a/src/charon/plugins/updown/updown_plugin.h +++ b/src/libcharon/plugins/updown/updown_plugin.h @@ -39,9 +39,4 @@ struct updown_plugin_t { plugin_t plugin; }; -/** - * Create a updown_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** UPDOWN_PLUGIN_H_ @}*/ diff --git a/src/charon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c index 45ace9312..45ace9312 100644 --- a/src/charon/processing/jobs/acquire_job.c +++ b/src/libcharon/processing/jobs/acquire_job.c diff --git a/src/charon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h index eff79a9b0..eff79a9b0 100644 --- a/src/charon/processing/jobs/acquire_job.h +++ b/src/libcharon/processing/jobs/acquire_job.h diff --git a/src/charon/processing/jobs/callback_job.c b/src/libcharon/processing/jobs/callback_job.c index 7e35dcdcb..45e49112e 100644 --- a/src/charon/processing/jobs/callback_job.c +++ b/src/libcharon/processing/jobs/callback_job.c @@ -182,7 +182,7 @@ static void cancel(private_callback_job_t *this) */ static void execute(private_callback_job_t *this) { - bool cleanup = FALSE; + bool cleanup = FALSE, requeue = FALSE; thread_cleanup_push((thread_cleanup_t)destroy, this); @@ -206,8 +206,7 @@ static void execute(private_callback_job_t *this) continue; case JOB_REQUEUE_FAIR: { - charon->processor->queue_job(charon->processor, - &this->public.job_interface); + requeue = TRUE; break; } case JOB_REQUEUE_NONE: @@ -225,6 +224,11 @@ static void execute(private_callback_job_t *this) /* manually create a cancellation point to avoid that a cancelled thread * goes back into the thread pool */ thread_cancellation_point(); + if (requeue) + { + charon->processor->queue_job(charon->processor, + &this->public.job_interface); + } thread_cleanup_pop(cleanup); } diff --git a/src/charon/processing/jobs/callback_job.h b/src/libcharon/processing/jobs/callback_job.h index 62da1edd1..62da1edd1 100644 --- a/src/charon/processing/jobs/callback_job.h +++ b/src/libcharon/processing/jobs/callback_job.h diff --git a/src/charon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c index ca55721f2..ca55721f2 100644 --- a/src/charon/processing/jobs/delete_child_sa_job.c +++ b/src/libcharon/processing/jobs/delete_child_sa_job.c diff --git a/src/charon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h index 662a7b7c7..662a7b7c7 100644 --- a/src/charon/processing/jobs/delete_child_sa_job.h +++ b/src/libcharon/processing/jobs/delete_child_sa_job.h diff --git a/src/charon/processing/jobs/delete_ike_sa_job.c b/src/libcharon/processing/jobs/delete_ike_sa_job.c index dffd08ba3..dffd08ba3 100644 --- a/src/charon/processing/jobs/delete_ike_sa_job.c +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.c diff --git a/src/charon/processing/jobs/delete_ike_sa_job.h b/src/libcharon/processing/jobs/delete_ike_sa_job.h index f641deea3..f641deea3 100644 --- a/src/charon/processing/jobs/delete_ike_sa_job.h +++ b/src/libcharon/processing/jobs/delete_ike_sa_job.h diff --git a/src/charon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c index 13fc5e3d0..13fc5e3d0 100644 --- a/src/charon/processing/jobs/inactivity_job.c +++ b/src/libcharon/processing/jobs/inactivity_job.c diff --git a/src/charon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h index 9c9daced8..9c9daced8 100644 --- a/src/charon/processing/jobs/inactivity_job.h +++ b/src/libcharon/processing/jobs/inactivity_job.h diff --git a/src/charon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c index ffe8755e2..ffe8755e2 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.c +++ b/src/libcharon/processing/jobs/initiate_mediation_job.c diff --git a/src/charon/processing/jobs/initiate_mediation_job.h b/src/libcharon/processing/jobs/initiate_mediation_job.h index fddb1dd7b..fddb1dd7b 100644 --- a/src/charon/processing/jobs/initiate_mediation_job.h +++ b/src/libcharon/processing/jobs/initiate_mediation_job.h diff --git a/src/charon/processing/jobs/job.h b/src/libcharon/processing/jobs/job.h index 0f1c16ebe..0f1c16ebe 100644 --- a/src/charon/processing/jobs/job.h +++ b/src/libcharon/processing/jobs/job.h diff --git a/src/charon/processing/jobs/mediation_job.c b/src/libcharon/processing/jobs/mediation_job.c index b5b8af3b3..b5b8af3b3 100644 --- a/src/charon/processing/jobs/mediation_job.c +++ b/src/libcharon/processing/jobs/mediation_job.c diff --git a/src/charon/processing/jobs/mediation_job.h b/src/libcharon/processing/jobs/mediation_job.h index 0574c65eb..0574c65eb 100644 --- a/src/charon/processing/jobs/mediation_job.h +++ b/src/libcharon/processing/jobs/mediation_job.h diff --git a/src/charon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c index 05f47340c..05f47340c 100644 --- a/src/charon/processing/jobs/migrate_job.c +++ b/src/libcharon/processing/jobs/migrate_job.c diff --git a/src/charon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h index de313d517..de313d517 100644 --- a/src/charon/processing/jobs/migrate_job.h +++ b/src/libcharon/processing/jobs/migrate_job.h diff --git a/src/charon/processing/jobs/process_message_job.c b/src/libcharon/processing/jobs/process_message_job.c index a47d48e38..a47d48e38 100644 --- a/src/charon/processing/jobs/process_message_job.c +++ b/src/libcharon/processing/jobs/process_message_job.c diff --git a/src/charon/processing/jobs/process_message_job.h b/src/libcharon/processing/jobs/process_message_job.h index 5e3f44d1f..5e3f44d1f 100644 --- a/src/charon/processing/jobs/process_message_job.h +++ b/src/libcharon/processing/jobs/process_message_job.h diff --git a/src/charon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c index b797d181e..b797d181e 100644 --- a/src/charon/processing/jobs/rekey_child_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c diff --git a/src/charon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h index 62887d6b9..62887d6b9 100644 --- a/src/charon/processing/jobs/rekey_child_sa_job.h +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c index 5ec0b1b88..5ec0b1b88 100644 --- a/src/charon/processing/jobs/rekey_ike_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c diff --git a/src/charon/processing/jobs/rekey_ike_sa_job.h b/src/libcharon/processing/jobs/rekey_ike_sa_job.h index a5c1028aa..a5c1028aa 100644 --- a/src/charon/processing/jobs/rekey_ike_sa_job.h +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.h diff --git a/src/charon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c index fc787f208..fc787f208 100644 --- a/src/charon/processing/jobs/retransmit_job.c +++ b/src/libcharon/processing/jobs/retransmit_job.c diff --git a/src/charon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h index c8c13479b..c8c13479b 100644 --- a/src/charon/processing/jobs/retransmit_job.h +++ b/src/libcharon/processing/jobs/retransmit_job.h diff --git a/src/charon/processing/jobs/roam_job.c b/src/libcharon/processing/jobs/roam_job.c index adc884a8a..adc884a8a 100644 --- a/src/charon/processing/jobs/roam_job.c +++ b/src/libcharon/processing/jobs/roam_job.c diff --git a/src/charon/processing/jobs/roam_job.h b/src/libcharon/processing/jobs/roam_job.h index 55bdf2b28..55bdf2b28 100644 --- a/src/charon/processing/jobs/roam_job.h +++ b/src/libcharon/processing/jobs/roam_job.h diff --git a/src/charon/processing/jobs/send_dpd_job.c b/src/libcharon/processing/jobs/send_dpd_job.c index 1c2da52b8..1c2da52b8 100644 --- a/src/charon/processing/jobs/send_dpd_job.c +++ b/src/libcharon/processing/jobs/send_dpd_job.c diff --git a/src/charon/processing/jobs/send_dpd_job.h b/src/libcharon/processing/jobs/send_dpd_job.h index 8078a38bc..8078a38bc 100644 --- a/src/charon/processing/jobs/send_dpd_job.h +++ b/src/libcharon/processing/jobs/send_dpd_job.h diff --git a/src/charon/processing/jobs/send_keepalive_job.c b/src/libcharon/processing/jobs/send_keepalive_job.c index 3d02cea2e..3d02cea2e 100644 --- a/src/charon/processing/jobs/send_keepalive_job.c +++ b/src/libcharon/processing/jobs/send_keepalive_job.c diff --git a/src/charon/processing/jobs/send_keepalive_job.h b/src/libcharon/processing/jobs/send_keepalive_job.h index cda83cd7e..cda83cd7e 100644 --- a/src/charon/processing/jobs/send_keepalive_job.h +++ b/src/libcharon/processing/jobs/send_keepalive_job.h diff --git a/src/charon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c index 17dce2548..17dce2548 100644 --- a/src/charon/processing/jobs/update_sa_job.c +++ b/src/libcharon/processing/jobs/update_sa_job.c diff --git a/src/charon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h index 11d1ac9b6..11d1ac9b6 100644 --- a/src/charon/processing/jobs/update_sa_job.h +++ b/src/libcharon/processing/jobs/update_sa_job.h diff --git a/src/charon/processing/processor.c b/src/libcharon/processing/processor.c index d5774af26..d5774af26 100644 --- a/src/charon/processing/processor.c +++ b/src/libcharon/processing/processor.c diff --git a/src/charon/processing/processor.h b/src/libcharon/processing/processor.h index 5bf8cf573..5bf8cf573 100644 --- a/src/charon/processing/processor.h +++ b/src/libcharon/processing/processor.h diff --git a/src/charon/processing/scheduler.c b/src/libcharon/processing/scheduler.c index 345af502a..345af502a 100644 --- a/src/charon/processing/scheduler.c +++ b/src/libcharon/processing/scheduler.c diff --git a/src/charon/processing/scheduler.h b/src/libcharon/processing/scheduler.h index 5f5d2a563..5f5d2a563 100644 --- a/src/charon/processing/scheduler.h +++ b/src/libcharon/processing/scheduler.h diff --git a/src/charon/sa/authenticators/authenticator.c b/src/libcharon/sa/authenticators/authenticator.c index 13586a23e..13586a23e 100644 --- a/src/charon/sa/authenticators/authenticator.c +++ b/src/libcharon/sa/authenticators/authenticator.c diff --git a/src/charon/sa/authenticators/authenticator.h b/src/libcharon/sa/authenticators/authenticator.h index fff91ed34..fff91ed34 100644 --- a/src/charon/sa/authenticators/authenticator.h +++ b/src/libcharon/sa/authenticators/authenticator.h diff --git a/src/charon/sa/authenticators/eap/eap_manager.c b/src/libcharon/sa/authenticators/eap/eap_manager.c index f795183f0..f795183f0 100644 --- a/src/charon/sa/authenticators/eap/eap_manager.c +++ b/src/libcharon/sa/authenticators/eap/eap_manager.c diff --git a/src/charon/sa/authenticators/eap/eap_manager.h b/src/libcharon/sa/authenticators/eap/eap_manager.h index 0333fb6da..0333fb6da 100644 --- a/src/charon/sa/authenticators/eap/eap_manager.h +++ b/src/libcharon/sa/authenticators/eap/eap_manager.h diff --git a/src/charon/sa/authenticators/eap/eap_method.c b/src/libcharon/sa/authenticators/eap/eap_method.c index 91fa5305f..91fa5305f 100644 --- a/src/charon/sa/authenticators/eap/eap_method.c +++ b/src/libcharon/sa/authenticators/eap/eap_method.c diff --git a/src/charon/sa/authenticators/eap/eap_method.h b/src/libcharon/sa/authenticators/eap/eap_method.h index 4cab84535..4cab84535 100644 --- a/src/charon/sa/authenticators/eap/eap_method.h +++ b/src/libcharon/sa/authenticators/eap/eap_method.h diff --git a/src/charon/sa/authenticators/eap/sim_manager.c b/src/libcharon/sa/authenticators/eap/sim_manager.c index 5060a3147..157865083 100644 --- a/src/charon/sa/authenticators/eap/sim_manager.c +++ b/src/libcharon/sa/authenticators/eap/sim_manager.c @@ -450,27 +450,20 @@ static void remove_hooks(private_sim_manager_t *this, sim_hooks_t *hooks) } /** - * Implementation of sim_manager_t.attribute_hook + * Implementation of sim_manager_t.message_hook */ -static bool attribute_hook(private_sim_manager_t *this, eap_code_t code, - eap_type_t type, u_int8_t subtype, - u_int8_t attribute, chunk_t data) +static void message_hook(private_sim_manager_t *this, + simaka_message_t *message, bool inbound, bool decrypted) { enumerator_t *enumerator; sim_hooks_t *hooks; - bool filter = FALSE; enumerator = this->hooks->create_enumerator(this->hooks); while (enumerator->enumerate(enumerator, &hooks)) { - if (hooks->attribute(hooks, code, type, subtype, attribute, data)) - { - filter = TRUE; - break; - } + hooks->message(hooks, message, inbound, decrypted); } enumerator->destroy(enumerator); - return filter; } /** @@ -528,7 +521,7 @@ sim_manager_t *sim_manager_create() this->public.provider_gen_reauth = (identification_t*(*)(sim_manager_t*, identification_t *id, char mk[HASH_SIZE_SHA1]))provider_gen_reauth; this->public.add_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))add_hooks; this->public.remove_hooks = (void(*)(sim_manager_t*, sim_hooks_t *hooks))remove_hooks; - this->public.attribute_hook = (bool(*)(sim_manager_t*, eap_code_t code, eap_type_t type, u_int8_t subtype, u_int8_t attribute, chunk_t data))attribute_hook; + this->public.message_hook = (void(*)(sim_manager_t*, simaka_message_t *message, bool inbound, bool decrypted))message_hook; this->public.key_hook = (void(*)(sim_manager_t*, chunk_t k_encr, chunk_t k_auth))key_hook; this->public.destroy = (void(*)(sim_manager_t*))destroy; diff --git a/src/charon/sa/authenticators/eap/sim_manager.h b/src/libcharon/sa/authenticators/eap/sim_manager.h index 49d27cbaa..9aa661ac8 100644 --- a/src/charon/sa/authenticators/eap/sim_manager.h +++ b/src/libcharon/sa/authenticators/eap/sim_manager.h @@ -31,6 +31,9 @@ typedef struct sim_card_t sim_card_t; typedef struct sim_provider_t sim_provider_t; typedef struct sim_hooks_t sim_hooks_t; +/** implemented in libsimaka, but we need it for the message hook */ +typedef struct simaka_message_t simaka_message_t; + #define SIM_RAND_LEN 16 #define SIM_SRES_LEN 4 #define SIM_KC_LEN 8 @@ -245,17 +248,17 @@ struct sim_provider_t { struct sim_hooks_t { /** - * SIM/AKA attribute parsing hook. + * SIM/AKA message parsing. + * + * As a SIM/AKA optionally contains encrypted attributes, the hook + * might get invoked twice, once before and once after decryption. * - * @param code code of EAP message the attribute was parsed from - * @param type EAP method, SIM or AKA - * @param subtye method specific subtype - * @param attribute parsed SIM/AKA attribute type - * @param data attribute data - * @return TRUE to filter out attribute from further processing + * @param message SIM/AKA message + * @param inbound TRUE for incoming messages, FALSE for outgoing + * @param decrypted TRUE if AT_ENCR_DATA has been decrypted */ - bool (*attribute)(sim_hooks_t *this, eap_code_t code, eap_type_t type, - u_int8_t subtype, u_int8_t attribute, chunk_t data); + void (*message)(sim_hooks_t *this, simaka_message_t *message, + bool inbound, bool decrypted); /** * SIM/AKA encryption/authentication key hooks. @@ -478,18 +481,14 @@ struct sim_manager_t { void (*remove_hooks)(sim_manager_t *this, sim_hooks_t *hooks); /** - * Invoke SIM/AKA attribute hook. + * Invoke SIM/AKA message hook. * - * @param code EAP message code (Request/response/success/failed) - * @param type EAP method type, EAP-SIM or AKA - * @param subtype method specific message subtype - * @param attribute SIM/AKA attribute type - * @param data attribute data - * @return TRUE to filter out attribute from further processing + * @param message SIM message + * @param inbound TRUE for incoming messages, FALSE for outgoing + * @param decrypted TRUE if AT_ENCR_DATA has been decrypted */ - bool (*attribute_hook)(sim_manager_t *this, eap_code_t code, - eap_type_t type, u_int8_t subtype, - u_int8_t attribute, chunk_t data); + void (*message_hook)(sim_manager_t *this, simaka_message_t *message, + bool inbound, bool decrypted); /** * Invoke SIM/AKA key hook. diff --git a/src/charon/sa/authenticators/eap_authenticator.c b/src/libcharon/sa/authenticators/eap_authenticator.c index 16911050a..4617c4d8d 100644 --- a/src/charon/sa/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/authenticators/eap_authenticator.c @@ -251,7 +251,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, case NEED_MORE: return out; case SUCCESS: - if (type == EAP_IDENTITY) + if (!vendor && type == EAP_IDENTITY) { chunk_t data; diff --git a/src/charon/sa/authenticators/eap_authenticator.h b/src/libcharon/sa/authenticators/eap_authenticator.h index 41eb6a8c9..41eb6a8c9 100644 --- a/src/charon/sa/authenticators/eap_authenticator.h +++ b/src/libcharon/sa/authenticators/eap_authenticator.h diff --git a/src/charon/sa/authenticators/psk_authenticator.c b/src/libcharon/sa/authenticators/psk_authenticator.c index 67197d690..67197d690 100644 --- a/src/charon/sa/authenticators/psk_authenticator.c +++ b/src/libcharon/sa/authenticators/psk_authenticator.c diff --git a/src/charon/sa/authenticators/psk_authenticator.h b/src/libcharon/sa/authenticators/psk_authenticator.h index 0fab11095..0fab11095 100644 --- a/src/charon/sa/authenticators/psk_authenticator.h +++ b/src/libcharon/sa/authenticators/psk_authenticator.h diff --git a/src/charon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c index f1dca2702..f1dca2702 100644 --- a/src/charon/sa/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c diff --git a/src/charon/sa/authenticators/pubkey_authenticator.h b/src/libcharon/sa/authenticators/pubkey_authenticator.h index be369cb89..be369cb89 100644 --- a/src/charon/sa/authenticators/pubkey_authenticator.h +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.h diff --git a/src/charon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 3fdfb51ad..3fdfb51ad 100644 --- a/src/charon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c diff --git a/src/charon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index d70bed664..e6c603504 100644 --- a/src/charon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -322,7 +322,7 @@ struct child_sa_t { }; /** - * Constructor to create a new child_sa_t. + * Constructor to create a child SA negotiated with IKE. * * @param me own address * @param other remote address diff --git a/src/charon/sa/connect_manager.c b/src/libcharon/sa/connect_manager.c index b78ba070d..b78ba070d 100644 --- a/src/charon/sa/connect_manager.c +++ b/src/libcharon/sa/connect_manager.c diff --git a/src/charon/sa/connect_manager.h b/src/libcharon/sa/connect_manager.h index 8fa8ff697..8fa8ff697 100644 --- a/src/charon/sa/connect_manager.h +++ b/src/libcharon/sa/connect_manager.h diff --git a/src/charon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 975a0904a..023f0749f 100644 --- a/src/charon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -25,6 +25,7 @@ #include <library.h> #include <daemon.h> +#include <hydra.h> #include <utils/linked_list.h> #include <utils/lexparser.h> #include <sa/task_manager.h> @@ -423,7 +424,7 @@ static void flush_auth_cfgs(private_ike_sa_t *this) { auth_cfg_t *cfg; - if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", TRUE)) + if (lib->settings->get_bool(lib->settings, "charon.flush_auth_cfg", FALSE)) { while (this->my_auths->remove_last(this->my_auths, (void**)&cfg) == SUCCESS) @@ -1117,7 +1118,7 @@ static void resolve_hosts(private_ike_sa_t *this) else { host = host_create_from_dns(this->ike_cfg->get_other_addr(this->ike_cfg), - 0, IKEV2_UDP_PORT); + 0, this->ike_cfg->get_other_port(this->ike_cfg)); } if (host) { @@ -1139,7 +1140,7 @@ static void resolve_hosts(private_ike_sa_t *this) family = this->other_host->get_family(this->other_host); } host = host_create_from_dns(this->ike_cfg->get_my_addr(this->ike_cfg), - family, IKEV2_UDP_PORT); + family, this->ike_cfg->get_my_port(this->ike_cfg)); if (host && host->is_anyaddr(host) && !this->other_host->is_anyaddr(this->other_host)) @@ -1149,13 +1150,13 @@ static void resolve_hosts(private_ike_sa_t *this) charon->kernel_interface, this->other_host, NULL); if (host) { - host->set_port(host, IKEV2_UDP_PORT); + host->set_port(host, this->ike_cfg->get_my_port(this->ike_cfg)); } else { /* fallback to address family specific %any(6), if configured */ host = host_create_from_dns( - this->ike_cfg->get_my_addr(this->ike_cfg), - 0, IKEV2_UDP_PORT); + this->ike_cfg->get_my_addr(this->ike_cfg), + 0, this->ike_cfg->get_my_port(this->ike_cfg)); } } } @@ -1191,10 +1192,10 @@ static status_t initiate(private_ike_sa_t *this, set_condition(this, COND_ORIGINAL_INITIATOR, TRUE); - task = (task_t*)ike_init_create(&this->public, TRUE, NULL); - this->task_manager->queue_task(this->task_manager, task); task = (task_t*)ike_vendor_create(&this->public, TRUE); this->task_manager->queue_task(this->task_manager, task); + task = (task_t*)ike_init_create(&this->public, TRUE, NULL); + this->task_manager->queue_task(this->task_manager, task); task = (task_t*)ike_natd_create(&this->public, TRUE); this->task_manager->queue_task(this->task_manager, task); task = (task_t*)ike_cert_pre_create(&this->public, TRUE); @@ -1408,6 +1409,38 @@ static identification_t* get_other_id(private_ike_sa_t *this) } /** + * Implementation of ike_sa_t.get_other_eap_id. + */ +static identification_t* get_other_eap_id(private_ike_sa_t *this) +{ + identification_t *id = NULL, *current; + enumerator_t *enumerator; + auth_cfg_t *cfg; + + enumerator = this->other_auths->create_enumerator(this->other_auths); + while (enumerator->enumerate(enumerator, &cfg)) + { + /* prefer EAP-Identity of last round */ + current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY); + if (!current || current->get_type(current) == ID_ANY) + { + current = cfg->get(cfg, AUTH_RULE_IDENTITY); + } + if (current && current->get_type(current) != ID_ANY) + { + id = current; + continue; + } + } + enumerator->destroy(enumerator); + if (id) + { + return id; + } + return this->other_id; +} + +/** * Implementation of ike_sa_t.set_other_id. */ static void set_other_id(private_ike_sa_t *this, identification_t *other) @@ -1528,6 +1561,7 @@ static status_t delete_(private_ike_sa_t *this) default: DBG1(DBG_IKE, "destroying IKE_SA in state %N " "without notification", ike_sa_state_names, this->state); + charon->bus->ike_updown(charon->bus, &this->public, FALSE); break; } return DESTROY_ME; @@ -2002,8 +2036,8 @@ static void destroy(private_ike_sa_t *this) while (this->attributes->remove_last(this->attributes, (void**)&entry) == SUCCESS) { - lib->attributes->release(lib->attributes, entry->handler, - this->other_id, entry->type, entry->data); + hydra->attributes->release(hydra->attributes, entry->handler, + this->other_id, entry->type, entry->data); free(entry->data.ptr); free(entry); } @@ -2027,9 +2061,9 @@ static void destroy(private_ike_sa_t *this) { if (this->peer_cfg && this->peer_cfg->get_pool(this->peer_cfg)) { - lib->attributes->release_address(lib->attributes, - this->peer_cfg->get_pool(this->peer_cfg), - this->other_virtual_ip, this->other_id); + hydra->attributes->release_address(hydra->attributes, + this->peer_cfg->get_pool(this->peer_cfg), + this->other_virtual_ip, get_other_eap_id(this)); } this->other_virtual_ip->destroy(this->other_virtual_ip); } @@ -2102,6 +2136,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->public.set_my_id = (void (*)(ike_sa_t*,identification_t*)) set_my_id; this->public.get_other_id = (identification_t* (*)(ike_sa_t*)) get_other_id; this->public.set_other_id = (void (*)(ike_sa_t*,identification_t*)) set_other_id; + this->public.get_other_eap_id = (identification_t* (*)(ike_sa_t*)) get_other_eap_id; this->public.enable_extension = (void(*)(ike_sa_t*, ike_extension_t extension))enable_extension; this->public.supports_extension = (bool(*)(ike_sa_t*, ike_extension_t extension))supports_extension; this->public.set_condition = (void (*)(ike_sa_t*, ike_condition_t,bool)) set_condition; diff --git a/src/charon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 4dce1937c..c61502edf 100644 --- a/src/charon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -31,6 +31,7 @@ typedef enum statistic_t statistic_t; typedef struct ike_sa_t ike_sa_t; #include <library.h> +#include <attributes/attribute_handler.h> #include <encoding/message.h> #include <encoding/payloads/proposal_substructure.h> #include <encoding/payloads/configuration_attribute.h> @@ -359,6 +360,13 @@ struct ike_sa_t { identification_t* (*get_other_id) (ike_sa_t *this); /** + * Get the others peer identity, but prefer an EAP-Identity. + * + * @return EAP or IKEv2 identity + */ + identification_t* (*get_other_eap_id)(ike_sa_t *this); + + /** * Set the other peer's identification. * * @param other identification diff --git a/src/charon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c index 94c5405f2..94c5405f2 100644 --- a/src/charon/sa/ike_sa_id.c +++ b/src/libcharon/sa/ike_sa_id.c diff --git a/src/charon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h index a833aa9d6..a833aa9d6 100644 --- a/src/charon/sa/ike_sa_id.h +++ b/src/libcharon/sa/ike_sa_id.h diff --git a/src/charon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 3ef0f3bb0..3ef0f3bb0 100644 --- a/src/charon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c diff --git a/src/charon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h index 38f5454e1..38f5454e1 100644 --- a/src/charon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h diff --git a/src/charon/sa/keymat.c b/src/libcharon/sa/keymat.c index e49626354..837cbe428 100644 --- a/src/charon/sa/keymat.c +++ b/src/libcharon/sa/keymat.c @@ -99,8 +99,8 @@ struct keylen_entry_t { * Keylen for encryption algos */ keylen_entry_t keylen_enc[] = { - {ENCR_DES, 64}, - {ENCR_3DES, 192}, + {ENCR_DES, 64}, + {ENCR_3DES, 192}, {END_OF_LIST, 0} }; @@ -108,7 +108,7 @@ keylen_entry_t keylen_enc[] = { * Keylen for integrity algos */ keylen_entry_t keylen_int[] = { - {AUTH_HMAC_MD5_96, 128}, + {AUTH_HMAC_MD5_96, 128}, {AUTH_HMAC_SHA1_96, 160}, {AUTH_HMAC_SHA2_256_96, 256}, {AUTH_HMAC_SHA2_256_128, 256}, @@ -414,7 +414,7 @@ static bool derive_child_keys(private_keymat_t *this, /* to bytes */ enc_size /= 8; - /* CCM/GCM/CTR needs additional bytes */ + /* CCM/GCM/CTR/GMAC needs additional bytes */ switch (enc_alg) { case ENCR_AES_CCM_ICV8: @@ -429,6 +429,7 @@ static bool derive_child_keys(private_keymat_t *this, case ENCR_AES_GCM_ICV12: case ENCR_AES_GCM_ICV16: case ENCR_AES_CTR: + case ENCR_NULL_AUTH_AES_GMAC: enc_size += 4; break; default: diff --git a/src/charon/sa/keymat.h b/src/libcharon/sa/keymat.h index e51709e8d..e51709e8d 100644 --- a/src/charon/sa/keymat.h +++ b/src/libcharon/sa/keymat.h diff --git a/src/charon/sa/mediation_manager.c b/src/libcharon/sa/mediation_manager.c index 035f49053..035f49053 100644 --- a/src/charon/sa/mediation_manager.c +++ b/src/libcharon/sa/mediation_manager.c diff --git a/src/charon/sa/mediation_manager.h b/src/libcharon/sa/mediation_manager.h index 31a16f69c..31a16f69c 100644 --- a/src/charon/sa/mediation_manager.h +++ b/src/libcharon/sa/mediation_manager.h diff --git a/src/charon/sa/task_manager.c b/src/libcharon/sa/task_manager.c index 1de0c06f0..eeda6c860 100644 --- a/src/charon/sa/task_manager.c +++ b/src/libcharon/sa/task_manager.c @@ -307,11 +307,11 @@ static status_t build_request(private_task_manager_t *this) switch (this->ike_sa->get_state(this->ike_sa)) { case IKE_CREATED: + activate_task(this, IKE_VENDOR); if (activate_task(this, IKE_INIT)) { this->initiating.mid = 0; exchange = IKE_SA_INIT; - activate_task(this, IKE_VENDOR); activate_task(this, IKE_NATD); activate_task(this, IKE_CERT_PRE); #ifdef ME @@ -696,10 +696,10 @@ static status_t process_request(private_task_manager_t *this, { case IKE_SA_INIT: { - task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL); - this->passive_tasks->insert_last(this->passive_tasks, task); task = (task_t*)ike_vendor_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); + task = (task_t*)ike_init_create(this->ike_sa, FALSE, NULL); + this->passive_tasks->insert_last(this->passive_tasks, task); task = (task_t*)ike_natd_create(this->ike_sa, FALSE); this->passive_tasks->insert_last(this->passive_tasks, task); task = (task_t*)ike_cert_pre_create(this->ike_sa, FALSE); @@ -926,6 +926,7 @@ static status_t process_message(private_task_manager_t *this, message_t *msg) { if (mid == this->initiating.mid) { + charon->bus->message(charon->bus, msg, TRUE); if (process_response(this, msg) != SUCCESS) { flush(this); diff --git a/src/charon/sa/task_manager.h b/src/libcharon/sa/task_manager.h index 731ed4898..731ed4898 100644 --- a/src/charon/sa/task_manager.h +++ b/src/libcharon/sa/task_manager.h diff --git a/src/charon/sa/tasks/child_create.c b/src/libcharon/sa/tasks/child_create.c index 3f002f263..bea4f73d5 100644 --- a/src/charon/sa/tasks/child_create.c +++ b/src/libcharon/sa/tasks/child_create.c @@ -329,11 +329,11 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh) this->dh_group = group; return INVALID_ARG; } - else - { - DBG1(DBG_IKE, "no acceptable proposal found"); - return FAILED; - } + /* the selected proposal does not use a DH group */ + DBG1(DBG_IKE, "ignoring KE exchange, agreed on a non-PFS proposal"); + DESTROY_IF(this->dh); + this->dh = NULL; + this->dh_group = MODP_NONE; } if (my_vip == NULL) diff --git a/src/charon/sa/tasks/child_create.h b/src/libcharon/sa/tasks/child_create.h index 5dedeb8b1..5dedeb8b1 100644 --- a/src/charon/sa/tasks/child_create.h +++ b/src/libcharon/sa/tasks/child_create.h diff --git a/src/charon/sa/tasks/child_delete.c b/src/libcharon/sa/tasks/child_delete.c index d7c6b0541..d7c6b0541 100644 --- a/src/charon/sa/tasks/child_delete.c +++ b/src/libcharon/sa/tasks/child_delete.c diff --git a/src/charon/sa/tasks/child_delete.h b/src/libcharon/sa/tasks/child_delete.h index 365807c68..365807c68 100644 --- a/src/charon/sa/tasks/child_delete.h +++ b/src/libcharon/sa/tasks/child_delete.h diff --git a/src/charon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c index b5e4e84b4..b5e4e84b4 100644 --- a/src/charon/sa/tasks/child_rekey.c +++ b/src/libcharon/sa/tasks/child_rekey.c diff --git a/src/charon/sa/tasks/child_rekey.h b/src/libcharon/sa/tasks/child_rekey.h index 9b1aea5fa..9b1aea5fa 100644 --- a/src/charon/sa/tasks/child_rekey.h +++ b/src/libcharon/sa/tasks/child_rekey.h diff --git a/src/charon/sa/tasks/ike_auth.c b/src/libcharon/sa/tasks/ike_auth.c index a07f96767..a07f96767 100644 --- a/src/charon/sa/tasks/ike_auth.c +++ b/src/libcharon/sa/tasks/ike_auth.c diff --git a/src/charon/sa/tasks/ike_auth.h b/src/libcharon/sa/tasks/ike_auth.h index bba46d961..bba46d961 100644 --- a/src/charon/sa/tasks/ike_auth.h +++ b/src/libcharon/sa/tasks/ike_auth.h diff --git a/src/charon/sa/tasks/ike_auth_lifetime.c b/src/libcharon/sa/tasks/ike_auth_lifetime.c index 75ff35168..75ff35168 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.c +++ b/src/libcharon/sa/tasks/ike_auth_lifetime.c diff --git a/src/charon/sa/tasks/ike_auth_lifetime.h b/src/libcharon/sa/tasks/ike_auth_lifetime.h index 3b129b9e3..3b129b9e3 100644 --- a/src/charon/sa/tasks/ike_auth_lifetime.h +++ b/src/libcharon/sa/tasks/ike_auth_lifetime.h diff --git a/src/charon/sa/tasks/ike_cert_post.c b/src/libcharon/sa/tasks/ike_cert_post.c index c831df975..c831df975 100644 --- a/src/charon/sa/tasks/ike_cert_post.c +++ b/src/libcharon/sa/tasks/ike_cert_post.c diff --git a/src/charon/sa/tasks/ike_cert_post.h b/src/libcharon/sa/tasks/ike_cert_post.h index a21f45927..a21f45927 100644 --- a/src/charon/sa/tasks/ike_cert_post.h +++ b/src/libcharon/sa/tasks/ike_cert_post.h diff --git a/src/charon/sa/tasks/ike_cert_pre.c b/src/libcharon/sa/tasks/ike_cert_pre.c index 0805d0290..0805d0290 100644 --- a/src/charon/sa/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/tasks/ike_cert_pre.c diff --git a/src/charon/sa/tasks/ike_cert_pre.h b/src/libcharon/sa/tasks/ike_cert_pre.h index 1541b80e5..1541b80e5 100644 --- a/src/charon/sa/tasks/ike_cert_pre.h +++ b/src/libcharon/sa/tasks/ike_cert_pre.h diff --git a/src/charon/sa/tasks/ike_config.c b/src/libcharon/sa/tasks/ike_config.c index f010439fe..58bcf0762 100644 --- a/src/charon/sa/tasks/ike_config.c +++ b/src/libcharon/sa/tasks/ike_config.c @@ -17,6 +17,7 @@ #include "ike_config.h" #include <daemon.h> +#include <hydra.h> #include <encoding/payloads/cp_payload.h> typedef struct private_ike_config_t private_ike_config_t; @@ -125,7 +126,7 @@ static void handle_attribute(private_ike_config_t *this, enumerator->destroy(enumerator); /* and pass it to the handle function */ - handler = lib->attributes->handle(lib->attributes, + handler = hydra->attributes->handle(hydra->attributes, this->ike_sa->get_other_id(this->ike_sa), handler, ca->get_type(ca), ca->get_value(ca)); if (handler) @@ -252,7 +253,7 @@ static status_t build_i(private_ike_config_t *this, message_t *message) cp->add_attribute(cp, build_vip(vip)); } - enumerator = lib->attributes->create_initiator_enumerator(lib->attributes, + enumerator = hydra->attributes->create_initiator_enumerator(hydra->attributes, this->ike_sa->get_other_id(this->ike_sa), vip); while (enumerator->enumerate(enumerator, &handler, &type, &data)) { @@ -299,38 +300,6 @@ static status_t process_r(private_ike_config_t *this, message_t *message) } /** - * Find a peer (EAP) identity to query provider for attributes - */ -static identification_t *get_peer_identity(private_ike_config_t *this) -{ - identification_t *id = NULL, *current; - enumerator_t *enumerator; - auth_cfg_t *cfg; - - enumerator = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, FALSE); - while (enumerator->enumerate(enumerator, &cfg)) - { - /* prefer EAP-Identity of last round */ - current = cfg->get(cfg, AUTH_RULE_EAP_IDENTITY); - if (!current || current->get_type(current) == ID_ANY) - { - current = cfg->get(cfg, AUTH_RULE_IDENTITY); - } - if (current && current->get_type(current) != ID_ANY) - { - id = current; - continue; - } - } - enumerator->destroy(enumerator); - if (!id) - { /* fallback, should not happen */ - id = this->ike_sa->get_other_id(this->ike_sa); - } - return id; -} - -/** * Implementation of task_t.build for responder */ static status_t build_r(private_ike_config_t *this, message_t *message) @@ -345,7 +314,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message) peer_cfg_t *config; identification_t *id; - id = get_peer_identity(this); + id = this->ike_sa->get_other_eap_id(this->ike_sa); config = this->ike_sa->get_peer_cfg(this->ike_sa); if (config && this->virtual_ip) @@ -353,7 +322,7 @@ static status_t build_r(private_ike_config_t *this, message_t *message) DBG1(DBG_IKE, "peer requested virtual IP %H", this->virtual_ip); if (config->get_pool(config)) { - vip = lib->attributes->acquire_address(lib->attributes, + vip = hydra->attributes->acquire_address(hydra->attributes, config->get_pool(config), id, this->virtual_ip); } if (vip == NULL) @@ -372,8 +341,8 @@ static status_t build_r(private_ike_config_t *this, message_t *message) } /* query registered providers for additional attributes to include */ - enumerator = lib->attributes->create_responder_enumerator( - lib->attributes, id, vip); + enumerator = hydra->attributes->create_responder_enumerator( + hydra->attributes, id, vip); while (enumerator->enumerate(enumerator, &type, &value)) { if (!cp) diff --git a/src/charon/sa/tasks/ike_config.h b/src/libcharon/sa/tasks/ike_config.h index 8cef08697..8cef08697 100644 --- a/src/charon/sa/tasks/ike_config.h +++ b/src/libcharon/sa/tasks/ike_config.h diff --git a/src/charon/sa/tasks/ike_delete.c b/src/libcharon/sa/tasks/ike_delete.c index 130948836..130948836 100644 --- a/src/charon/sa/tasks/ike_delete.c +++ b/src/libcharon/sa/tasks/ike_delete.c diff --git a/src/charon/sa/tasks/ike_delete.h b/src/libcharon/sa/tasks/ike_delete.h index 82782f393..82782f393 100644 --- a/src/charon/sa/tasks/ike_delete.h +++ b/src/libcharon/sa/tasks/ike_delete.h diff --git a/src/charon/sa/tasks/ike_dpd.c b/src/libcharon/sa/tasks/ike_dpd.c index 4c6ba7662..4c6ba7662 100644 --- a/src/charon/sa/tasks/ike_dpd.c +++ b/src/libcharon/sa/tasks/ike_dpd.c diff --git a/src/charon/sa/tasks/ike_dpd.h b/src/libcharon/sa/tasks/ike_dpd.h index 36388d15b..36388d15b 100644 --- a/src/charon/sa/tasks/ike_dpd.h +++ b/src/libcharon/sa/tasks/ike_dpd.h diff --git a/src/charon/sa/tasks/ike_init.c b/src/libcharon/sa/tasks/ike_init.c index 5eb33b540..5eb33b540 100644 --- a/src/charon/sa/tasks/ike_init.c +++ b/src/libcharon/sa/tasks/ike_init.c diff --git a/src/charon/sa/tasks/ike_init.h b/src/libcharon/sa/tasks/ike_init.h index 7bd784cff..7bd784cff 100644 --- a/src/charon/sa/tasks/ike_init.h +++ b/src/libcharon/sa/tasks/ike_init.h diff --git a/src/charon/sa/tasks/ike_me.c b/src/libcharon/sa/tasks/ike_me.c index 2d2847ae0..2d2847ae0 100644 --- a/src/charon/sa/tasks/ike_me.c +++ b/src/libcharon/sa/tasks/ike_me.c diff --git a/src/charon/sa/tasks/ike_me.h b/src/libcharon/sa/tasks/ike_me.h index 31285a426..31285a426 100644 --- a/src/charon/sa/tasks/ike_me.h +++ b/src/libcharon/sa/tasks/ike_me.h diff --git a/src/charon/sa/tasks/ike_mobike.c b/src/libcharon/sa/tasks/ike_mobike.c index d76ba8d2b..a62886f02 100644 --- a/src/charon/sa/tasks/ike_mobike.c +++ b/src/libcharon/sa/tasks/ike_mobike.c @@ -269,12 +269,36 @@ static void update_children(private_ike_mobike_t *this) } /** + * Apply port of old address if it equals new, port otherwise + */ +static void apply_port(private_ike_mobike_t *this, host_t *host, host_t *old, + u_int16_t port) +{ + if (host->ip_equals(host, old)) + { + host->set_port(host, old->get_port(old)); + } + else + { + if (port == IKEV2_UDP_PORT) + { + host->set_port(host, IKEV2_NATT_PORT); + } + else + { + host->set_port(host, port); + } + } +} + +/** * Implementation of ike_mobike_t.transmit */ static void transmit(private_ike_mobike_t *this, packet_t *packet) { host_t *me, *other, *me_old, *other_old; iterator_t *iterator; + ike_cfg_t *ike_cfg; packet_t *copy; if (!this->check) @@ -284,13 +308,13 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) me_old = this->ike_sa->get_my_host(this->ike_sa); other_old = this->ike_sa->get_other_host(this->ike_sa); + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); me = charon->kernel_interface->get_source_addr( charon->kernel_interface, other_old, NULL); if (me) { - me->set_port(me, me->ip_equals(me, me_old) ? - me_old->get_port(me_old) : IKEV2_NATT_PORT); + apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg)); DBG1(DBG_IKE, "checking original path %#H - %#H", me, other_old); copy = packet->clone(packet); copy->set_source(copy, me); @@ -310,11 +334,9 @@ static void transmit(private_ike_mobike_t *this, packet_t *packet) continue; } /* reuse port for an active address, 4500 otherwise */ - me->set_port(me, me->ip_equals(me, me_old) ? - me_old->get_port(me_old) : IKEV2_NATT_PORT); + apply_port(this, me, me_old, ike_cfg->get_my_port(ike_cfg)); other = other->clone(other); - other->set_port(other, other->ip_equals(other, other_old) ? - other_old->get_port(other_old) : IKEV2_NATT_PORT); + apply_port(this, other, other_old, ike_cfg->get_other_port(ike_cfg)); DBG1(DBG_IKE, "checking path %#H - %#H", me, other); copy = packet->clone(packet); copy->set_source(copy, me); diff --git a/src/charon/sa/tasks/ike_mobike.h b/src/libcharon/sa/tasks/ike_mobike.h index 05b2224d1..05b2224d1 100644 --- a/src/charon/sa/tasks/ike_mobike.h +++ b/src/libcharon/sa/tasks/ike_mobike.h diff --git a/src/charon/sa/tasks/ike_natd.c b/src/libcharon/sa/tasks/ike_natd.c index 9121fe2ea..9ea20ba36 100644 --- a/src/charon/sa/tasks/ike_natd.c +++ b/src/libcharon/sa/tasks/ike_natd.c @@ -313,6 +313,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message) { notify_payload_t *notify; enumerator_t *enumerator; + ike_cfg_t *ike_cfg; host_t *host; if (this->hasher == NULL) @@ -321,6 +322,8 @@ static status_t build_i(private_ike_natd_t *this, message_t *message) return NEED_MORE; } + ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); + /* destination is always set */ host = message->get_destination(message); notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host); @@ -343,7 +346,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message) this->ike_sa->get_other_host(this->ike_sa), NULL); if (host) { /* 2. */ - host->set_port(host, IKEV2_UDP_PORT); + host->set_port(host, ike_cfg->get_my_port(ike_cfg)); notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host); message->add_payload(message, (payload_t*)notify); host->destroy(host); @@ -356,7 +359,7 @@ static status_t build_i(private_ike_natd_t *this, message_t *message) { /* apply port 500 to host, but work on a copy */ host = host->clone(host); - host->set_port(host, IKEV2_UDP_PORT); + host->set_port(host, ike_cfg->get_my_port(ike_cfg)); notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host); host->destroy(host); message->add_payload(message, (payload_t*)notify); diff --git a/src/charon/sa/tasks/ike_natd.h b/src/libcharon/sa/tasks/ike_natd.h index 97b652ead..97b652ead 100644 --- a/src/charon/sa/tasks/ike_natd.h +++ b/src/libcharon/sa/tasks/ike_natd.h diff --git a/src/charon/sa/tasks/ike_reauth.c b/src/libcharon/sa/tasks/ike_reauth.c index ac89c358b..ac89c358b 100644 --- a/src/charon/sa/tasks/ike_reauth.c +++ b/src/libcharon/sa/tasks/ike_reauth.c diff --git a/src/charon/sa/tasks/ike_reauth.h b/src/libcharon/sa/tasks/ike_reauth.h index 5e97b719c..5e97b719c 100644 --- a/src/charon/sa/tasks/ike_reauth.h +++ b/src/libcharon/sa/tasks/ike_reauth.h diff --git a/src/charon/sa/tasks/ike_rekey.c b/src/libcharon/sa/tasks/ike_rekey.c index a2275e796..a2275e796 100644 --- a/src/charon/sa/tasks/ike_rekey.c +++ b/src/libcharon/sa/tasks/ike_rekey.c diff --git a/src/charon/sa/tasks/ike_rekey.h b/src/libcharon/sa/tasks/ike_rekey.h index 1c9550768..1c9550768 100644 --- a/src/charon/sa/tasks/ike_rekey.h +++ b/src/libcharon/sa/tasks/ike_rekey.h diff --git a/src/charon/sa/tasks/ike_vendor.c b/src/libcharon/sa/tasks/ike_vendor.c index 7c435b6d1..7c435b6d1 100644 --- a/src/charon/sa/tasks/ike_vendor.c +++ b/src/libcharon/sa/tasks/ike_vendor.c diff --git a/src/charon/sa/tasks/ike_vendor.h b/src/libcharon/sa/tasks/ike_vendor.h index dcdd37424..dcdd37424 100644 --- a/src/charon/sa/tasks/ike_vendor.h +++ b/src/libcharon/sa/tasks/ike_vendor.h diff --git a/src/charon/sa/tasks/task.c b/src/libcharon/sa/tasks/task.c index 0d7383141..0d7383141 100644 --- a/src/charon/sa/tasks/task.c +++ b/src/libcharon/sa/tasks/task.c diff --git a/src/charon/sa/tasks/task.h b/src/libcharon/sa/tasks/task.h index 4468f2ebe..4468f2ebe 100644 --- a/src/charon/sa/tasks/task.h +++ b/src/libcharon/sa/tasks/task.h diff --git a/src/charon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index ed758995a..878170c83 100644 --- a/src/charon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -127,14 +127,14 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, /* try to resolve addresses */ ike_cfg = peer->get_ike_cfg(peer); other = host_create_from_dns(ike_cfg->get_other_addr(ike_cfg), - 0, IKEV2_UDP_PORT); + 0, ike_cfg->get_other_port(ike_cfg)); if (!other) { DBG1(DBG_CFG, "installing trap failed, remote address unknown"); return 0; } me = host_create_from_dns(ike_cfg->get_my_addr(ike_cfg), - other->get_family(other), IKEV2_UDP_PORT); + other->get_family(other), ike_cfg->get_my_port(ike_cfg)); if (!me || me->is_anyaddr(me)) { DESTROY_IF(me); @@ -146,7 +146,7 @@ static u_int32_t install(private_trap_manager_t *this, peer_cfg_t *peer, other->destroy(other); return 0; } - me->set_port(me, IKEV2_UDP_PORT); + me->set_port(me, ike_cfg->get_my_port(ike_cfg)); } /* create and route CHILD_SA */ diff --git a/src/charon/sa/trap_manager.h b/src/libcharon/sa/trap_manager.h index 37b42e2b0..37b42e2b0 100644 --- a/src/charon/sa/trap_manager.h +++ b/src/libcharon/sa/trap_manager.h diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am index 870dcd6f1..5a1193658 100644 --- a/src/libfast/Makefile.am +++ b/src/libfast/Makefile.am @@ -1,7 +1,7 @@ lib_LTLIBRARIES = libfast.la libfast_la_SOURCES = context.h dispatcher.c request.h session.h \ - controller.h dispatcher.h request.c session.c filter.h + controller.h dispatcher.h request.c session.c filter.h smtp.c smtp.h libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ -lfcgi -lneo_cgi -lneo_cs -lneo_utl -lz $(PTHREADLIB) INCLUDES = -I$(top_srcdir)/src/libstrongswan -I/usr/include/ClearSilver diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index e5ed4a289..f6d1f20a5 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -77,7 +77,7 @@ am__DEPENDENCIES_1 = libfast_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__DEPENDENCIES_1) -am_libfast_la_OBJECTS = dispatcher.lo request.lo session.lo +am_libfast_la_OBJECTS = dispatcher.lo request.lo session.lo smtp.lo libfast_la_OBJECTS = $(am_libfast_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp @@ -217,6 +217,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,7 +254,7 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ lib_LTLIBRARIES = libfast.la libfast_la_SOURCES = context.h dispatcher.c request.h session.h \ - controller.h dispatcher.h request.c session.c filter.h + controller.h dispatcher.h request.c session.c filter.h smtp.c smtp.h libfast_la_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ -lfcgi -lneo_cgi -lneo_cs -lneo_utl -lz $(PTHREADLIB) @@ -337,6 +338,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dispatcher.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/request.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/session.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/smtp.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libfast/request.c b/src/libfast/request.c index 3f4894c45..6bf596fd8 100644 --- a/src/libfast/request.c +++ b/src/libfast/request.c @@ -204,14 +204,20 @@ static char* get_query_data(private_request_t *this, char *name) } /** + * Implementation of request_t.get_base. + */ +static char* get_base(private_request_t *this) +{ + return FCGX_GetParam("SCRIPT_NAME", this->req.envp); +} + +/** * Implementation of request_t.add_cookie. */ static void add_cookie(private_request_t *this, char *name, char *value) { thread_this->set(thread_this, this); - cgi_cookie_set (this->cgi, name, value, - FCGX_GetParam("SCRIPT_NAME", this->req.envp), - NULL, NULL, 0, 0); + cgi_cookie_set (this->cgi, name, value, get_base(this), NULL, NULL, 0, 0); } /** @@ -222,8 +228,7 @@ static void redirect(private_request_t *this, char *fmt, ...) va_list args; FCGX_FPrintF(this->req.out, "Status: 303 See Other\n"); - FCGX_FPrintF(this->req.out, "Location: %s%s", - FCGX_GetParam("SCRIPT_NAME", this->req.envp), + FCGX_FPrintF(this->req.out, "Location: %s%s", get_base(this), *fmt == '/' ? "" : "/"); va_start(args, fmt); FCGX_VFPrintF(this->req.out, fmt, args); @@ -232,21 +237,30 @@ static void redirect(private_request_t *this, char *fmt, ...) } /** - * Implementation of request_t.to_referer. + * Implementation of request_t.get_referer. */ -static void to_referer(private_request_t *this) +static char* get_referer(private_request_t *this) { - FCGX_FPrintF(this->req.out, "Status: 303 See Other\n"); - FCGX_FPrintF(this->req.out, "Location: %s\n\n", - FCGX_GetParam("HTTP_REFERER", this->req.envp)); + return FCGX_GetParam("HTTP_REFERER", this->req.envp); } /** - * Implementation of request_t.get_base. + * Implementation of request_t.to_referer. */ -static char* get_base(private_request_t *this) +static void to_referer(private_request_t *this) { - return FCGX_GetParam("SCRIPT_NAME", this->req.envp); + char *referer; + + referer = get_referer(this); + if (referer) + { + FCGX_FPrintF(this->req.out, "Status: 303 See Other\n"); + FCGX_FPrintF(this->req.out, "Location: %s\n\n", referer); + } + else + { + redirect(this, "/"); + } } /** @@ -396,6 +410,7 @@ request_t *request_create(int fd, bool debug) this->public.session_closed = (bool(*)(request_t*))session_closed; this->public.close_session = (void(*)(request_t*))close_session; this->public.redirect = (void(*)(request_t*, char *fmt,...))redirect; + this->public.get_referer = (char*(*)(request_t*))get_referer; this->public.to_referer = (void(*)(request_t*))to_referer; this->public.render = (void(*)(request_t*,char*))render; this->public.streamf = (int(*)(request_t*, char *format, ...))streamf; diff --git a/src/libfast/request.h b/src/libfast/request.h index 61e2d59f0..af0f8e4f5 100644 --- a/src/libfast/request.h +++ b/src/libfast/request.h @@ -106,7 +106,14 @@ struct request_t { void (*redirect)(request_t *this, char *fmt, ...); /** - * Redirect the client to the referer. + * Get the HTTP referer. + * + * @return HTTP referer + */ + char* (*get_referer)(request_t *this); + + /** + * Redirect back to the referer. */ void (*to_referer)(request_t *this); diff --git a/src/libfast/session.c b/src/libfast/session.c index f03b75542..7c4548ee5 100644 --- a/src/libfast/session.c +++ b/src/libfast/session.c @@ -177,7 +177,9 @@ static void process(private_session_t *this, request_t *request) if (this->controllers->get_first(this->controllers, (void**)¤t) == SUCCESS) { - request->redirect(request, current->get_name(current)); + request->streamf(request, + "Status: 301 Moved permanently\nLocation: %s/%s\n\n", + request->get_base(request), current->get_name(current)); } } } diff --git a/src/libfast/smtp.c b/src/libfast/smtp.c new file mode 100644 index 000000000..4118c74a6 --- /dev/null +++ b/src/libfast/smtp.c @@ -0,0 +1,185 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "smtp.h" + +#include <unistd.h> +#include <errno.h> + +#include <debug.h> + +typedef struct private_smtp_t private_smtp_t; + +/** + * Private data of an smtp_t object. + */ +struct private_smtp_t { + + /** + * Public smtp_t interface. + */ + smtp_t public; + + /** + * file stream to SMTP server + */ + FILE *f; +}; + +/** + * Read the response code from an SMTP server + */ +static int read_response(private_smtp_t *this) +{ + char buf[256], *end; + int res = 0; + + while (TRUE) + { + if (!fgets(buf, sizeof(buf), this->f)) + { + return 0; + } + res = strtol(buf, &end, 10); + switch (*end) + { + case '-': + continue; + case ' ': + case '\0': + case '\n': + break; + default: + return 0; + } + break; + } + return res; +} + +/** + * write a SMTP command to the server, read response code + */ +static int write_cmd(private_smtp_t *this, char *fmt, ...) +{ + char buf[256]; + va_list args; + + va_start(args, fmt); + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + + if (fprintf(this->f, "%s\n", buf) < 1) + { + DBG1(DBG_LIB, "sending SMTP command failed"); + return 0; + } + return read_response(this); +} + +METHOD(smtp_t, send_mail, bool, + private_smtp_t *this, char *from, char *to, char *subject, char *fmt, ...) +{ + va_list args; + + if (write_cmd(this, "MAIL FROM:<%s>", from) != 250) + { + DBG1(DBG_LIB, "SMTP MAIL FROM failed"); + return FALSE; + } + if (write_cmd(this, "RCPT TO:<%s>", to) != 250) + { + DBG1(DBG_LIB, "SMTP RCPT TO failed"); + return FALSE; + } + if (write_cmd(this, "DATA") != 354) + { + DBG1(DBG_LIB, "SMTP DATA failed"); + return FALSE; + } + + fprintf(this->f, "From: %s\n", from); + fprintf(this->f, "To: %s\n", to); + fprintf(this->f, "Subject: %s\n", subject); + fprintf(this->f, "\n"); + va_start(args, fmt); + vfprintf(this->f, fmt, args); + va_end(args); + fprintf(this->f, "\n.\n"); + return read_response(this) == 250; +} + + +METHOD(smtp_t, destroy, void, + private_smtp_t *this) +{ + write_cmd(this, "QUIT"); + fclose(this->f); + free(this); +} + +/** + * See header + */ +smtp_t *smtp_create() +{ + private_smtp_t *this; + struct sockaddr_in addr; + int s; + + INIT(this, + .public = { + .send_mail = _send_mail, + .destroy = _destroy, + }, + ); + + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) + { + DBG1(DBG_LIB, "opening SMTP socket failed: %s", strerror(errno)); + free(this); + return NULL; + } + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr.sin_port = htons(25); + if (connect(s, (struct sockaddr*)&addr, sizeof(addr)) < 0) + { + DBG1(DBG_LIB, "connecting to SMTP server failed: %s", strerror(errno)); + close(s); + free(this); + return NULL; + } + this->f = fdopen(s, "a+"); + if (!this->f) + { + DBG1(DBG_LIB, "opening stream to SMTP server failed: %s", + strerror(errno)); + close(s); + free(this); + return NULL; + } + if (read_response(this) != 220 || + write_cmd(this, "EHLO localhost") != 250) + { + DBG1(DBG_LIB, "SMTP EHLO failed"); + fclose(this->f); + free(this); + return NULL; + } + return &this->public; +} + diff --git a/src/libfast/smtp.h b/src/libfast/smtp.h new file mode 100644 index 000000000..910f18127 --- /dev/null +++ b/src/libfast/smtp.h @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup smtp smtp + * @{ @ingroup libfast + */ + +#ifndef SMTP_H_ +#define SMTP_H_ + +typedef struct smtp_t smtp_t; + +#include <library.h> + +/** + * Ultra-minimalistic SMTP client. Works at most with Exim on localhost. + */ +struct smtp_t { + + /** + * Send an e-mail message. + * + * @param from sender address + * @param to receipient address + * @param subject mail subject + * @param fmt mail body format string + * @param ... arguments for body format string + */ + bool (*send_mail)(smtp_t *this, char *from, char *to, + char *subject, char *fmt, ...); + + /** + * Destroy a smtp_t. + */ + void (*destroy)(smtp_t *this); +}; + +/** + * Create a smtp instance. + */ +smtp_t *smtp_create(); + +#endif /** SMTP_H_ @}*/ diff --git a/src/libfreeswan/Makefile.in b/src/libfreeswan/Makefile.in index e72759bca..e752df82d 100644 --- a/src/libfreeswan/Makefile.in +++ b/src/libfreeswan/Makefile.in @@ -234,6 +234,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/src/libfreeswan/pfkeyv2.h b/src/libfreeswan/pfkeyv2.h index 685db1273..725997ebc 100644 --- a/src/libfreeswan/pfkeyv2.h +++ b/src/libfreeswan/pfkeyv2.h @@ -337,6 +337,7 @@ struct sadb_protocol { #define SADB_X_EALG_AES_GCM_ICV12 19 #define SADB_X_EALG_AES_GCM_ICV16 20 #define SADB_X_EALG_CAMELLIACBC 22 +#define SADB_X_EALG_NULL_AES_GMAC 23 #define SADB_EALG_MAX 253 /* last EALG */ /* private allocations should use 249-255 (RFC2407) */ #define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */ diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk new file mode 100644 index 000000000..caad7447a --- /dev/null +++ b/src/libhydra/Android.mk @@ -0,0 +1,34 @@ +LOCAL_PATH := $(call my-dir) +include $(CLEAR_VARS) + +# copy-n-paste from Makefile.am +LOCAL_SRC_FILES := \ +hydra.c hydra.h \ +attributes/attributes.c attributes/attributes.h \ +attributes/attribute_provider.h attributes/attribute_handler.h \ +attributes/attribute_manager.c attributes/attribute_manager.h \ +attributes/mem_pool.c attributes/mem_pool.h + +# adding the plugin source files + +LOCAL_SRC_FILES += $(call add_plugin, attr) + +# build libcharon -------------------------------------------------------------- + +LOCAL_C_INCLUDES += \ + $(libvstr_PATH) \ + $(strongswan_PATH)/src/include \ + $(strongswan_PATH)/src/libstrongswan + +LOCAL_CFLAGS := $(strongswan_CFLAGS) + +LOCAL_MODULE := libhydra + +LOCAL_ARM_MODE := arm + +LOCAL_PRELINK_MODULE := false + +LOCAL_SHARED_LIBRARIES += libstrongswan + +include $(BUILD_SHARED_LIBRARY) + diff --git a/src/libhydra/Makefile.am b/src/libhydra/Makefile.am new file mode 100644 index 000000000..601a56e38 --- /dev/null +++ b/src/libhydra/Makefile.am @@ -0,0 +1,42 @@ +lib_LTLIBRARIES = libhydra.la + +libhydra_la_SOURCES = \ +hydra.c hydra.h \ +attributes/attributes.c attributes/attributes.h \ +attributes/attribute_provider.h attributes/attribute_handler.h \ +attributes/attribute_manager.c attributes/attribute_manager.h \ +attributes/mem_pool.c attributes/mem_pool.h + +libhydra_la_LIBADD = + +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = \ +-DIPSEC_DIR=\"${ipsecdir}\" \ +-DPLUGINDIR=\"${plugindir}\" \ +-DSTRONGSWAN_CONF=\"${strongswan_conf}\" + +EXTRA_DIST = Android.mk + +# build optional plugins +######################## + +if MONOLITHIC +SUBDIRS = +else +SUBDIRS = . +endif + +if USE_ATTR + SUBDIRS += plugins/attr +if MONOLITHIC + libhydra_la_LIBADD += plugins/attr/libstrongswan-attr.la +endif +endif + +if USE_ATTR_SQL + SUBDIRS += plugins/attr_sql +if MONOLITHIC + libhydra_la_LIBADD += plugins/attr_sql/libstrongswan-attr-sql.la +endif +endif + diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in new file mode 100644 index 000000000..32027d1ea --- /dev/null +++ b/src/libhydra/Makefile.in @@ -0,0 +1,762 @@ +# Makefile.in generated by automake 1.11 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@USE_ATTR_TRUE@am__append_1 = plugins/attr +@MONOLITHIC_TRUE@@USE_ATTR_TRUE@am__append_2 = plugins/attr/libstrongswan-attr.la +@USE_ATTR_SQL_TRUE@am__append_3 = plugins/attr_sql +@MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_4 = plugins/attr_sql/libstrongswan-attr-sql.la +subdir = src/libhydra +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(libdir)" +LTLIBRARIES = $(lib_LTLIBRARIES) +libhydra_la_DEPENDENCIES = $(am__append_2) $(am__append_4) +am_libhydra_la_OBJECTS = hydra.lo attributes.lo attribute_manager.lo \ + mem_pool.lo +libhydra_la_OBJECTS = $(am_libhydra_la_OBJECTS) +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libhydra_la_SOURCES) +DIST_SOURCES = $(libhydra_la_SOURCES) +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = . plugins/attr plugins/attr_sql +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgid = @ipsecgid@ +ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ +libstrongswan_plugins = @libstrongswan_plugins@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +piddir = @piddir@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +lib_LTLIBRARIES = libhydra.la +libhydra_la_SOURCES = \ +hydra.c hydra.h \ +attributes/attributes.c attributes/attributes.h \ +attributes/attribute_provider.h attributes/attribute_handler.h \ +attributes/attribute_manager.c attributes/attribute_manager.h \ +attributes/mem_pool.c attributes/mem_pool.h + +libhydra_la_LIBADD = $(am__append_2) $(am__append_4) +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = \ +-DIPSEC_DIR=\"${ipsecdir}\" \ +-DPLUGINDIR=\"${plugindir}\" \ +-DSTRONGSWAN_CONF=\"${strongswan_conf}\" + +EXTRA_DIST = Android.mk +@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_1) $(am__append_3) + +# build optional plugins +######################## +@MONOLITHIC_TRUE@SUBDIRS = $(am__append_1) $(am__append_3) +all: all-recursive + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libhydra/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libhydra.la: $(libhydra_la_OBJECTS) $(libhydra_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libhydra_la_OBJECTS) $(libhydra_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute_manager.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attributes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hydra.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mem_pool.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +attributes.lo: attributes/attributes.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attributes.lo -MD -MP -MF $(DEPDIR)/attributes.Tpo -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attributes.Tpo $(DEPDIR)/attributes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attributes.c' object='attributes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c + +attribute_manager.lo: attributes/attribute_manager.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.lo -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attribute_manager.c' object='attribute_manager.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c + +mem_pool.lo: attributes/mem_pool.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mem_pool.lo -MD -MP -MF $(DEPDIR)/mem_pool.Tpo -c -o mem_pool.lo `test -f 'attributes/mem_pool.c' || echo '$(srcdir)/'`attributes/mem_pool.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mem_pool.Tpo $(DEPDIR)/mem_pool.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/mem_pool.c' object='mem_pool.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mem_pool.lo `test -f 'attributes/mem_pool.c' || echo '$(srcdir)/'`attributes/mem_pool.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile $(LTLIBRARIES) +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(libdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-recursive + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-libLTLIBRARIES + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs installdirs-am \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ + uninstall-libLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/attributes/attribute_handler.h b/src/libhydra/attributes/attribute_handler.h index d042f47ef..d042f47ef 100644 --- a/src/libstrongswan/attributes/attribute_handler.h +++ b/src/libhydra/attributes/attribute_handler.h diff --git a/src/libstrongswan/attributes/attribute_manager.c b/src/libhydra/attributes/attribute_manager.c index 91fa1ebb5..3080b56eb 100644 --- a/src/libstrongswan/attributes/attribute_manager.c +++ b/src/libhydra/attributes/attribute_manager.c @@ -83,7 +83,7 @@ static host_t* acquire_address(private_attribute_manager_t *this, if (!host) { - DBG1("acquiring address from pool '%s' failed", pool); + DBG1(DBG_CFG, "acquiring address from pool '%s' failed", pool); } return host; } @@ -113,7 +113,7 @@ static void release_address(private_attribute_manager_t *this, if (!found) { - DBG1("releasing address to pool '%s' failed", pool); + DBG1(DBG_CFG, "releasing address to pool '%s' failed", pool); } } @@ -206,7 +206,7 @@ static attribute_handler_t* handle(private_attribute_manager_t *this, if (!handled) { - DBG1("handling %N attribute failed", + DBG1(DBG_CFG, "handling %N attribute failed", configuration_attribute_type_names, type); } return handled; diff --git a/src/libstrongswan/attributes/attribute_manager.h b/src/libhydra/attributes/attribute_manager.h index 642662366..642662366 100644 --- a/src/libstrongswan/attributes/attribute_manager.h +++ b/src/libhydra/attributes/attribute_manager.h diff --git a/src/libstrongswan/attributes/attribute_provider.h b/src/libhydra/attributes/attribute_provider.h index f8485cc6c..f8485cc6c 100644 --- a/src/libstrongswan/attributes/attribute_provider.h +++ b/src/libhydra/attributes/attribute_provider.h diff --git a/src/libstrongswan/attributes/attributes.c b/src/libhydra/attributes/attributes.c index 83feed17e..83feed17e 100644 --- a/src/libstrongswan/attributes/attributes.c +++ b/src/libhydra/attributes/attributes.c diff --git a/src/libstrongswan/attributes/attributes.h b/src/libhydra/attributes/attributes.h index f4a396f21..f4a396f21 100644 --- a/src/libstrongswan/attributes/attributes.h +++ b/src/libhydra/attributes/attributes.h diff --git a/src/libhydra/attributes/mem_pool.c b/src/libhydra/attributes/mem_pool.c new file mode 100644 index 000000000..65018e3a9 --- /dev/null +++ b/src/libhydra/attributes/mem_pool.c @@ -0,0 +1,451 @@ +/* + * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mem_pool.h" + +#include <debug.h> +#include <utils/hashtable.h> +#include <threading/rwlock.h> + +#define POOL_LIMIT (sizeof(uintptr_t)*8) + +typedef struct private_mem_pool_t private_mem_pool_t; + +/** + * private data of mem_pool_t + */ +struct private_mem_pool_t { + /** + * public interface + */ + mem_pool_t public; + + /** + * name of the pool + */ + char *name; + + /** + * base address of the pool + */ + host_t *base; + + /** + * size of the pool + */ + u_int size; + + /** + * next unused address + */ + u_int unused; + + /** + * hashtable [identity => offset], for online leases + */ + hashtable_t *online; + + /** + * hashtable [identity => offset], for offline leases + */ + hashtable_t *offline; + + /** + * hashtable [identity => identity], handles identity references + */ + hashtable_t *ids; + + /** + * lock to safely access the pool + */ + rwlock_t *lock; +}; + +/** + * hashtable hash function for identities + */ +static u_int id_hash(identification_t *id) +{ + return chunk_hash(id->get_encoding(id)); +} + +/** + * hashtable equals function for identities + */ +static bool id_equals(identification_t *a, identification_t *b) +{ + return a->equals(a, b); +} + +/** + * convert a pool offset to an address + */ +static host_t* offset2host(private_mem_pool_t *pool, int offset) +{ + chunk_t addr; + host_t *host; + u_int32_t *pos; + + offset--; + if (offset > pool->size) + { + return NULL; + } + + addr = chunk_clone(pool->base->get_address(pool->base)); + if (pool->base->get_family(pool->base) == AF_INET6) + { + pos = (u_int32_t*)(addr.ptr + 12); + } + else + { + pos = (u_int32_t*)addr.ptr; + } + *pos = htonl(offset + ntohl(*pos)); + host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0); + free(addr.ptr); + return host; +} + +/** + * convert a host to a pool offset + */ +static int host2offset(private_mem_pool_t *pool, host_t *addr) +{ + chunk_t host, base; + u_int32_t hosti, basei; + + if (addr->get_family(addr) != pool->base->get_family(pool->base)) + { + return -1; + } + host = addr->get_address(addr); + base = pool->base->get_address(pool->base); + if (addr->get_family(addr) == AF_INET6) + { + /* only look at last /32 block */ + if (!memeq(host.ptr, base.ptr, 12)) + { + return -1; + } + host = chunk_skip(host, 12); + base = chunk_skip(base, 12); + } + hosti = ntohl(*(u_int32_t*)(host.ptr)); + basei = ntohl(*(u_int32_t*)(base.ptr)); + if (hosti > basei + pool->size) + { + return -1; + } + return hosti - basei + 1; +} + +METHOD(mem_pool_t, get_name, const char*, + private_mem_pool_t *this) +{ + return this->name; +} + +METHOD(mem_pool_t, get_size, u_int, + private_mem_pool_t *this) +{ + return this->size; +} + +METHOD(mem_pool_t, get_online, u_int, + private_mem_pool_t *this) +{ + u_int count; + this->lock->read_lock(this->lock); + count = this->online->get_count(this->online); + this->lock->unlock(this->lock); + return count; +} + +METHOD(mem_pool_t, get_offline, u_int, + private_mem_pool_t *this) +{ + u_int count; + this->lock->read_lock(this->lock); + count = this->offline->get_count(this->offline); + this->lock->unlock(this->lock); + return count; +} + +METHOD(mem_pool_t, acquire_address, host_t*, + private_mem_pool_t *this, identification_t *id, host_t *requested) +{ + uintptr_t offset = 0; + enumerator_t *enumerator; + identification_t *old_id; + + /* if the pool is empty (e.g. in the %config case) we simply return the + * requested address */ + if (this->size == 0) + { + return requested->clone(requested); + } + + if (!requested->is_anyaddr(requested) && + requested->get_family(requested) != + this->base->get_family(this->base)) + { + DBG1(DBG_CFG, "IP pool address family mismatch"); + return NULL; + } + + this->lock->write_lock(this->lock); + while (TRUE) + { + /* check for a valid offline lease, refresh */ + offset = (uintptr_t)this->offline->remove(this->offline, id); + if (offset) + { + id = this->ids->get(this->ids, id); + if (id) + { + DBG1(DBG_CFG, "reassigning offline lease to '%Y'", id); + this->online->put(this->online, id, (void*)offset); + break; + } + } + + /* check for a valid online lease, reassign */ + offset = (uintptr_t)this->online->get(this->online, id); + if (offset && offset == host2offset(this, requested)) + { + DBG1(DBG_CFG, "reassigning online lease to '%Y'", id); + break; + } + + if (this->unused < this->size) + { + /* assigning offset, starting by 1. Handling 0 in hashtable + * is difficult. */ + offset = ++this->unused; + id = id->clone(id); + this->ids->put(this->ids, id, id); + this->online->put(this->online, id, (void*)offset); + DBG1(DBG_CFG, "assigning new lease to '%Y'", id); + break; + } + + /* no more addresses, replace the first found offline lease */ + enumerator = this->offline->create_enumerator(this->offline); + if (enumerator->enumerate(enumerator, &old_id, &offset)) + { + offset = (uintptr_t)this->offline->remove(this->offline, old_id); + if (offset) + { + /* destroy reference to old ID */ + old_id = this->ids->remove(this->ids, old_id); + DBG1(DBG_CFG, "reassigning existing offline lease by '%Y'" + " to '%Y'", old_id, id); + if (old_id) + { + old_id->destroy(old_id); + } + id = id->clone(id); + this->ids->put(this->ids, id, id); + this->online->put(this->online, id, (void*)offset); + enumerator->destroy(enumerator); + break; + } + } + enumerator->destroy(enumerator); + + DBG1(DBG_CFG, "pool '%s' is full, unable to assign address", + this->name); + break; + } + this->lock->unlock(this->lock); + + if (offset) + { + return offset2host(this, offset); + } + return NULL; +} + +METHOD(mem_pool_t, release_address, bool, + private_mem_pool_t *this, host_t *address, identification_t *id) +{ + bool found = FALSE; + if (this->size != 0) + { + uintptr_t offset; + this->lock->write_lock(this->lock); + offset = (uintptr_t)this->online->remove(this->online, id); + if (offset) + { + id = this->ids->get(this->ids, id); + if (id) + { + DBG1(DBG_CFG, "lease %H by '%Y' went offline", address, id); + this->offline->put(this->offline, id, (void*)offset); + found = TRUE; + } + } + this->lock->unlock(this->lock); + } + return found; +} + +/** + * lease enumerator + */ +typedef struct { + /** implemented enumerator interface */ + enumerator_t public; + /** inner hash-table enumerator */ + enumerator_t *inner; + /** enumerated pool */ + private_mem_pool_t *pool; + /** currently enumerated lease address */ + host_t *current; +} lease_enumerator_t; + +METHOD(enumerator_t, lease_enumerate, bool, + lease_enumerator_t *this, identification_t **id_out, host_t **addr_out, + bool *online) +{ + identification_t *id; + uintptr_t offset; + + DESTROY_IF(this->current); + this->current = NULL; + + if (this->inner->enumerate(this->inner, &id, NULL)) + { + offset = (uintptr_t)this->pool->online->get(this->pool->online, id); + if (offset) + { + *id_out = id; + *addr_out = this->current = offset2host(this->pool, offset); + *online = TRUE; + return TRUE; + } + offset = (uintptr_t)this->pool->offline->get(this->pool->offline, id); + if (offset) + { + *id_out = id; + *addr_out = this->current = offset2host(this->pool, offset); + *online = FALSE; + return TRUE; + } + } + return FALSE; +} + +METHOD(enumerator_t, lease_enumerator_destroy, void, + lease_enumerator_t *this) +{ + DESTROY_IF(this->current); + this->inner->destroy(this->inner); + this->pool->lock->unlock(this->pool->lock); + free(this); +} + +METHOD(mem_pool_t, create_lease_enumerator, enumerator_t*, + private_mem_pool_t *this) +{ + lease_enumerator_t *enumerator; + this->lock->read_lock(this->lock); + INIT(enumerator, + .public = { + .enumerate = (void*)_lease_enumerate, + .destroy = (void*)_lease_enumerator_destroy, + }, + .pool = this, + .inner = this->ids->create_enumerator(this->ids), + ); + return &enumerator->public; +} + +METHOD(mem_pool_t, destroy, void, + private_mem_pool_t *this) +{ + enumerator_t *enumerator; + identification_t *id; + + enumerator = this->ids->create_enumerator(this->ids); + while (enumerator->enumerate(enumerator, &id, NULL)) + { + id->destroy(id); + } + enumerator->destroy(enumerator); + + this->ids->destroy(this->ids); + this->online->destroy(this->online); + this->offline->destroy(this->offline); + this->lock->destroy(this->lock); + DESTROY_IF(this->base); + free(this->name); + free(this); +} + +/** + * Described in header + */ +mem_pool_t *mem_pool_create(char *name, host_t *base, int bits) +{ + private_mem_pool_t *this; + + INIT(this, + .public = { + .get_name = _get_name, + .get_size = _get_size, + .get_online = _get_online, + .get_offline = _get_offline, + .acquire_address = _acquire_address, + .release_address = _release_address, + .create_lease_enumerator = _create_lease_enumerator, + .destroy = _destroy, + }, + .name = strdup(name), + .online = hashtable_create((hashtable_hash_t)id_hash, + (hashtable_equals_t)id_equals, 16), + .offline = hashtable_create((hashtable_hash_t)id_hash, + (hashtable_equals_t)id_equals, 16), + .ids = hashtable_create((hashtable_hash_t)id_hash, + (hashtable_equals_t)id_equals, 16), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + if (base) + { + int addr_bits = base->get_family(base) == AF_INET ? 32 : 128; + /* net bits -> host bits */ + bits = addr_bits - bits; + if (bits > POOL_LIMIT) + { + bits = POOL_LIMIT; + DBG1(DBG_CFG, "virtual IP pool too large, limiting to %H/%d", + base, addr_bits - bits); + } + this->size = 1 << (bits); + + if (this->size > 2) + { /* do not use first and last addresses of a block */ + this->unused++; + this->size--; + } + this->base = base->clone(base); + } + + return &this->public; +} + diff --git a/src/libhydra/attributes/mem_pool.h b/src/libhydra/attributes/mem_pool.h new file mode 100644 index 000000000..bb963de93 --- /dev/null +++ b/src/libhydra/attributes/mem_pool.h @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2010 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup mem_pool mem_pool + * @{ @ingroup attributes + */ + +#ifndef MEM_POOL_H +#define MEM_POOL_H + +typedef struct mem_pool_t mem_pool_t; + +#include <utils/host.h> +#include <utils/identification.h> + +/** + * An in-memory IP address pool. + */ +struct mem_pool_t { + + /** + * Get the name of this pool. + * + * @return the name of this pool + */ + const char* (*get_name)(mem_pool_t *this); + + /** + * Get the size (i.e. number of addresses) of this pool. + * + * @return the size of this pool + */ + u_int (*get_size)(mem_pool_t *this); + + /** + * Get the number of online leases. + * + * @return the number of offline leases + */ + u_int (*get_online)(mem_pool_t *this); + + /** + * Get the number of offline leases. + * + * @return the number of online leases + */ + u_int (*get_offline)(mem_pool_t *this); + + /** + * Acquire an address for the given id from this pool. + * + * @param id the id to acquire an address for + * @param requested acquire this address, if possible + * @return the acquired address + */ + host_t* (*acquire_address)(mem_pool_t *this, identification_t *id, + host_t *requested); + + /** + * Release a previously acquired address. + * + * @param address the address to release + * @param id the id the address was assigned to + * @return TRUE, if the lease was found + */ + bool (*release_address)(mem_pool_t *this, host_t *address, + identification_t *id); + + /** + * Create an enumerator over the leases of this pool. + * + * Enumerator enumerates over + * identification_t *id, host_t *address, bool online + * + * @return enumerator + */ + enumerator_t* (*create_lease_enumerator)(mem_pool_t *this); + + /** + * Destroy a mem_pool_t instance. + */ + void (*destroy)(mem_pool_t *this); +}; + +/** + * Create an in-memory IP address pool. + * + * An empty pool just returns the requested address. + * + * @param name name of this pool + * @param base base address of this pool, NULL to create an empty pool + * @param bits net mask + */ +mem_pool_t *mem_pool_create(char *name, host_t *base, int bits); + +#endif /** MEM_POOL_H_ @} */ + diff --git a/src/libhydra/hydra.c b/src/libhydra/hydra.c new file mode 100644 index 000000000..16a8193ea --- /dev/null +++ b/src/libhydra/hydra.c @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2010 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "hydra.h" + +#include <debug.h> + +typedef struct private_hydra_t private_hydra_t; + +/** + * Private additions to hydra_t. + */ +struct private_hydra_t { + + /** + * Public members of hydra_t. + */ + hydra_t public; +}; + +/** + * Single instance of hydra_t. + */ +hydra_t *hydra; + +/** + * Described in header. + */ +void libhydra_deinit() +{ + private_hydra_t *this = (private_hydra_t*)hydra; + this->public.attributes->destroy(this->public.attributes); + free((void*)this->public.daemon); + free(this); + hydra = NULL; +} + +/** + * Described in header. + */ +bool libhydra_init(const char *daemon) +{ + private_hydra_t *this; + + INIT(this, + .public = { + .attributes = attribute_manager_create(), + .daemon = strdup(daemon ?: "libhydra"), + }, + ); + hydra = &this->public; + + if (lib->integrity && + !lib->integrity->check(lib->integrity, "libhydra", libhydra_init)) + { + DBG1(DBG_LIB, "integrity check of libhydra failed"); + return FALSE; + } + return TRUE; +} + diff --git a/src/libhydra/hydra.h b/src/libhydra/hydra.h new file mode 100644 index 000000000..8670f3969 --- /dev/null +++ b/src/libhydra/hydra.h @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2010 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup libhydra libhydra + * + * @defgroup attributes attributes + * @ingroup libhydra + * + * @defgroup hplugins plugins + * @ingroup libhydra + * + * @addtogroup libhydra + * @{ + */ + +#ifndef HYDRA_H_ +#define HYDRA_H_ + +typedef struct hydra_t hydra_t; + +#include <attributes/attribute_manager.h> + +#include <library.h> + +/** + * IKE Daemon support object. + */ +struct hydra_t { + + /** + * manager for payload attributes + */ + attribute_manager_t *attributes; + + /** + * name of the daemon that initialized the library + */ + const char *daemon; +}; + +/** + * The single instance of hydra_t. + * + * Set between calls to libhydra_init() and libhydra_deinit() calls. + */ +extern hydra_t *hydra; + +/** + * Initialize libhydra. + * + * The daemon's name is used to load daemon-specific settings. + * + * @param daemon name of the daemon that initializes the library + * @return FALSE if integrity check failed + */ +bool libhydra_init(const char *daemon); + +/** + * Deinitialize libhydra. + */ +void libhydra_deinit(); + +#endif /** HYDRA_H_ @}*/ diff --git a/src/libhydra/plugins/attr/Makefile.am b/src/libhydra/plugins/attr/Makefile.am new file mode 100644 index 000000000..71401648e --- /dev/null +++ b/src/libhydra/plugins/attr/Makefile.am @@ -0,0 +1,17 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-attr.la +else +plugin_LTLIBRARIES = libstrongswan-attr.la +endif + +libstrongswan_attr_la_SOURCES = \ + attr_plugin.h attr_plugin.c \ + attr_provider.h attr_provider.c + +libstrongswan_attr_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in index 689bb3244..54aa64beb 100644 --- a/src/charon/plugins/attr/Makefile.in +++ b/src/libhydra/plugins/attr/Makefile.in @@ -34,7 +34,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -subdir = src/charon/plugins/attr +subdir = src/libhydra/plugins/attr DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -72,13 +72,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_attr_la_LIBADD = am_libstrongswan_attr_la_OBJECTS = attr_plugin.lo attr_provider.lo libstrongswan_attr_la_OBJECTS = $(am_libstrongswan_attr_la_OBJECTS) libstrongswan_attr_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_attr_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_attr_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_attr_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -251,11 +254,15 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra \ + -I$(top_srcdir)/src/libcharon + AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-attr.la -libstrongswan_attr_la_SOURCES = attr_plugin.h attr_plugin.c \ - attr_provider.h attr_provider.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr.la +libstrongswan_attr_la_SOURCES = \ + attr_plugin.h attr_plugin.c \ + attr_provider.h attr_provider.c libstrongswan_attr_la_LDFLAGS = -module -avoid-version all: all-am @@ -271,9 +278,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/attr/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/attr/Makefile + $(AUTOMAKE) --gnu src/libhydra/plugins/attr/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -292,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-attr.la: $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_DEPENDENCIES) - $(libstrongswan_attr_la_LINK) -rpath $(plugindir) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS) + $(libstrongswan_attr_la_LINK) $(am_libstrongswan_attr_la_rpath) $(libstrongswan_attr_la_OBJECTS) $(libstrongswan_attr_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -478,8 +494,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -550,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/charon/plugins/attr/attr_plugin.c b/src/libhydra/plugins/attr/attr_plugin.c index 6dfb10271..24c00bb44 100644 --- a/src/charon/plugins/attr/attr_plugin.c +++ b/src/libhydra/plugins/attr/attr_plugin.c @@ -16,7 +16,7 @@ #include "attr_plugin.h" #include "attr_provider.h" -#include <daemon.h> +#include <hydra.h> typedef struct private_attr_plugin_t private_attr_plugin_t; @@ -41,7 +41,7 @@ struct private_attr_plugin_t { */ static void destroy(private_attr_plugin_t *this) { - lib->attributes->remove_provider(lib->attributes, &this->provider->provider); + hydra->attributes->remove_provider(hydra->attributes, &this->provider->provider); this->provider->destroy(this->provider); free(this); } @@ -49,14 +49,14 @@ static void destroy(private_attr_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *attr_plugin_create() { private_attr_plugin_t *this = malloc_thing(private_attr_plugin_t); this->public.plugin.destroy = (void(*)(plugin_t*))destroy; this->provider = attr_provider_create(); - lib->attributes->add_provider(lib->attributes, &this->provider->provider); + hydra->attributes->add_provider(hydra->attributes, &this->provider->provider); return &this->public.plugin; } diff --git a/src/charon/plugins/attr/attr_plugin.h b/src/libhydra/plugins/attr/attr_plugin.h index 9f31b60e1..29fb33839 100644 --- a/src/charon/plugins/attr/attr_plugin.h +++ b/src/libhydra/plugins/attr/attr_plugin.h @@ -15,7 +15,7 @@ /** * @defgroup attr attr - * @ingroup cplugins + * @ingroup hplugins * * @defgroup attr_plugin attr_plugin * @{ @ingroup attr @@ -39,9 +39,4 @@ struct attr_plugin_t { plugin_t plugin; }; -/** - * Create a attr_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** ATTR_PLUGIN_H_ @}*/ diff --git a/src/charon/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c index 548896f56..9d6daa892 100644 --- a/src/charon/plugins/attr/attr_provider.c +++ b/src/libhydra/plugins/attr/attr_provider.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2009 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -17,7 +18,9 @@ #include <time.h> -#include <daemon.h> +#include <hydra.h> +#include <debug.h> +#include <utils/linked_list.h> #define SERVER_MAX 2 @@ -100,7 +103,8 @@ static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr, host_t *host; char *str; - str = lib->settings->get_str(lib->settings, "charon.%s%d", NULL, key, nr); + str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, hydra->daemon, + key, nr); if (str) { host = host_create_from_string(str, 0); @@ -155,7 +159,7 @@ static void load_entries(private_attr_provider_t *this) char *key, *value, *token; enumerator = lib->settings->create_key_value_enumerator(lib->settings, - "charon.plugins.attr"); + "%s.plugins.attr", hydra->daemon); while (enumerator->enumerate(enumerator, &key, &value)) { configuration_attribute_type_t type; diff --git a/src/charon/plugins/attr/attr_provider.h b/src/libhydra/plugins/attr/attr_provider.h index a41466718..a41466718 100644 --- a/src/charon/plugins/attr/attr_provider.h +++ b/src/libhydra/plugins/attr/attr_provider.h diff --git a/src/libhydra/plugins/attr_sql/Makefile.am b/src/libhydra/plugins/attr_sql/Makefile.am new file mode 100644 index 000000000..376a8259c --- /dev/null +++ b/src/libhydra/plugins/attr_sql/Makefile.am @@ -0,0 +1,23 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra + +AM_CFLAGS = \ + -rdynamic \ + -DPLUGINS=\""${libstrongswan_plugins}\"" + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-attr-sql.la +else +plugin_LTLIBRARIES = libstrongswan-attr-sql.la +endif + +libstrongswan_attr_sql_la_SOURCES = \ + attr_sql_plugin.h attr_sql_plugin.c \ + sql_attribute.h sql_attribute.c + +libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version + +ipsec_PROGRAMS = pool +pool_SOURCES = pool.c +pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +pool.o : $(top_builddir)/config.status diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in index e157a9b78..99e97cefc 100644 --- a/src/libstrongswan/plugins/attr_sql/Makefile.in +++ b/src/libhydra/plugins/attr_sql/Makefile.in @@ -36,7 +36,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = pool$(EXEEXT) -subdir = src/libstrongswan/plugins/attr_sql +subdir = src/libhydra/plugins/attr_sql DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -74,7 +74,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(ipsecdir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_attr_sql_la_LIBADD = am_libstrongswan_attr_sql_la_OBJECTS = attr_sql_plugin.lo \ sql_attribute.lo @@ -84,6 +84,9 @@ libstrongswan_attr_sql_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_attr_sql_la_LDFLAGS) \ $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_attr_sql_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_attr_sql_la_rpath = PROGRAMS = $(ipsec_PROGRAMS) am_pool_OBJECTS = pool.$(OBJEXT) pool_OBJECTS = $(am_pool_OBJECTS) @@ -227,6 +230,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -261,14 +265,16 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic \ - -DPLUGINS=\""${libstrongswan_plugins}\"" +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra +AM_CFLAGS = \ + -rdynamic \ + -DPLUGINS=\""${libstrongswan_plugins}\"" -plugin_LTLIBRARIES = libstrongswan-attr-sql.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-attr-sql.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-attr-sql.la libstrongswan_attr_sql_la_SOURCES = \ - attr_sql_plugin.h attr_sql_plugin.c \ - sql_attribute.h sql_attribute.c + attr_sql_plugin.h attr_sql_plugin.c \ + sql_attribute.h sql_attribute.c libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version pool_SOURCES = pool.c @@ -286,9 +292,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libhydra/plugins/attr_sql/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/attr_sql/Makefile + $(AUTOMAKE) --gnu src/libhydra/plugins/attr_sql/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -307,6 +313,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -339,7 +354,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-attr-sql.la: $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_DEPENDENCIES) - $(libstrongswan_attr_sql_la_LINK) -rpath $(plugindir) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS) + $(libstrongswan_attr_sql_la_LINK) $(am_libstrongswan_attr_sql_la_rpath) $(libstrongswan_attr_sql_la_OBJECTS) $(libstrongswan_attr_sql_la_LIBADD) $(LIBS) install-ipsecPROGRAMS: $(ipsec_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(ipsecdir)" || $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" @@ -541,7 +556,7 @@ maintainer-clean-generic: clean: clean-am clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ - clean-pluginLTLIBRARIES mostlyclean-am + clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -612,21 +627,22 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-ipsecPROGRAMS clean-libtool clean-pluginLTLIBRARIES \ - ctags distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipsecPROGRAMS install-man install-pdf \ - install-pdf-am install-pluginLTLIBRARIES install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ - uninstall-am uninstall-ipsecPROGRAMS \ + clean-ipsecPROGRAMS clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES ctags distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-ipsecPROGRAMS install-man \ + install-pdf install-pdf-am install-pluginLTLIBRARIES \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ uninstall-pluginLTLIBRARIES +pool.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c index 66b309c67..70e7a2247 100644 --- a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.c +++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c @@ -13,7 +13,7 @@ * for more details. */ -#include <library.h> +#include <hydra.h> #include <debug.h> #include "attr_sql_plugin.h" @@ -48,7 +48,7 @@ struct private_attr_sql_plugin_t { */ static void destroy(private_attr_sql_plugin_t *this) { - lib->attributes->remove_provider(lib->attributes, &this->attribute->provider); + hydra->attributes->remove_provider(hydra->attributes, &this->attribute->provider); this->attribute->destroy(this->attribute); this->db->destroy(this->db); free(this); @@ -57,15 +57,15 @@ static void destroy(private_attr_sql_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *attr_sql_plugin_create() { char *uri; private_attr_sql_plugin_t *this; - uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL); + uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL); if (!uri) { - DBG1("attr-sql plugin: database URI not set"); + DBG1(DBG_CFG, "attr-sql plugin: database URI not set"); return NULL; } @@ -76,12 +76,12 @@ plugin_t *plugin_create() this->db = lib->db->create(lib->db, uri); if (!this->db) { - DBG1("attr-sql plugin failed to connect to database"); + DBG1(DBG_CFG, "attr-sql plugin failed to connect to database"); free(this); return NULL; } this->attribute = sql_attribute_create(this->db); - lib->attributes->add_provider(lib->attributes, &this->attribute->provider); + hydra->attributes->add_provider(hydra->attributes, &this->attribute->provider); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h b/src/libhydra/plugins/attr_sql/attr_sql_plugin.h index 3a60ea0d2..ba85a6b28 100644 --- a/src/libstrongswan/plugins/attr_sql/attr_sql_plugin.h +++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.h @@ -15,7 +15,7 @@ /** * @defgroup attr_sql attr_sql - * @ingroup plugins + * @ingroup hplugins * * @defgroup sql_plugin sql_plugin * @{ @ingroup attr_sql @@ -39,9 +39,4 @@ struct attr_sql_plugin_t { plugin_t plugin; }; -/** - * Create a sql_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** ATTR_SQL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/attr_sql/pool.c b/src/libhydra/plugins/attr_sql/pool.c index 85b30a70f..fed89fc51 100644 --- a/src/libstrongswan/plugins/attr_sql/pool.c +++ b/src/libhydra/plugins/attr_sql/pool.c @@ -18,6 +18,8 @@ #include <unistd.h> #include <stdio.h> #include <time.h> +#include <string.h> +#include <errno.h> #include <debug.h> #include <library.h> @@ -36,6 +38,85 @@ database_t *db; host_t *start = NULL, *end = NULL, *server = NULL; /** + * whether --add should --replace an existing pool + */ +bool replace_pool = FALSE; + +/** + * forward declarations + */ +static void del(char *name); +static void do_args(int argc, char *argv[]); + +/** + * nesting counter for database transaction functions + */ +int nested_transaction = 0; + +/** + * start a database transaction + */ +static void begin_transaction() +{ + if (db->get_driver(db) == DB_SQLITE) + { + if (!nested_transaction) + { + db->execute(db, NULL, "BEGIN EXCLUSIVE TRANSACTION"); + } + ++nested_transaction; + } +} + +/** + * commit a database transaction + */ +static void commit_transaction() +{ + if (db->get_driver(db) == DB_SQLITE) + { + --nested_transaction; + if (!nested_transaction) + { + db->execute(db, NULL, "END TRANSACTION"); + } + } +} + +/** + * Create or replace a pool by name + */ +static u_int create_pool(char *name, chunk_t start, chunk_t end, int timeout) +{ + enumerator_t *e; + int pool; + + e = db->query(db, "SELECT id FROM pools WHERE name = ?", + DB_TEXT, name, DB_UINT); + if (e && e->enumerate(e, &pool)) + { + if (replace_pool == FALSE) + { + fprintf(stderr, "pool '%s' exists.\n", name); + e->destroy(e); + exit(EXIT_FAILURE); + } + del(name); + } + DESTROY_IF(e); + if (db->execute(db, &pool, + "INSERT INTO pools (name, start, end, timeout) VALUES (?, ?, ?, ?)", + DB_TEXT, name, DB_BLOB, start, DB_BLOB, end, + DB_INT, timeout*3600) != 1) + { + fprintf(stderr, "creating pool failed.\n"); + exit(EXIT_FAILURE); + } + + return pool; +} + +/** * instead of a pool handle a DNS or NBNS attribute */ static bool is_attribute(char *name) @@ -84,18 +165,32 @@ static void usage(void) { printf("\ Usage:\n\ - ipsec pool --status|--add|--del|--resize|--purge [options]\n\ + ipsec pool --status|--add|--replace|--del|--resize|--purge [options]\n\ \n\ ipsec pool --status\n\ Show a list of installed pools with statistics.\n\ \n\ ipsec pool --add <name> --start <start> --end <end> [--timeout <timeout>]\n\ - Add a new pool to the database.\n\ + ipsec pool --replace <name> --start <start> --end <end> [--timeout <timeout>]\n\ + Add a new pool to or replace an existing pool in the database.\n\ name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\ start: Start address of the pool\n\ end: End address of the pool\n\ timeout: Lease time in hours, 0 for static leases\n\ \n\ + ipsec pool --add <name> --addresses <file> [--timeout <timeout>]\n\ + ipsec pool --replace <name> --addresses <file> [--timeout <timeout>]\n\ + Add a new pool to or replace an existing pool in the database.\n\ + name: Name of the pool, as used in ipsec.conf rightsourceip=%%name\n\ + file: File newline separated addresses for the pool are read from.\n\ + Optionally each address can be pre-assigned to a roadwarrior\n\ + identity, e.g. 10.231.14.2=alice@strongswan.org.\n\ + If a - (hyphen) is given instead of a file name, the addresses\n\ + are read from STDIN. Reading addresses stops at the end of file\n\ + or an empty line. Pools created with this command can not be\n\ + resized.\n\ + timeout: Lease time in hours, 0 for static leases\n\ + \n\ ipsec pool --add dns|nbns|wins --server <server>\n\ Add a new DNS or NBNS server to the database.\n\ server: IP address of the name server\n\ @@ -127,8 +222,19 @@ Usage:\n\ ipsec pool --purge <name>\n\ Delete lease history of a pool:\n\ name: Name of the pool to purge\n\ + \n\ + ipsec pool --batch <file>\n\ + Read commands from a file and execute them atomically.\n\ + file: File to read the newline separated commands from. Commands\n\ + appear as they are written on the command line, e.g.\n\ + --replace mypool --start 10.0.0.1 --end 10.0.0.254\n\ + --del dns\n\ + --add dns --server 10.1.0.1\n\ + --add dns --server 10.1.1.1\n\ + If a - (hyphen) is given as a file name, the commands are read\n\ + from STDIN. Readin commands stops at the end of file. Empty\n\ + lines are ignored. The file may not contain a --batch command.\n\ \n"); - exit(0); } /** @@ -268,8 +374,14 @@ static void status(void) start = host_create_from_chunk(AF_UNSPEC, start_chunk, 0); end = host_create_from_chunk(AF_UNSPEC, end_chunk, 0); - size = get_pool_size(start_chunk, end_chunk); - printf("%8s %15H %15H ", name, start, end); + if (start->is_anyaddr(start) && end->is_anyaddr(end)) + { + printf("%8s %15s %15s ", name, "n/a", "n/a"); + } + else + { + printf("%8s %15H %15H ", name, start, end); + } if (timeout) { printf("%7dh ", timeout/3600); @@ -278,6 +390,14 @@ static void status(void) { printf("%8s ", "static"); } + /* get total number of hosts in the pool */ + lease = db->query(db, "SELECT COUNT(*) FROM addresses " + "WHERE pool = ?", DB_UINT, id, DB_INT); + if (lease) + { + lease->enumerate(lease, &size); + lease->destroy(lease); + } printf("%6d ", size); /* get number of online hosts */ lease = db->query(db, "SELECT COUNT(*) FROM addresses " @@ -313,7 +433,6 @@ static void status(void) { printf("no pools found.\n"); } - exit(0); } /** @@ -333,23 +452,13 @@ static void add(char *name, host_t *start, host_t *end, int timeout) memcmp(start_addr.ptr, end_addr.ptr, start_addr.len) > 0) { fprintf(stderr, "invalid start/end pair specified.\n"); - exit(-1); - } - if (db->execute(db, &id, - "INSERT INTO pools (name, start, end, timeout) " - "VALUES (?, ?, ?, ?)", - DB_TEXT, name, DB_BLOB, start_addr, - DB_BLOB, end_addr, DB_INT, timeout*3600) != 1) - { - fprintf(stderr, "creating pool failed.\n"); - exit(-1); + exit(EXIT_FAILURE); } + id = create_pool(name, start_addr, end_addr, timeout); printf("allocating %d addresses... ", count); fflush(stdout); - if (db->get_driver(db) == DB_SQLITE) - { /* run population in a transaction for sqlite */ - db->execute(db, NULL, "BEGIN TRANSACTION"); - } + /* run population in a transaction for sqlite */ + begin_transaction(); while (TRUE) { db->execute(db, NULL, @@ -362,13 +471,125 @@ static void add(char *name, host_t *start, host_t *end, int timeout) } chunk_increment(cur_addr); } - if (db->get_driver(db) == DB_SQLITE) + commit_transaction(); + printf("done.\n", count); +} + +static bool add_address(u_int pool_id, char *address_str, int *family) +{ + host_t *address; + int user_id = 0; + + char *pos_eq = strchr(address_str, '='); + if (pos_eq != NULL) { - db->execute(db, NULL, "END TRANSACTION"); + enumerator_t *e; + identification_t *id = identification_create_from_string(pos_eq + 1); + + /* look for peer identity in the identities table */ + e = db->query(db, + "SELECT id FROM identities WHERE type = ? AND data = ?", + DB_INT, id->get_type(id), DB_BLOB, id->get_encoding(id), + DB_UINT); + + if (!e || !e->enumerate(e, &user_id)) + { + /* not found, insert new one */ + if (db->execute(db, &user_id, + "INSERT INTO identities (type, data) VALUES (?, ?)", + DB_INT, id->get_type(id), + DB_BLOB, id->get_encoding(id)) != 1) + { + fprintf(stderr, "creating id '%s' failed.\n", pos_eq + 1); + return FALSE; + } + } + DESTROY_IF(e); + id->destroy(id); + *pos_eq = '\0'; } - printf("done.\n", count); - exit(0); + address = host_create_from_string(address_str, 0); + if (address == NULL) + { + fprintf(stderr, "invalid address '%s'.\n", address_str); + return FALSE; + } + if (family && *family && *family != address->get_family(address)) + { + fprintf(stderr, "invalid address family '%s'.\n", address_str); + return FALSE; + } + + if (db->execute(db, NULL, + "INSERT INTO addresses " + "(pool, address, identity, acquired, released) " + "VALUES (?, ?, ?, ?, ?)", + DB_UINT, pool_id, DB_BLOB, address->get_address(address), + DB_UINT, user_id, DB_UINT, 0, DB_UINT, 1) != 1) + { + fprintf(stderr, "inserting address '%s' failed.\n", address_str); + return FALSE; + } + *family = address->get_family(address); + address->destroy(address); + + return TRUE; +} + +static void add_addresses(char *pool, char *path, int timeout) +{ + u_int pool_id, count = 0; + int family = AF_UNSPEC; + char address_str[512]; + host_t *addr; + FILE *file; + + /* run population in a transaction for sqlite */ + begin_transaction(); + + addr = host_create_from_string("%any", 0); + pool_id = create_pool(pool, addr->get_address(addr), + addr->get_address(addr), timeout); + addr->destroy(addr); + + file = (strcmp(path, "-") == 0 ? stdin : fopen(path, "r")); + if (file == NULL) + { + fprintf(stderr, "opening '%s' failed: %s\n", path, strerror(errno)); + exit(-1); + } + + printf("starting allocation... "); + fflush(stdout); + + while (fgets(address_str, sizeof(address_str), file)) + { + size_t addr_len = strlen(address_str); + char *last_chr = address_str + addr_len - 1; + if (*last_chr == '\n') + { + if (addr_len == 1) + { /* end of input */ + break; + } + *last_chr = '\0'; + } + if (add_address(pool_id, address_str, &family) == FALSE) + { + exit(EXIT_FAILURE); + } + ++count; + } + + if (file != stdin) + { + fclose(file); + } + + commit_transaction(); + + printf("%d addresses done.\n", count); } /** @@ -386,10 +607,9 @@ static void add_attr(char *name, host_t *server) DB_INT, type, DB_BLOB, value) != 1) { fprintf(stderr, "adding %s server %H failed.\n", name, server); - exit(-1); + exit(EXIT_FAILURE); } printf("added %s server %H\n", name, server); - exit(0); } /** @@ -406,7 +626,7 @@ static void del(char *name) if (!query) { fprintf(stderr, "deleting pool failed.\n"); - exit(-1); + exit(EXIT_FAILURE); } while (query->enumerate(query, &id)) { @@ -421,16 +641,15 @@ static void del(char *name) { fprintf(stderr, "deleting pool failed.\n"); query->destroy(query); - exit(-1); + exit(EXIT_FAILURE); } } query->destroy(query); if (!found) { fprintf(stderr, "pool '%s' not found.\n", name); - exit(-1); + exit(EXIT_FAILURE); } - exit(0); } /** @@ -448,7 +667,7 @@ static void del_attr(char *name, host_t *server) { type = get_attribute_type(name, server); value = server->get_address(server); - query = db->query(db, + query = db->query(db, "SELECT id, type, value FROM attributes " "WHERE type = ? AND value = ?", DB_INT, type, DB_BLOB, value, @@ -468,17 +687,17 @@ static void del_attr(char *name, host_t *server) type_ip4 = INTERNAL_IP4_NBNS; type_ip6 = INTERNAL_IP6_NBNS; } - + query = db->query(db, "SELECT id, type, value FROM attributes " "WHERE type = ? OR type = ?", DB_INT, type_ip4, DB_INT, type_ip6, DB_UINT, DB_INT, DB_BLOB); - } + } if (!query) { fprintf(stderr, "deleting %s servers failed.\n", name); - exit(-1); + exit(EXIT_FAILURE); } while (query->enumerate(query, &id, &type, &value)) @@ -497,45 +716,33 @@ static void del_attr(char *name, host_t *server) fprintf(stderr, "deleting %s server %H failed\n", name, host); query->destroy(query); DESTROY_IF(host); - exit(-1); + exit(EXIT_FAILURE); } printf("deleted %s server %H\n", name, host); DESTROY_IF(host); } query->destroy(query); - if (!found) + if (!found && server) { - printf("no matching %s servers found\n", name); - exit(-1); + printf("%s server %H not found\n", name, server); + exit(EXIT_FAILURE); + } + else if (!found) + { + printf("no %s servers found\n", name); } - exit(0); } /** - * ipsec pool --resize - resize a pool if (db->execute(db, NULL, - "DELETE FROM attributes WHERE type = ? AND value = ?", - DB_INT, type, DB_BLOB, value) != 1) - { - fprintf(stderr, "deleting %s server %H failed\n", name, server); - exit(-1); - } - printf("deleted %s server %H\n", name, server); - if (db->execute(db, NULL, - "DELETE FROM attributes WHERE type = ? AND value = ?", - DB_INT, type, DB_BLOB, value) != 1) - { - fprintf(stderr, "deleting %s server %H failed\n", name, server); - exit(-1); - } - printf("deleted %s server %H\n", name, server); - + * ipsec pool --resize - resize a pool */ static void resize(char *name, host_t *end) { enumerator_t *query; chunk_t old_addr, new_addr, cur_addr; u_int id, count; + host_t *old_end; new_addr = end->get_address(end); @@ -545,33 +752,41 @@ static void resize(char *name, host_t *end) { DESTROY_IF(query); fprintf(stderr, "resizing pool failed.\n"); - exit(-1); + exit(EXIT_FAILURE); } if (old_addr.len != new_addr.len || memcmp(new_addr.ptr, old_addr.ptr, old_addr.len) < 0) { fprintf(stderr, "shrinking of pools not supported.\n"); query->destroy(query); - exit(-1); + exit(EXIT_FAILURE); } cur_addr = chunk_clonea(old_addr); count = get_pool_size(old_addr, new_addr) - 1; query->destroy(query); + /* Check whether pool is resizable */ + old_end = host_create_from_chunk(AF_UNSPEC, old_addr, 0); + if (old_end && old_end->is_anyaddr(old_end)) + { + fprintf(stderr, "pool is not resizable.\n"); + old_end->destroy(old_end); + exit(EXIT_FAILURE); + } + DESTROY_IF(old_end); + if (db->execute(db, NULL, "UPDATE pools SET end = ? WHERE name = ?", DB_BLOB, new_addr, DB_TEXT, name) <= 0) { fprintf(stderr, "pool '%s' not found.\n", name); - exit(-1); + exit(EXIT_FAILURE); } printf("allocating %d new addresses... ", count); fflush(stdout); - if (db->get_driver(db) == DB_SQLITE) - { /* run population in a transaction for sqlite */ - db->execute(db, NULL, "BEGIN TRANSACTION"); - } + /* run population in a transaction for sqlite */ + begin_transaction(); while (count-- > 0) { chunk_increment(cur_addr); @@ -580,13 +795,9 @@ static void resize(char *name, host_t *end) "VALUES (?, ?, ?, ?, ?)", DB_UINT, id, DB_BLOB, cur_addr, DB_UINT, 0, DB_UINT, 0, DB_UINT, 1); } - if (db->get_driver(db) == DB_SQLITE) - { - db->execute(db, NULL, "END TRANSACTION"); - } + commit_transaction(); printf("done.\n", count); - exit(0); } /** @@ -652,7 +863,7 @@ static enumerator_t *create_lease_query(char *filter) if (!addr) { fprintf(stderr, "invalid 'addr' in filter string.\n"); - exit(-1); + exit(EXIT_FAILURE); } break; case FIL_TSTAMP: @@ -683,13 +894,13 @@ static enumerator_t *create_lease_query(char *filter) else { fprintf(stderr, "invalid 'state' in filter string.\n"); - exit(-1); + exit(EXIT_FAILURE); } } break; default: fprintf(stderr, "invalid filter string.\n"); - exit(-1); + exit(EXIT_FAILURE); break; } } @@ -748,7 +959,8 @@ static void leases(char *filter, bool utc) chunk_t address_chunk, identity_chunk; int identity_type; char *name; - u_int acquired, released, timeout; + u_int db_acquired, db_released, db_timeout; + time_t acquired, released, timeout; host_t *address; identification_t *identity; bool found = FALSE; @@ -757,10 +969,10 @@ static void leases(char *filter, bool utc) if (!query) { fprintf(stderr, "querying leases failed.\n"); - exit(-1); + exit(EXIT_FAILURE); } while (query->enumerate(query, &name, &address_chunk, &identity_type, - &identity_chunk, &acquired, &released, &timeout)) + &identity_chunk, &db_acquired, &db_released, &db_timeout)) { if (!found) { @@ -773,6 +985,11 @@ static void leases(char *filter, bool utc) address = host_create_from_chunk(AF_UNSPEC, address_chunk, 0); identity = identification_create_from_encoding(identity_type, identity_chunk); + /* u_int is not always equal to time_t */ + acquired = (time_t)db_acquired; + released = (time_t)db_released; + timeout = (time_t)db_timeout; + printf("%-8s %-15H ", name, address); if (released == 0) { @@ -812,9 +1029,8 @@ static void leases(char *filter, bool utc) if (!found) { fprintf(stderr, "no matching leases found.\n"); - exit(-1); + exit(EXIT_FAILURE); } - exit(0); } /** @@ -832,10 +1048,82 @@ static void purge(char *name) if (purged < 0) { fprintf(stderr, "purging pool '%s' failed.\n", name); - exit(-1); + exit(EXIT_FAILURE); } fprintf(stderr, "purged %d leases in pool '%s'.\n", purged, name); - exit(0); +} + +#define ARGV_SIZE 32 + +static void argv_add(char **argv, int argc, char *value) +{ + if (argc >= ARGV_SIZE) + { + fprintf(stderr, "too many arguments: %s\n", value); + exit(EXIT_FAILURE); + } + argv[argc] = value; +} + +/** + * ipsec pool --batch - read commands from a file + */ +static void batch(char *argv0, char *name) +{ + char command[512]; + + FILE *file = strncmp(name, "-", 1) == 0 ? stdin : fopen(name, "r"); + if (file == NULL) + { + fprintf(stderr, "opening '%s' failed: %s\n", name, strerror(errno)); + exit(EXIT_FAILURE); + } + + begin_transaction(); + while (fgets(command, sizeof(command), file)) + { + char *argv[ARGV_SIZE], *start; + int i, argc = 0; + size_t cmd_len = strlen(command); + + /* ignore empty lines */ + if (cmd_len == 1 && *(command + cmd_len - 1) == '\n') + { + continue; + } + + /* parse command into argv */ + start = command; + argv_add(argv, argc++, argv0); + for (i = 0; i < cmd_len; ++i) + { + if (command[i] == ' ' || command[i] == '\n') + { + if (command + i == start) + { + /* ignore leading whitespace */ + ++start; + continue; + } + command[i] = '\0'; + argv_add(argv, argc++, start); + start = command + i + 1; + } + } + if (strlen(start) > 0) + { + argv_add(argv, argc++, start); + } + argv_add(argv, argc, NULL); + + do_args(argc, argv); + } + commit_transaction(); + + if (file != stdin) + { + fclose(file); + } } /** @@ -849,12 +1137,13 @@ static void cleanup(void) DESTROY_IF(server); } -int main(int argc, char *argv[]) +static void do_args(int argc, char *argv[]) { - char *uri, *name = "", *filter = ""; + char *name = "", *filter = "", *addresses = NULL; int timeout = 0; bool utc = FALSE; enum { + OP_UNDEF, OP_USAGE, OP_STATUS, OP_ADD, @@ -863,41 +1152,12 @@ int main(int argc, char *argv[]) OP_DEL_ATTR, OP_RESIZE, OP_LEASES, - OP_PURGE - } operation = OP_USAGE; + OP_PURGE, + OP_BATCH + } operation = OP_UNDEF; - atexit(library_deinit); - - /* initialize library */ - if (!library_init(NULL)) - { - exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); - } - if (lib->integrity && - !lib->integrity->check_file(lib->integrity, "pool", argv[0])) - { - fprintf(stderr, "integrity check of pool failed\n"); - exit(SS_RC_DAEMON_INTEGRITY); - } - if (!lib->plugins->load(lib->plugins, NULL, - lib->settings->get_str(lib->settings, "pool.load", PLUGINS))) - { - exit(SS_RC_INITIALIZATION_FAILED); - } - - uri = lib->settings->get_str(lib->settings, "libstrongswan.plugins.attr-sql.database", NULL); - if (!uri) - { - fprintf(stderr, "database URI libstrongswan.plugins.attr-sql.database not set.\n"); - exit(SS_RC_INITIALIZATION_FAILED); - } - db = lib->db->create(lib->db, uri); - if (!db) - { - fprintf(stderr, "opening database failed.\n"); - exit(SS_RC_INITIALIZATION_FAILED); - } - atexit(cleanup); + /* reinit getopt state */ + optind = 0; while (TRUE) { @@ -909,13 +1169,16 @@ int main(int argc, char *argv[]) { "utc", no_argument, NULL, 'u' }, { "status", no_argument, NULL, 'w' }, { "add", required_argument, NULL, 'a' }, + { "replace", required_argument, NULL, 'c' }, { "del", required_argument, NULL, 'd' }, { "resize", required_argument, NULL, 'r' }, { "leases", no_argument, NULL, 'l' }, { "purge", required_argument, NULL, 'p' }, + { "batch", required_argument, NULL, 'b' }, { "start", required_argument, NULL, 's' }, { "end", required_argument, NULL, 'e' }, + { "addresses", required_argument, NULL, 'x' }, { "timeout", required_argument, NULL, 't' }, { "filter", required_argument, NULL, 'f' }, { "server", required_argument, NULL, 'v' }, @@ -928,6 +1191,7 @@ int main(int argc, char *argv[]) case EOF: break; case 'h': + operation = OP_USAGE; break; case 'w': operation = OP_STATUS; @@ -935,9 +1199,18 @@ int main(int argc, char *argv[]) case 'u': utc = TRUE; continue; + case 'c': + replace_pool = TRUE; + /* fallthrough */ case 'a': name = optarg; operation = is_attribute(name) ? OP_ADD_ATTR : OP_ADD; + if (replace_pool && operation == OP_ADD_ATTR) + { + fprintf(stderr, "invalid pool name: '%s'.\n", optarg); + usage(); + exit(EXIT_FAILURE); + } continue; case 'd': name = optarg; @@ -954,22 +1227,33 @@ int main(int argc, char *argv[]) name = optarg; operation = OP_PURGE; continue; + case 'b': + name = optarg; + if (operation == OP_BATCH) + { + fprintf(stderr, "--batch commands can not be nested\n"); + exit(EXIT_FAILURE); + } + operation = OP_BATCH; + continue; case 's': + DESTROY_IF(start); start = host_create_from_string(optarg, 0); if (start == NULL) { fprintf(stderr, "invalid start address: '%s'.\n", optarg); - operation = OP_USAGE; - break; + usage(); + exit(EXIT_FAILURE); } continue; case 'e': + DESTROY_IF(end); end = host_create_from_string(optarg, 0); if (end == NULL) { fprintf(stderr, "invalid end address: '%s'.\n", optarg); - operation = OP_USAGE; - break; + usage(); + exit(EXIT_FAILURE); } continue; case 't': @@ -977,24 +1261,29 @@ int main(int argc, char *argv[]) if (timeout == 0 && strcmp(optarg, "0") != 0) { fprintf(stderr, "invalid timeout '%s'.\n", optarg); - operation = OP_USAGE; - break; + usage(); + exit(EXIT_FAILURE); } continue; case 'f': filter = optarg; continue; + case 'x': + addresses = optarg; + continue; case 'v': + DESTROY_IF(server); server = host_create_from_string(optarg, 0); if (server == NULL) { fprintf(stderr, "invalid server address: '%s'.\n", optarg); - operation = OP_USAGE; - break; + usage(); + exit(EXIT_FAILURE); } continue; default: - operation = OP_USAGE; + usage(); + exit(EXIT_FAILURE); break; } break; @@ -1009,18 +1298,27 @@ int main(int argc, char *argv[]) status(); break; case OP_ADD: - if (start == NULL || end == NULL) + if (addresses != NULL) + { + add_addresses(name, addresses, timeout); + } + else if (start != NULL && end != NULL) + { + add(name, start, end, timeout); + } + else { fprintf(stderr, "missing arguments.\n"); usage(); + exit(EXIT_FAILURE); } - add(name, start, end, timeout); break; case OP_ADD_ATTR: if (server == NULL) { fprintf(stderr, "missing arguments.\n"); usage(); + exit(EXIT_FAILURE); } add_attr(name, server); break; @@ -1035,6 +1333,7 @@ int main(int argc, char *argv[]) { fprintf(stderr, "missing arguments.\n"); usage(); + exit(EXIT_FAILURE); } resize(name, end); break; @@ -1044,7 +1343,60 @@ int main(int argc, char *argv[]) case OP_PURGE: purge(name); break; + case OP_BATCH: + if (name == NULL) + { + fprintf(stderr, "missing arguments.\n"); + usage(); + exit(EXIT_FAILURE); + } + batch(argv[0], name); + break; + default: + usage(); + exit(EXIT_FAILURE); + } +} + +int main(int argc, char *argv[]) +{ + char *uri; + + atexit(library_deinit); + + /* initialize library */ + if (!library_init(NULL)) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } - exit(0); + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "pool", argv[0])) + { + fprintf(stderr, "integrity check of pool failed\n"); + exit(SS_RC_DAEMON_INTEGRITY); + } + if (!lib->plugins->load(lib->plugins, NULL, + lib->settings->get_str(lib->settings, "pool.load", PLUGINS))) + { + exit(SS_RC_INITIALIZATION_FAILED); + } + + uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL); + if (!uri) + { + fprintf(stderr, "database URI libhydra.plugins.attr-sql.database not set.\n"); + exit(SS_RC_INITIALIZATION_FAILED); + } + db = lib->db->create(lib->db, uri); + if (!db) + { + fprintf(stderr, "opening database failed.\n"); + exit(SS_RC_INITIALIZATION_FAILED); + } + atexit(cleanup); + + do_args(argc, argv); + + exit(EXIT_SUCCESS); } diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.c b/src/libhydra/plugins/attr_sql/sql_attribute.c index a89195b6d..a7cfde649 100644 --- a/src/libstrongswan/plugins/attr_sql/sql_attribute.c +++ b/src/libhydra/plugins/attr_sql/sql_attribute.c @@ -127,8 +127,8 @@ static host_t* check_lease(private_sql_attribute_t *this, char *name, host = host_create_from_chunk(AF_UNSPEC, address, 0); if (host) { - DBG1("acquired existing lease for address %H in pool '%s'", - host, name); + DBG1(DBG_CFG, "acquired existing lease for address %H in" + " pool '%s'", host, name); return host; } } @@ -202,13 +202,13 @@ static host_t* get_lease(private_sql_attribute_t *this, char *name, host = host_create_from_chunk(AF_UNSPEC, address, 0); if (host) { - DBG1("acquired new lease for address %H in pool '%s'", + DBG1(DBG_CFG, "acquired new lease for address %H in pool '%s'", host, name); return host; } } } - DBG1("no available address found in pool '%s'", name); + DBG1(DBG_CFG, "no available address found in pool '%s'", name); return NULL; } @@ -366,7 +366,7 @@ sql_attribute_t *sql_attribute_create(database_t *db) this->db = db; this->history = lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.attr-sql.lease_history", TRUE); + "libhydra.plugins.attr-sql.lease_history", TRUE); /* close any "online" leases in the case we crashed */ if (this->history) diff --git a/src/libstrongswan/plugins/attr_sql/sql_attribute.h b/src/libhydra/plugins/attr_sql/sql_attribute.h index ca87eb27e..ca87eb27e 100644 --- a/src/libstrongswan/plugins/attr_sql/sql_attribute.h +++ b/src/libhydra/plugins/attr_sql/sql_attribute.h diff --git a/src/libsimaka/Makefile.am b/src/libsimaka/Makefile.am index f64e4dba3..8e7a1f0d3 100644 --- a/src/libsimaka/Makefile.am +++ b/src/libsimaka/Makefile.am @@ -1,5 +1,5 @@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon noinst_LTLIBRARIES = libsimaka.la libsimaka_la_SOURCES = simaka_message.h simaka_message.c \ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index 9a448ef02..ab07cb214 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -192,6 +192,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -226,7 +227,7 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon +INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon noinst_LTLIBRARIES = libsimaka.la libsimaka_la_SOURCES = simaka_message.h simaka_message.c \ simaka_crypto.h simaka_crypto.c diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c index 22d111bfd..e0319e918 100644 --- a/src/libsimaka/simaka_message.c +++ b/src/libsimaka/simaka_message.c @@ -256,16 +256,12 @@ static void add_attribute(private_simaka_message_t *this, { attr_t *attr; - if (!charon->sim->attribute_hook(charon->sim, this->hdr->code, - this->hdr->type, this->hdr->subtype, type, data)) - { - attr = malloc(sizeof(attr_t) + data.len); - attr->len = data.len; - attr->type = type; - memcpy(attr->data, data.ptr, data.len); + attr = malloc(sizeof(attr_t) + data.len); + attr->len = data.len; + attr->type = type; + memcpy(attr->data, data.ptr, data.len); - this->attributes->insert_last(this->attributes, attr); - } + this->attributes->insert_last(this->attributes, attr); } /** @@ -463,6 +459,9 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in) break; } } + + charon->sim->message_hook(charon->sim, &this->public, TRUE, this->encrypted); + return TRUE; } @@ -604,6 +603,8 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata) u_int16_t len; signer_t *signer; + charon->sim->message_hook(charon->sim, &this->public, FALSE, TRUE); + out = chunk_create(out_buf, sizeof(out_buf)); encr = chunk_create(encr_buf, sizeof(encr_buf)); @@ -814,6 +815,9 @@ static eap_payload_t* generate(private_simaka_message_t *this, chunk_t sigdata) data = chunk_cata("cc", out, sigdata); signer->get_signature(signer, data, mac.ptr); } + + charon->sim->message_hook(charon->sim, &this->public, FALSE, FALSE); + return eap_payload_create_data(out); } diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h index ee9b3ebec..341f72959 100644 --- a/src/libsimaka/simaka_message.h +++ b/src/libsimaka/simaka_message.h @@ -31,7 +31,6 @@ #include "simaka_crypto.h" -typedef struct simaka_message_t simaka_message_t; typedef enum simaka_attribute_t simaka_attribute_t; typedef enum simaka_subtype_t simaka_subtype_t; typedef enum simaka_notification_t simaka_notification_t; diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk new file mode 100644 index 000000000..d639220e3 --- /dev/null +++ b/src/libstrongswan/Android.mk @@ -0,0 +1,121 @@ +LOCAL_PATH := $(call my-dir) +include $(CLEAR_VARS) + +# copy-n-paste from Makefile.am +LOCAL_SRC_FILES := \ +library.c library.h \ +chunk.c chunk.h \ +debug.c debug.h \ +enum.c enum.h \ +settings.h settings.c \ +printf_hook.c printf_hook.h \ +asn1/asn1.c asn1/asn1.h \ +asn1/asn1_parser.c asn1/asn1_parser.h \ +asn1/oid.c asn1/oid.h \ +crypto/crypters/crypter.c crypto/crypters/crypter.h \ +crypto/hashers/hasher.h crypto/hashers/hasher.c \ +crypto/pkcs9.c crypto/pkcs9.h \ +crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \ +crypto/prfs/prf.c crypto/prfs/prf.h \ +crypto/rngs/rng.c crypto/rngs/rng.h \ +crypto/prf_plus.h crypto/prf_plus.c \ +crypto/signers/signer.c crypto/signers/signer.h \ +crypto/crypto_factory.c crypto/crypto_factory.h \ +crypto/crypto_tester.c crypto/crypto_tester.h \ +crypto/diffie_hellman.c crypto/diffie_hellman.h \ +crypto/transform.c crypto/transform.h \ +credentials/credential_factory.c credentials/credential_factory.h \ +credentials/builder.c credentials/builder.h \ +credentials/keys/key_encoding.c credentials/keys/key_encoding.h \ +credentials/keys/private_key.c credentials/keys/private_key.h \ +credentials/keys/public_key.c credentials/keys/public_key.h \ +credentials/keys/shared_key.c credentials/keys/shared_key.h \ +credentials/certificates/certificate.c credentials/certificates/certificate.h \ +credentials/certificates/x509.h credentials/certificates/x509.c \ +credentials/certificates/ac.h \ +credentials/certificates/crl.h credentials/certificates/crl.c \ +credentials/certificates/pkcs10.h \ +credentials/certificates/ocsp_request.h \ +credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \ +credentials/certificates/pgp_certificate.h \ +credentials/ietf_attributes/ietf_attributes.c credentials/ietf_attributes/ietf_attributes.h \ +database/database.h database/database_factory.h database/database_factory.c \ +fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ +selectors/traffic_selector.c selectors/traffic_selector.h \ +threading/thread.h threading/thread.c \ +threading/thread_value.h threading/thread_value.c \ +threading/mutex.h threading/mutex.c threading/condvar.h \ +threading/rwlock.h threading/rwlock.c \ +threading/lock_profiler.h \ +utils.h utils.c \ +utils/host.c utils/host.h \ +utils/identification.c utils/identification.h \ +utils/iterator.h \ +utils/lexparser.c utils/lexparser.h \ +utils/linked_list.c utils/linked_list.h \ +utils/hashtable.c utils/hashtable.h \ +utils/enumerator.c utils/enumerator.h \ +utils/optionsfrom.c utils/optionsfrom.h \ +utils/backtrace.c utils/backtrace.h \ +plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h + +# adding the plugin source files + +LOCAL_SRC_FILES += $(call add_plugin, aes) + +LOCAL_SRC_FILES += $(call add_plugin, des) + +LOCAL_SRC_FILES += $(call add_plugin, fips-prf) + +LOCAL_SRC_FILES += $(call add_plugin, gmp) +ifneq ($(call plugin_enabled, gmp)),) +LOCAL_C_INCLUDES += $(libgmp_PATH) +LOCAL_SHARED_LIBRARIES += libgmp +endif + +LOCAL_SRC_FILES += $(call add_plugin, hmac) + +LOCAL_SRC_FILES += $(call add_plugin, md4) + +LOCAL_SRC_FILES += $(call add_plugin, md5) + +LOCAL_SRC_FILES += $(call add_plugin, openssl) +ifneq ($(call plugin_enabled, openssl)),) +LOCAL_C_INCLUDES += external/openssl/include +LOCAL_SHARED_LIBRARIES += libcrypto +endif + +LOCAL_SRC_FILES += $(call add_plugin, pem) + +LOCAL_SRC_FILES += $(call add_plugin, pkcs1) + +LOCAL_SRC_FILES += $(call add_plugin, pubkey) + +LOCAL_SRC_FILES += $(call add_plugin, random) + +LOCAL_SRC_FILES += $(call add_plugin, sha1) + +LOCAL_SRC_FILES += $(call add_plugin, sha2) + +LOCAL_SRC_FILES += $(call add_plugin, x509) + +LOCAL_SRC_FILES += $(call add_plugin, xcbc) + +# build libstrongswan ---------------------------------------------------------- + +LOCAL_C_INCLUDES += \ + $(libvstr_PATH) + +LOCAL_CFLAGS := $(strongswan_CFLAGS) \ + -include $(LOCAL_PATH)/AndroidConfigLocal.h + +LOCAL_MODULE := libstrongswan + +LOCAL_ARM_MODE := arm + +LOCAL_PRELINK_MODULE := false + +LOCAL_SHARED_LIBRARIES += libdl libvstr + +include $(BUILD_SHARED_LIBRARY) + diff --git a/src/libstrongswan/AndroidConfigLocal.h b/src/libstrongswan/AndroidConfigLocal.h new file mode 100644 index 000000000..a6da3276a --- /dev/null +++ b/src/libstrongswan/AndroidConfigLocal.h @@ -0,0 +1,9 @@ +/* stuff defined in AndroidConfig.h, which is included using the -include + * command-line option, thus cannot be undefined using -U CFLAGS options. + * the reason we have to undefine these flags in the first place, is that + * AndroidConfig.h defines them as 0, which in turn means that they are + * actually defined. */ + +#undef HAVE_BACKTRACE +#undef HAVE_DLADDR + diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 7ee15052c..157d37b5e 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -10,9 +10,6 @@ printf_hook.c printf_hook.h \ asn1/asn1.c asn1/asn1.h \ asn1/asn1_parser.c asn1/asn1_parser.h \ asn1/oid.c asn1/oid.h \ -attributes/attributes.c attributes/attributes.h \ -attributes/attribute_provider.h attributes/attribute_handler.h \ -attributes/attribute_manager.c attributes/attribute_manager.h \ crypto/crypters/crypter.c crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hasher.c \ crypto/pkcs9.c crypto/pkcs9.h \ @@ -90,7 +87,8 @@ endif EXTRA_DIST = \ asn1/oid.txt asn1/oid.pl \ -crypto/proposal/proposal_keywords.txt +crypto/proposal/proposal_keywords.txt \ +Android.mk AndroidConfigLocal.h BUILT_SOURCES = \ $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ @@ -115,116 +113,197 @@ $(srcdir)/crypto/proposal/proposal_keywords.c: $(srcdir)/crypto/proposal/proposa # build plugins with their own Makefile ####################################### +if MONOLITHIC +SUBDIRS = +else SUBDIRS = . +endif if USE_AES SUBDIRS += plugins/aes +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/aes/libstrongswan-aes.la +endif endif if USE_DES SUBDIRS += plugins/des +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/des/libstrongswan-des.la +endif endif if USE_BLOWFISH SUBDIRS += plugins/blowfish +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/blowfish/libstrongswan-blowfish.la +endif endif if USE_MD4 SUBDIRS += plugins/md4 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/md4/libstrongswan-md4.la +endif endif if USE_MD5 SUBDIRS += plugins/md5 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/md5/libstrongswan-md5.la +endif endif if USE_SHA1 SUBDIRS += plugins/sha1 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/sha1/libstrongswan-sha1.la +endif endif if USE_SHA2 SUBDIRS += plugins/sha2 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/sha2/libstrongswan-sha2.la endif - -if USE_FIPS_PRF - SUBDIRS += plugins/fips_prf endif if USE_GMP SUBDIRS += plugins/gmp +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/gmp/libstrongswan-gmp.la +endif endif if USE_RANDOM SUBDIRS += plugins/random +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/random/libstrongswan-random.la +endif endif if USE_HMAC SUBDIRS += plugins/hmac +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/hmac/libstrongswan-hmac.la +endif endif if USE_XCBC SUBDIRS += plugins/xcbc +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/xcbc/libstrongswan-xcbc.la +endif endif if USE_X509 SUBDIRS += plugins/x509 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/x509/libstrongswan-x509.la +endif endif if USE_PUBKEY SUBDIRS += plugins/pubkey +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/pubkey/libstrongswan-pubkey.la +endif endif if USE_PKCS1 SUBDIRS += plugins/pkcs1 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/pkcs1/libstrongswan-pkcs1.la +endif endif if USE_PGP SUBDIRS += plugins/pgp +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/pgp/libstrongswan-pgp.la +endif endif if USE_DNSKEY SUBDIRS += plugins/dnskey +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/dnskey/libstrongswan-dnskey.la +endif endif if USE_PEM SUBDIRS += plugins/pem +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/pem/libstrongswan-pem.la +endif endif if USE_CURL SUBDIRS += plugins/curl +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/curl/libstrongswan-curl.la +endif endif if USE_LDAP SUBDIRS += plugins/ldap +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/ldap/libstrongswan-ldap.la +endif endif if USE_MYSQL SUBDIRS += plugins/mysql +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/mysql/libstrongswan-mysql.la +endif endif if USE_SQLITE SUBDIRS += plugins/sqlite +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/sqlite/libstrongswan-sqlite.la endif - -if USE_ATTR_SQL - SUBDIRS += plugins/attr_sql endif if USE_PADLOCK SUBDIRS += plugins/padlock +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/padlock/libstrongswan-padlock.la +endif endif if USE_OPENSSL SUBDIRS += plugins/openssl +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/openssl/libstrongswan-openssl.la +endif endif if USE_GCRYPT SUBDIRS += plugins/gcrypt +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/gcrypt/libstrongswan-gcrypt.la +endif +endif + +if USE_FIPS_PRF + SUBDIRS += plugins/fips_prf +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/fips_prf/libstrongswan-fips-prf.la +endif endif if USE_AGENT SUBDIRS += plugins/agent +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/agent/libstrongswan-agent.la +endif endif if USE_TEST_VECTORS SUBDIRS += plugins/test_vectors +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/test_vectors/libstrongswan-test-vectors.la +endif endif diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 729d32eb3..b8d967d4a 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -45,33 +45,59 @@ host_triplet = @host@ @USE_VSTR_TRUE@am__append_6 = -lvstr @USE_AES_TRUE@am__append_7 = plugins/aes -@USE_DES_TRUE@am__append_8 = plugins/des -@USE_BLOWFISH_TRUE@am__append_9 = plugins/blowfish -@USE_MD4_TRUE@am__append_10 = plugins/md4 -@USE_MD5_TRUE@am__append_11 = plugins/md5 -@USE_SHA1_TRUE@am__append_12 = plugins/sha1 -@USE_SHA2_TRUE@am__append_13 = plugins/sha2 -@USE_FIPS_PRF_TRUE@am__append_14 = plugins/fips_prf -@USE_GMP_TRUE@am__append_15 = plugins/gmp -@USE_RANDOM_TRUE@am__append_16 = plugins/random -@USE_HMAC_TRUE@am__append_17 = plugins/hmac -@USE_XCBC_TRUE@am__append_18 = plugins/xcbc -@USE_X509_TRUE@am__append_19 = plugins/x509 -@USE_PUBKEY_TRUE@am__append_20 = plugins/pubkey -@USE_PKCS1_TRUE@am__append_21 = plugins/pkcs1 -@USE_PGP_TRUE@am__append_22 = plugins/pgp -@USE_DNSKEY_TRUE@am__append_23 = plugins/dnskey -@USE_PEM_TRUE@am__append_24 = plugins/pem -@USE_CURL_TRUE@am__append_25 = plugins/curl -@USE_LDAP_TRUE@am__append_26 = plugins/ldap -@USE_MYSQL_TRUE@am__append_27 = plugins/mysql -@USE_SQLITE_TRUE@am__append_28 = plugins/sqlite -@USE_ATTR_SQL_TRUE@am__append_29 = plugins/attr_sql -@USE_PADLOCK_TRUE@am__append_30 = plugins/padlock -@USE_OPENSSL_TRUE@am__append_31 = plugins/openssl -@USE_GCRYPT_TRUE@am__append_32 = plugins/gcrypt -@USE_AGENT_TRUE@am__append_33 = plugins/agent -@USE_TEST_VECTORS_TRUE@am__append_34 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_8 = plugins/aes/libstrongswan-aes.la +@USE_DES_TRUE@am__append_9 = plugins/des +@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_10 = plugins/des/libstrongswan-des.la +@USE_BLOWFISH_TRUE@am__append_11 = plugins/blowfish +@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_12 = plugins/blowfish/libstrongswan-blowfish.la +@USE_MD4_TRUE@am__append_13 = plugins/md4 +@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_14 = plugins/md4/libstrongswan-md4.la +@USE_MD5_TRUE@am__append_15 = plugins/md5 +@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_16 = plugins/md5/libstrongswan-md5.la +@USE_SHA1_TRUE@am__append_17 = plugins/sha1 +@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_18 = plugins/sha1/libstrongswan-sha1.la +@USE_SHA2_TRUE@am__append_19 = plugins/sha2 +@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_20 = plugins/sha2/libstrongswan-sha2.la +@USE_GMP_TRUE@am__append_21 = plugins/gmp +@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_22 = plugins/gmp/libstrongswan-gmp.la +@USE_RANDOM_TRUE@am__append_23 = plugins/random +@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_24 = plugins/random/libstrongswan-random.la +@USE_HMAC_TRUE@am__append_25 = plugins/hmac +@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_26 = plugins/hmac/libstrongswan-hmac.la +@USE_XCBC_TRUE@am__append_27 = plugins/xcbc +@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_28 = plugins/xcbc/libstrongswan-xcbc.la +@USE_X509_TRUE@am__append_29 = plugins/x509 +@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_30 = plugins/x509/libstrongswan-x509.la +@USE_PUBKEY_TRUE@am__append_31 = plugins/pubkey +@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_32 = plugins/pubkey/libstrongswan-pubkey.la +@USE_PKCS1_TRUE@am__append_33 = plugins/pkcs1 +@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_34 = plugins/pkcs1/libstrongswan-pkcs1.la +@USE_PGP_TRUE@am__append_35 = plugins/pgp +@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_36 = plugins/pgp/libstrongswan-pgp.la +@USE_DNSKEY_TRUE@am__append_37 = plugins/dnskey +@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_38 = plugins/dnskey/libstrongswan-dnskey.la +@USE_PEM_TRUE@am__append_39 = plugins/pem +@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_40 = plugins/pem/libstrongswan-pem.la +@USE_CURL_TRUE@am__append_41 = plugins/curl +@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_42 = plugins/curl/libstrongswan-curl.la +@USE_LDAP_TRUE@am__append_43 = plugins/ldap +@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_44 = plugins/ldap/libstrongswan-ldap.la +@USE_MYSQL_TRUE@am__append_45 = plugins/mysql +@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_46 = plugins/mysql/libstrongswan-mysql.la +@USE_SQLITE_TRUE@am__append_47 = plugins/sqlite +@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_48 = plugins/sqlite/libstrongswan-sqlite.la +@USE_PADLOCK_TRUE@am__append_49 = plugins/padlock +@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_50 = plugins/padlock/libstrongswan-padlock.la +@USE_OPENSSL_TRUE@am__append_51 = plugins/openssl +@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_52 = plugins/openssl/libstrongswan-openssl.la +@USE_GCRYPT_TRUE@am__append_53 = plugins/gcrypt +@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_54 = plugins/gcrypt/libstrongswan-gcrypt.la +@USE_FIPS_PRF_TRUE@am__append_55 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_56 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_57 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_58 = plugins/agent/libstrongswan-agent.la +@USE_TEST_VECTORS_TRUE@am__append_59 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_60 = plugins/test_vectors/libstrongswan-test-vectors.la subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -115,14 +141,20 @@ am__DEPENDENCIES_1 = libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__append_8) $(am__append_10) \ + $(am__append_12) $(am__append_14) $(am__append_16) \ + $(am__append_18) $(am__append_20) $(am__append_22) \ + $(am__append_24) $(am__append_26) $(am__append_28) \ + $(am__append_30) $(am__append_32) $(am__append_34) \ + $(am__append_36) $(am__append_38) $(am__append_40) \ + $(am__append_42) $(am__append_44) $(am__append_46) \ + $(am__append_48) $(am__append_50) $(am__append_52) \ + $(am__append_54) $(am__append_56) $(am__append_58) \ + $(am__append_60) am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \ printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \ asn1/asn1_parser.c asn1/asn1_parser.h asn1/oid.c asn1/oid.h \ - attributes/attributes.c attributes/attributes.h \ - attributes/attribute_provider.h attributes/attribute_handler.h \ - attributes/attribute_manager.c attributes/attribute_manager.h \ crypto/crypters/crypter.c crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \ crypto/pkcs9.h crypto/proposal/proposal_keywords.c \ @@ -173,10 +205,10 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ @USE_INTEGRITY_TEST_TRUE@am__objects_2 = integrity_checker.lo am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \ settings.lo printf_hook.lo asn1.lo asn1_parser.lo oid.lo \ - attributes.lo attribute_manager.lo crypter.lo hasher.lo \ - pkcs9.lo proposal_keywords.lo prf.lo rng.lo prf_plus.lo \ - signer.lo crypto_factory.lo crypto_tester.lo diffie_hellman.lo \ - transform.lo credential_factory.lo builder.lo key_encoding.lo \ + crypter.lo hasher.lo pkcs9.lo proposal_keywords.lo prf.lo \ + rng.lo prf_plus.lo signer.lo crypto_factory.lo \ + crypto_tester.lo diffie_hellman.lo transform.lo \ + credential_factory.lo builder.lo key_encoding.lo \ private_key.lo public_key.lo shared_key.lo certificate.lo \ x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \ database_factory.lo fetcher_manager.lo traffic_selector.lo \ @@ -215,13 +247,12 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \ - plugins/md5 plugins/sha1 plugins/sha2 plugins/fips_prf \ - plugins/gmp plugins/random plugins/hmac plugins/xcbc \ - plugins/x509 plugins/pubkey plugins/pkcs1 plugins/pgp \ - plugins/dnskey plugins/pem plugins/curl plugins/ldap \ - plugins/mysql plugins/sqlite plugins/attr_sql plugins/padlock \ - plugins/openssl plugins/gcrypt plugins/agent \ - plugins/test_vectors + plugins/md5 plugins/sha1 plugins/sha2 plugins/gmp \ + plugins/random plugins/hmac plugins/xcbc plugins/x509 \ + plugins/pubkey plugins/pkcs1 plugins/pgp plugins/dnskey \ + plugins/pem plugins/curl plugins/ldap plugins/mysql \ + plugins/sqlite plugins/padlock plugins/openssl plugins/gcrypt \ + plugins/fips_prf plugins/agent plugins/test_vectors DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -368,6 +399,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -407,9 +439,6 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ debug.h enum.c enum.h settings.h settings.c printf_hook.c \ printf_hook.h asn1/asn1.c asn1/asn1.h asn1/asn1_parser.c \ asn1/asn1_parser.h asn1/oid.c asn1/oid.h \ - attributes/attributes.c attributes/attributes.h \ - attributes/attribute_provider.h attributes/attribute_handler.h \ - attributes/attribute_manager.c attributes/attribute_manager.h \ crypto/crypters/crypter.c crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \ crypto/pkcs9.h crypto/proposal/proposal_keywords.c \ @@ -456,14 +485,24 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ plugins/plugin_loader.h plugins/plugin.h $(am__append_2) \ $(am__append_5) libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ - $(RTLIB) $(am__append_6) + $(RTLIB) $(am__append_6) $(am__append_8) $(am__append_10) \ + $(am__append_12) $(am__append_14) $(am__append_16) \ + $(am__append_18) $(am__append_20) $(am__append_22) \ + $(am__append_24) $(am__append_26) $(am__append_28) \ + $(am__append_30) $(am__append_32) $(am__append_34) \ + $(am__append_36) $(am__append_38) $(am__append_40) \ + $(am__append_42) $(am__append_44) $(am__append_46) \ + $(am__append_48) $(am__append_50) $(am__append_52) \ + $(am__append_54) $(am__append_56) $(am__append_58) \ + $(am__append_60) INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \ $(am__append_3) $(am__append_4) EXTRA_DIST = \ asn1/oid.txt asn1/oid.pl \ -crypto/proposal/proposal_keywords.txt +crypto/proposal/proposal_keywords.txt \ +Android.mk AndroidConfigLocal.h BUILT_SOURCES = \ $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ @@ -473,19 +512,37 @@ MAINTAINERCLEANFILES = \ $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ $(srcdir)/crypto/proposal/proposal_keywords.c +@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_7) $(am__append_9) \ +@MONOLITHIC_FALSE@ $(am__append_11) $(am__append_13) \ +@MONOLITHIC_FALSE@ $(am__append_15) $(am__append_17) \ +@MONOLITHIC_FALSE@ $(am__append_19) $(am__append_21) \ +@MONOLITHIC_FALSE@ $(am__append_23) $(am__append_25) \ +@MONOLITHIC_FALSE@ $(am__append_27) $(am__append_29) \ +@MONOLITHIC_FALSE@ $(am__append_31) $(am__append_33) \ +@MONOLITHIC_FALSE@ $(am__append_35) $(am__append_37) \ +@MONOLITHIC_FALSE@ $(am__append_39) $(am__append_41) \ +@MONOLITHIC_FALSE@ $(am__append_43) $(am__append_45) \ +@MONOLITHIC_FALSE@ $(am__append_47) $(am__append_49) \ +@MONOLITHIC_FALSE@ $(am__append_51) $(am__append_53) \ +@MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \ +@MONOLITHIC_FALSE@ $(am__append_59) # build plugins with their own Makefile ####################################### -SUBDIRS = . $(am__append_7) $(am__append_8) $(am__append_9) \ - $(am__append_10) $(am__append_11) $(am__append_12) \ - $(am__append_13) $(am__append_14) $(am__append_15) \ - $(am__append_16) $(am__append_17) $(am__append_18) \ - $(am__append_19) $(am__append_20) $(am__append_21) \ - $(am__append_22) $(am__append_23) $(am__append_24) \ - $(am__append_25) $(am__append_26) $(am__append_27) \ - $(am__append_28) $(am__append_29) $(am__append_30) \ - $(am__append_31) $(am__append_32) $(am__append_33) \ - $(am__append_34) +@MONOLITHIC_TRUE@SUBDIRS = $(am__append_7) $(am__append_9) \ +@MONOLITHIC_TRUE@ $(am__append_11) $(am__append_13) \ +@MONOLITHIC_TRUE@ $(am__append_15) $(am__append_17) \ +@MONOLITHIC_TRUE@ $(am__append_19) $(am__append_21) \ +@MONOLITHIC_TRUE@ $(am__append_23) $(am__append_25) \ +@MONOLITHIC_TRUE@ $(am__append_27) $(am__append_29) \ +@MONOLITHIC_TRUE@ $(am__append_31) $(am__append_33) \ +@MONOLITHIC_TRUE@ $(am__append_35) $(am__append_37) \ +@MONOLITHIC_TRUE@ $(am__append_39) $(am__append_41) \ +@MONOLITHIC_TRUE@ $(am__append_43) $(am__append_45) \ +@MONOLITHIC_TRUE@ $(am__append_47) $(am__append_49) \ +@MONOLITHIC_TRUE@ $(am__append_51) $(am__append_53) \ +@MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \ +@MONOLITHIC_TRUE@ $(am__append_59) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -563,8 +620,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_parser.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attribute_manager.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attributes.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backtrace.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/builder.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certificate.Plo@am__quote@ @@ -657,20 +712,6 @@ oid.lo: asn1/oid.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c -attributes.lo: attributes/attributes.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attributes.lo -MD -MP -MF $(DEPDIR)/attributes.Tpo -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attributes.Tpo $(DEPDIR)/attributes.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attributes.c' object='attributes.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attributes.lo `test -f 'attributes/attributes.c' || echo '$(srcdir)/'`attributes/attributes.c - -attribute_manager.lo: attributes/attribute_manager.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT attribute_manager.lo -MD -MP -MF $(DEPDIR)/attribute_manager.Tpo -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/attribute_manager.Tpo $(DEPDIR)/attribute_manager.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='attributes/attribute_manager.c' object='attribute_manager.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o attribute_manager.lo `test -f 'attributes/attribute_manager.c' || echo '$(srcdir)/'`attributes/attribute_manager.c - crypter.lo: crypto/crypters/crypter.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypter.lo -MD -MP -MF $(DEPDIR)/crypter.Tpo -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crypter.Tpo $(DEPDIR)/crypter.Plo diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 763caafc4..6264bdc54 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -19,7 +19,6 @@ #include <string.h> #include <time.h> -#include <utils.h> #include <debug.h> #include "oid.h" @@ -134,7 +133,7 @@ size_t asn1_length(chunk_t *blob) if (blob->len < 2) { - DBG2("insufficient number of octets to parse ASN.1 length"); + DBG2(DBG_LIB, "insufficient number of octets to parse ASN.1 length"); return ASN1_INVALID_LENGTH; } @@ -146,7 +145,7 @@ size_t asn1_length(chunk_t *blob) { /* single length octet */ if (n > blob->len) { - DBG2("length is larger than remaining blob size"); + DBG2(DBG_LIB, "length is larger than remaining blob size"); return ASN1_INVALID_LENGTH; } return n; @@ -157,14 +156,14 @@ size_t asn1_length(chunk_t *blob) if (n == 0 || n > blob->len) { - DBG2("number of length octets invalid"); + DBG2(DBG_LIB, "number of length octets invalid"); return ASN1_INVALID_LENGTH; } if (n > sizeof(len)) { - DBG2("number of length octets is larger than limit of %d octets", - (int)sizeof(len)); + DBG2(DBG_LIB, "number of length octets is larger than limit of" + " %d octets", (int)sizeof(len)); return ASN1_INVALID_LENGTH; } @@ -177,7 +176,7 @@ size_t asn1_length(chunk_t *blob) } if (len > blob->len) { - DBG2("length is larger than remaining blob size"); + DBG2(DBG_LIB, "length is larger than remaining blob size"); return ASN1_INVALID_LENGTH; } return len; @@ -377,7 +376,7 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) oid = asn1_known_oid(object); if (oid != OID_UNKNOWN) { - DBG2(" '%s'", oid_names[oid].name); + DBG2(DBG_LIB, " '%s'", oid_names[oid].name); return; } break; @@ -386,14 +385,14 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) case ASN1_PRINTABLESTRING: case ASN1_T61STRING: case ASN1_VISIBLESTRING: - DBG2(" '%.*s'", (int)object.len, object.ptr); + DBG2(DBG_LIB, " '%.*s'", (int)object.len, object.ptr); return; case ASN1_UTCTIME: case ASN1_GENERALIZEDTIME: { time_t time = asn1_to_time(&object, type); - DBG2(" '%T'", &time, TRUE); + DBG2(DBG_LIB, " '%T'", &time, TRUE); } return; default: @@ -401,11 +400,11 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) } if (private) { - DBG4("%B", &object); + DBG4(DBG_LIB, "%B", &object); } else { - DBG3("%B", &object); + DBG3(DBG_LIB, "%B", &object); } } @@ -419,13 +418,14 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c /* an ASN.1 object must possess at least a tag and length field */ if (object->len < 2) { - DBG2("L%d - %s: ASN.1 object smaller than 2 octets", level, name); + DBG2(DBG_LIB, "L%d - %s: ASN.1 object smaller than 2 octets", level, + name); return FALSE; } if (*object->ptr != type) { - DBG2("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", + DBG2(DBG_LIB, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", level, name, type, *object->ptr); return FALSE; } @@ -434,12 +434,12 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c if (len == ASN1_INVALID_LENGTH || object->len < len) { - DBG2("L%d - %s: length of ASN.1 object invalid or too large", + DBG2(DBG_LIB, "L%d - %s: length of ASN.1 object invalid or too large", level, name); return FALSE; } - DBG2("L%d - %s:", level, name); + DBG2(DBG_LIB, "L%d - %s:", level, name); asn1_debug_simple_object(*object, type, FALSE); return TRUE; } @@ -501,7 +501,7 @@ bool is_asn1(chunk_t blob) if (tag != ASN1_SEQUENCE && tag != ASN1_SET && tag != ASN1_OCTET_STRING) { - DBG2(" file content is not binary ASN.1"); + DBG2(DBG_LIB, " file content is not binary ASN.1"); return FALSE; } @@ -519,7 +519,7 @@ bool is_asn1(chunk_t blob) return TRUE; } - DBG2(" file size does not match ASN.1 coded length"); + DBG2(DBG_LIB, " file size does not match ASN.1 coded length"); return FALSE; } diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index d29190df7..866c28095 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -25,8 +25,7 @@ #include <stdarg.h> -#include <utils.h> -#include <chunk.h> +#include <library.h> /** * Definition of some primitive ASN1 types diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index dc7726ad7..3e5bbbabd 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -19,7 +19,6 @@ #include <string.h> #include <time.h> -#include <utils.h> #include <debug.h> #include "asn1.h" @@ -123,7 +122,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) ) { /* field is missing */ - DBG2("L%d - %s:", level, obj.name); + DBG2(DBG_LIB, "L%d - %s:", level, obj.name); if (obj.type & ASN1_CONSTRUCTED) { this->line++ ; /* skip context-specific tag */ @@ -150,7 +149,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) if (blob->len < 2) { - DBG1("L%d - %s: ASN.1 object smaller than 2 octets", + DBG1(DBG_LIB, "L%d - %s: ASN.1 object smaller than 2 octets", level, obj.name); this->success = FALSE; goto end; @@ -160,7 +159,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) if (blob1->len == ASN1_INVALID_LENGTH) { - DBG1("L%d - %s: length of ASN.1 object invalid or too large", + DBG1(DBG_LIB, "L%d - %s: length of ASN.1 object invalid or too large", level, obj.name); this->success = FALSE; } @@ -173,7 +172,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) if (obj.flags & ASN1_RAW) { - DBG2("L%d - %s:", level, obj.name); + DBG2(DBG_LIB, "L%d - %s:", level, obj.name); object->ptr = start_ptr; object->len = (size_t)(blob->ptr - start_ptr); goto end; @@ -181,14 +180,14 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) if (*start_ptr != obj.type && !(this->implicit && this->line == 0)) { - DBG1("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", + DBG1(DBG_LIB, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", level, obj.name, obj.type, *start_ptr); - DBG3("%b", start_ptr, (u_int)(blob->ptr - start_ptr)); + DBG3(DBG_LIB, "%b", start_ptr, (u_int)(blob->ptr - start_ptr)); this->success = FALSE; goto end; } - DBG2("L%d - %s:", level, obj.name); + DBG2(DBG_LIB, "L%d - %s:", level, obj.name); /* In case of "SEQUENCE OF" or "SET OF" start a loop */ if (obj.flags & ASN1_LOOP) @@ -217,11 +216,11 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) object->len = (size_t)(blob->ptr - start_ptr); if (this->private) { - DBG4("%B", object); + DBG4(DBG_LIB, "%B", object); } else { - DBG3("%B", object); + DBG3(DBG_LIB, "%B", object); } } else if (obj.flags & ASN1_BODY) diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h index 49325232d..0edc22c23 100644 --- a/src/libstrongswan/asn1/asn1_parser.h +++ b/src/libstrongswan/asn1/asn1_parser.h @@ -25,9 +25,9 @@ #include <stdarg.h> -#include <utils.h> -#include <chunk.h> -#include <asn1/asn1.h> +#include <library.h> + +#include "asn1.h" /** * Definition of ASN.1 flags diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 32e2eb033..aa1fd31b0 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -41,6 +41,7 @@ extern const oid_t oid_names[]; #define OID_UNIQUE_IDENTIFIER 34 #define OID_ROLE 35 #define OID_SUBJECT_KEY_ID 38 +#define OID_KEY_USAGE 39 #define OID_SUBJECT_ALT_NAME 41 #define OID_BASIC_CONSTRAINTS 43 #define OID_CRL_NUMBER 44 diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 203bc1f28..5d729c2eb 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -37,7 +37,7 @@ 0x1D "id-ce" 0x09 "subjectDirectoryAttrs" 0x0E "subjectKeyIdentifier" OID_SUBJECT_KEY_ID - 0x0F "keyUsage" + 0x0F "keyUsage" OID_KEY_USAGE 0x10 "privateKeyUsagePeriod" 0x11 "subjectAltName" OID_SUBJECT_ALT_NAME 0x12 "issuerAltName" diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c index 86436e997..ef69eb4e7 100644 --- a/src/libstrongswan/chunk.c +++ b/src/libstrongswan/chunk.c @@ -22,8 +22,7 @@ #include <ctype.h> #include "chunk.h" - -#include <debug.h> +#include "debug.h" /* required for chunk_hash */ #undef get16bits @@ -222,7 +221,7 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force if (!force && access(path, F_OK) == 0) { - DBG1(" %s file '%s' already exists", label, path); + DBG1(DBG_LIB, " %s file '%s' already exists", label, path); return FALSE; } oldmask = umask(mask); @@ -231,20 +230,21 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force { if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len) { - DBG1(" written %s file '%s' (%d bytes)", + DBG1(DBG_LIB, " written %s file '%s' (%d bytes)", label, path, chunk.len); good = TRUE; } else { - DBG1(" writing %s file '%s' failed: %s", + DBG1(DBG_LIB, " writing %s file '%s' failed: %s", label, path, strerror(errno)); } fclose(fd); } else { - DBG1(" could not open %s file '%s': %s", label, path, strerror(errno)); + DBG1(DBG_LIB, " could not open %s file '%s': %s", label, path, + strerror(errno)); } umask(oldmask); return good; @@ -497,7 +497,7 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace) * Described in header. * * The implementation is based on Paul Hsieh's SuperFastHash: - * http://www.azillionmonkeys.com/qed/hash.html + * http://www.azillionmonkeys.com/qed/hash.html */ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) { diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index a526f4a89..f0f9a7366 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -42,7 +42,7 @@ struct chunk_t { size_t len; }; -#include <utils.h> +#include "utils.h" /** * A { NULL, 0 }-chunk handy for initialization. diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c index 5139ad504..7cc7dbe0e 100644 --- a/src/libstrongswan/credentials/credential_factory.c +++ b/src/libstrongswan/credentials/credential_factory.c @@ -151,7 +151,7 @@ static void* create(private_credential_factory_t *this, credential_type_t type, { names = certificate_type_names; } - DBG1("building %N - %N failed, tried %d builders", + DBG1(DBG_LIB, "building %N - %N failed, tried %d builders", credential_type_names, type, names, subtype, failures); } this->recursive->set(this->recursive, (void*)level); diff --git a/src/libstrongswan/credentials/keys/key_encoding.h b/src/libstrongswan/credentials/keys/key_encoding.h index 384117166..d8435f4b4 100644 --- a/src/libstrongswan/credentials/keys/key_encoding.h +++ b/src/libstrongswan/credentials/keys/key_encoding.h @@ -79,7 +79,7 @@ enum key_encoding_type_t { KEY_PRIV_ASN1_DER, /** subjectPublicKeyInfo encoding */ KEY_PUB_SPKI_ASN1_DER, - /** PEM oncoded PKCS#1 key */ + /** PEM encoded PKCS#1 key */ KEY_PUB_PEM, KEY_PRIV_PEM, /** PGP key encoding */ diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h index fe7bc86be..d00b8d12e 100644 --- a/src/libstrongswan/credentials/keys/shared_key.h +++ b/src/libstrongswan/credentials/keys/shared_key.h @@ -41,6 +41,8 @@ enum shared_key_type_t { SHARED_PRIVATE_KEY_PASS, /** PIN to unlock a smartcard */ SHARED_PIN, + /** Calculated NT Hash = MD4(UTF-16LE(password)) */ + SHARED_NT_HASH, }; /** diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 46b50329d..fee71953d 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -686,7 +686,7 @@ static void add_test_vector(private_crypto_factory_t *this, case RANDOM_NUMBER_GENERATOR: return this->tester->add_rng_vector(this->tester, vector); default: - DBG1("%N test vectors not supported, ignored", + DBG1(DBG_LIB, "%N test vectors not supported, ignored", transform_type_names, type); } } diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 86daf65f9..76cc1cf2c 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -136,7 +136,7 @@ static bool test_crypter(private_crypto_tester_t *this, crypter->destroy(crypter); if (failed) { - DBG1("disabled %N: test vector %u failed", + DBG1(DBG_LIB, "disabled %N: test vector %u failed", encryption_algorithm_names, alg, tested); break; } @@ -144,14 +144,14 @@ static bool test_crypter(private_crypto_tester_t *this, enumerator->destroy(enumerator); if (!tested) { - DBG1("%s %N: no test vectors found", + DBG1(DBG_LIB, "%s %N: no test vectors found", this->required ? "disabled" : "enabled ", encryption_algorithm_names, alg); return !this->required; } if (!failed) { - DBG1("enabled %N: passed %u test vectors", + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", encryption_algorithm_names, alg, tested); } return !failed; @@ -183,7 +183,7 @@ static bool test_signer(private_crypto_tester_t *this, signer = create(alg); if (!signer) { - DBG1("disabled %N: creating instance failed", + DBG1(DBG_LIB, "disabled %N: creating instance failed", integrity_algorithm_names, alg); failed = TRUE; break; @@ -240,7 +240,7 @@ static bool test_signer(private_crypto_tester_t *this, signer->destroy(signer); if (failed) { - DBG1("disabled %N: test vector %u failed", + DBG1(DBG_LIB, "disabled %N: test vector %u failed", integrity_algorithm_names, alg, tested); break; } @@ -248,14 +248,14 @@ static bool test_signer(private_crypto_tester_t *this, enumerator->destroy(enumerator); if (!tested) { - DBG1("%s %N: no test vectors found", + DBG1(DBG_LIB, "%s %N: no test vectors found", this->required ? "disabled" : "enabled ", integrity_algorithm_names, alg); return !this->required; } if (!failed) { - DBG1("enabled %N: passed %u test vectors", + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", integrity_algorithm_names, alg, tested); } return !failed; @@ -287,7 +287,7 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg, hasher = create(alg); if (!hasher) { - DBG1("disabled %N: creating instance failed", + DBG1(DBG_LIB, "disabled %N: creating instance failed", hash_algorithm_names, alg); failed = TRUE; break; @@ -330,7 +330,7 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg, hasher->destroy(hasher); if (failed) { - DBG1("disabled %N: test vector %u failed", + DBG1(DBG_LIB, "disabled %N: test vector %u failed", hash_algorithm_names, alg, tested); break; } @@ -338,14 +338,14 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg, enumerator->destroy(enumerator); if (!tested) { - DBG1("%s %N: no test vectors found", + DBG1(DBG_LIB, "%s %N: no test vectors found", this->required ? "disabled" : "enabled ", hash_algorithm_names, alg); return !this->required; } if (!failed) { - DBG1("enabled %N: passed %u test vectors", + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", hash_algorithm_names, alg, tested); } return !failed; @@ -377,7 +377,7 @@ static bool test_prf(private_crypto_tester_t *this, prf = create(alg); if (!prf) { - DBG1("disabled %N: creating instance failed", + DBG1(DBG_LIB, "disabled %N: creating instance failed", pseudo_random_function_names, alg); failed = TRUE; break; @@ -431,7 +431,7 @@ static bool test_prf(private_crypto_tester_t *this, prf->destroy(prf); if (failed) { - DBG1("disabled %N: test vector %u failed", + DBG1(DBG_LIB, "disabled %N: test vector %u failed", pseudo_random_function_names, alg, tested); break; } @@ -439,14 +439,14 @@ static bool test_prf(private_crypto_tester_t *this, enumerator->destroy(enumerator); if (!tested) { - DBG1("%s %N: no test vectors found", + DBG1(DBG_LIB, "%s %N: no test vectors found", this->required ? "disabled" : "enabled ", pseudo_random_function_names, alg); return !this->required; } if (!failed) { - DBG1("enabled %N: passed %u test vectors", + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", pseudo_random_function_names, alg, tested); } return !failed; @@ -465,7 +465,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality, if (!this->rng_true && quality == RNG_TRUE) { - DBG1("enabled %N: skipping test (disabled by config)", + DBG1(DBG_LIB, "enabled %N: skipping test (disabled by config)", rng_quality_names, quality); return TRUE; } @@ -485,7 +485,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality, rng = create(quality); if (!rng) { - DBG1("disabled %N: creating instance failed", + DBG1(DBG_LIB, "disabled %N: creating instance failed", rng_quality_names, quality); failed = TRUE; break; @@ -515,7 +515,7 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality, rng->destroy(rng); if (failed) { - DBG1("disabled %N: test vector %u failed", + DBG1(DBG_LIB, "disabled %N: test vector %u failed", rng_quality_names, quality, tested); break; } @@ -523,14 +523,14 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality, enumerator->destroy(enumerator); if (!tested) { - DBG1("%s %N: no test vectors found", + DBG1(DBG_LIB, "%s %N: no test vectors found", this->required ? ", disabled" : "enabled ", rng_quality_names, quality); return !this->required; } if (!failed) { - DBG1("enabled %N: passed %u test vectors", + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", rng_quality_names, quality, tested); } return !failed; diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 18d532697..9bd8991fc 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2005-2008 Martin Willi + * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2005-2010 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -31,10 +32,412 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT, "ECP_256", "ECP_384", "ECP_521"); -ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, ECP_521_BIT, +ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT, + "MODP_1024_160", + "MODP_2048_224", + "MODP_2048_256", "ECP_192", "ECP_224"); ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT, "MODP_NULL"); ENUM_END(diffie_hellman_group_names, MODP_NULL); + +/** + * List of known diffie hellman group parameters. + */ +static struct { + /* Public part of the struct */ + diffie_hellman_params_t public; + /* The group identifier as specified in IKEv2 */ + diffie_hellman_group_t group; + /* Optimal length of the exponent (in bytes), as specified in RFC 3526. */ + size_t opt_exp; +} dh_params[] = { + { + .group = MODP_768_BIT, .opt_exp = 32, .public = { + .generator = chunk_from_chars(0x02), + .prime = chunk_from_chars( + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + }, + },{ + .group = MODP_1024_BIT, .opt_exp = 32, .public = { + .generator = chunk_from_chars(0x02), + .prime = chunk_from_chars( + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, + 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + }, + },{ + .group = MODP_1536_BIT, .opt_exp = 32, .public = { + .generator = chunk_from_chars(0x02), + .prime = chunk_from_chars( + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, + 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, + 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, + 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, + 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + }, + },{ + .group = MODP_2048_BIT, .opt_exp = 48, .public = { + .generator = chunk_from_chars(0x02), + .prime = chunk_from_chars( + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, + 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, + 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, + 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, + 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, + 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, + 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + }, + },{ + .group = MODP_3072_BIT, .opt_exp = 48, .public = { + .generator = chunk_from_chars(0x02), + .prime = chunk_from_chars( + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, + 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, + 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, + 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, + 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, + 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, + 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, + 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, + 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, + 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, + 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, + 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, + 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, + 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, + 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + }, + },{ + .group = MODP_4096_BIT, .opt_exp = 64, .public = { + .generator = chunk_from_chars(0x02), + .prime = chunk_from_chars( + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, + 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, + 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, + 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, + 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, + 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, + 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, + 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, + 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, + 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, + 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, + 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, + 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, + 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, + 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, + 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, + 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, + 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, + 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, + 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, + 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, + 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, + 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + }, + },{ + .group = MODP_6144_BIT, .opt_exp = 64, .public = { + .generator = chunk_from_chars(0x02), + .prime = chunk_from_chars( + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, + 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, + 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, + 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, + 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, + 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, + 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, + 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, + 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, + 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, + 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, + 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, + 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, + 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, + 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, + 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, + 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, + 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, + 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, + 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, + 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, + 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, + 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26, + 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, + 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE, + 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18, + 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, + 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42, + 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC, + 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, + 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E, + 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE, + 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, + 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0, + 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76, + 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, + 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, + 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, + 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + }, + },{ + .group = MODP_8192_BIT, .opt_exp = 64, .public = { + .generator = chunk_from_chars(0x02), + .prime = chunk_from_chars( + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, + 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, + 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, + 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, + 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, + 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, + 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, + 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, + 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, + 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, + 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, + 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, + 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, + 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, + 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, + 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, + 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, + 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, + 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, + 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, + 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, + 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, + 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, + 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, + 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26, + 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, + 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE, + 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18, + 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, + 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42, + 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC, + 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, + 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E, + 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE, + 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, + 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0, + 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76, + 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, + 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, + 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, + 0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4, + 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA, + 0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED, + 0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68, + 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D, + 0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07, + 0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B, + 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8, + 0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6, + 0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36, + 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D, + 0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73, + 0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92, + 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B, + 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA, + 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, + 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + }, + },{ + .group = MODP_1024_160, .opt_exp = 20, .public = { + .subgroup = chunk_from_chars( + 0xF5,0x18,0xAA,0x87,0x81,0xA8,0xDF,0x27,0x8A,0xBA,0x4E,0x7D,0x64,0xB7,0xCB,0x9D, + 0x49,0x46,0x23,0x53), + .generator = chunk_from_chars( + 0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42,0xEF,0xB9,0x99,0x05, + 0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F,0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31, + 0x26,0x6F,0xEA,0x1E,0x5C,0x41,0x56,0x4B,0x77,0x7E,0x69,0x0F,0x55,0x04,0xF2,0x13, + 0x16,0x02,0x17,0xB4,0xB0,0x1B,0x88,0x6A,0x5E,0x91,0x54,0x7F,0x9E,0x27,0x49,0xF4, + 0xD7,0xFB,0xD7,0xD3,0xB9,0xA9,0x2E,0xE1,0x90,0x9D,0x0D,0x22,0x63,0xF8,0x0A,0x76, + 0xA6,0xA2,0x4C,0x08,0x7A,0x09,0x1F,0x53,0x1D,0xBF,0x0A,0x01,0x69,0xB6,0xA2,0x8A, + 0xD6,0x62,0xA4,0xD1,0x8E,0x73,0xAF,0xA3,0x2D,0x77,0x9D,0x59,0x18,0xD0,0x8B,0xC8, + 0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24,0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5), + .prime = chunk_from_chars( + 0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E,0xAE,0x5D,0x54,0xEC, + 0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6,0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61, + 0x60,0x73,0xE2,0x86,0x75,0xA2,0x3D,0x18,0x98,0x38,0xEF,0x1E,0x2E,0xE6,0x52,0xC0, + 0x13,0xEC,0xB4,0xAE,0xA9,0x06,0x11,0x23,0x24,0x97,0x5C,0x3C,0xD4,0x9B,0x83,0xBF, + 0xAC,0xCB,0xDD,0x7D,0x90,0xC4,0xBD,0x70,0x98,0x48,0x8E,0x9C,0x21,0x9A,0x73,0x72, + 0x4E,0xFF,0xD6,0xFA,0xE5,0x64,0x47,0x38,0xFA,0xA3,0x1A,0x4F,0xF5,0x5B,0xCC,0xC0, + 0xA1,0x51,0xAF,0x5F,0x0D,0xC8,0xB4,0xBD,0x45,0xBF,0x37,0xDF,0x36,0x5C,0x1A,0x65, + 0xE6,0x8C,0xFD,0xA7,0x6D,0x4D,0xA7,0x08,0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71), + }, + }, { + .group = MODP_2048_224, .opt_exp = 28, .public = { + .subgroup = chunk_from_chars( + 0x80,0x1C,0x0D,0x34,0xC5,0x8D,0x93,0xFE,0x99,0x71,0x77,0x10,0x1F,0x80,0x53,0x5A, + 0x47,0x38,0xCE,0xBC,0xBF,0x38,0x9A,0x99,0xB3,0x63,0x71,0xEB), + .generator = chunk_from_chars( + 0xAC,0x40,0x32,0xEF,0x4F,0x2D,0x9A,0xE3,0x9D,0xF3,0x0B,0x5C,0x8F,0xFD,0xAC,0x50, + 0x6C,0xDE,0xBE,0x7B,0x89,0x99,0x8C,0xAF,0x74,0x86,0x6A,0x08,0xCF,0xE4,0xFF,0xE3, + 0xA6,0x82,0x4A,0x4E,0x10,0xB9,0xA6,0xF0,0xDD,0x92,0x1F,0x01,0xA7,0x0C,0x4A,0xFA, + 0xAB,0x73,0x9D,0x77,0x00,0xC2,0x9F,0x52,0xC5,0x7D,0xB1,0x7C,0x62,0x0A,0x86,0x52, + 0xBE,0x5E,0x90,0x01,0xA8,0xD6,0x6A,0xD7,0xC1,0x76,0x69,0x10,0x19,0x99,0x02,0x4A, + 0xF4,0xD0,0x27,0x27,0x5A,0xC1,0x34,0x8B,0xB8,0xA7,0x62,0xD0,0x52,0x1B,0xC9,0x8A, + 0xE2,0x47,0x15,0x04,0x22,0xEA,0x1E,0xD4,0x09,0x93,0x9D,0x54,0xDA,0x74,0x60,0xCD, + 0xB5,0xF6,0xC6,0xB2,0x50,0x71,0x7C,0xBE,0xF1,0x80,0xEB,0x34,0x11,0x8E,0x98,0xD1, + 0x19,0x52,0x9A,0x45,0xD6,0xF8,0x34,0x56,0x6E,0x30,0x25,0xE3,0x16,0xA3,0x30,0xEF, + 0xBB,0x77,0xA8,0x6F,0x0C,0x1A,0xB1,0x5B,0x05,0x1A,0xE3,0xD4,0x28,0xC8,0xF8,0xAC, + 0xB7,0x0A,0x81,0x37,0x15,0x0B,0x8E,0xEB,0x10,0xE1,0x83,0xED,0xD1,0x99,0x63,0xDD, + 0xD9,0xE2,0x63,0xE4,0x77,0x05,0x89,0xEF,0x6A,0xA2,0x1E,0x7F,0x5F,0x2F,0xF3,0x81, + 0xB5,0x39,0xCC,0xE3,0x40,0x9D,0x13,0xCD,0x56,0x6A,0xFB,0xB4,0x8D,0x6C,0x01,0x91, + 0x81,0xE1,0xBC,0xFE,0x94,0xB3,0x02,0x69,0xED,0xFE,0x72,0xFE,0x9B,0x6A,0xA4,0xBD, + 0x7B,0x5A,0x0F,0x1C,0x71,0xCF,0xFF,0x4C,0x19,0xC4,0x18,0xE1,0xF6,0xEC,0x01,0x79, + 0x81,0xBC,0x08,0x7F,0x2A,0x70,0x65,0xB3,0x84,0xB8,0x90,0xD3,0x19,0x1F,0x2B,0xFA), + .prime = chunk_from_chars( + 0xAD,0x10,0x7E,0x1E,0x91,0x23,0xA9,0xD0,0xD6,0x60,0xFA,0xA7,0x95,0x59,0xC5,0x1F, + 0xA2,0x0D,0x64,0xE5,0x68,0x3B,0x9F,0xD1,0xB5,0x4B,0x15,0x97,0xB6,0x1D,0x0A,0x75, + 0xE6,0xFA,0x14,0x1D,0xF9,0x5A,0x56,0xDB,0xAF,0x9A,0x3C,0x40,0x7B,0xA1,0xDF,0x15, + 0xEB,0x3D,0x68,0x8A,0x30,0x9C,0x18,0x0E,0x1D,0xE6,0xB8,0x5A,0x12,0x74,0xA0,0xA6, + 0x6D,0x3F,0x81,0x52,0xAD,0x6A,0xC2,0x12,0x90,0x37,0xC9,0xED,0xEF,0xDA,0x4D,0xF8, + 0xD9,0x1E,0x8F,0xEF,0x55,0xB7,0x39,0x4B,0x7A,0xD5,0xB7,0xD0,0xB6,0xC1,0x22,0x07, + 0xC9,0xF9,0x8D,0x11,0xED,0x34,0xDB,0xF6,0xC6,0xBA,0x0B,0x2C,0x8B,0xBC,0x27,0xBE, + 0x6A,0x00,0xE0,0xA0,0xB9,0xC4,0x97,0x08,0xB3,0xBF,0x8A,0x31,0x70,0x91,0x88,0x36, + 0x81,0x28,0x61,0x30,0xBC,0x89,0x85,0xDB,0x16,0x02,0xE7,0x14,0x41,0x5D,0x93,0x30, + 0x27,0x82,0x73,0xC7,0xDE,0x31,0xEF,0xDC,0x73,0x10,0xF7,0x12,0x1F,0xD5,0xA0,0x74, + 0x15,0x98,0x7D,0x9A,0xDC,0x0A,0x48,0x6D,0xCD,0xF9,0x3A,0xCC,0x44,0x32,0x83,0x87, + 0x31,0x5D,0x75,0xE1,0x98,0xC6,0x41,0xA4,0x80,0xCD,0x86,0xA1,0xB9,0xE5,0x87,0xE8, + 0xBE,0x60,0xE6,0x9C,0xC9,0x28,0xB2,0xB9,0xC5,0x21,0x72,0xE4,0x13,0x04,0x2E,0x9B, + 0x23,0xF1,0x0B,0x0E,0x16,0xE7,0x97,0x63,0xC9,0xB5,0x3D,0xCF,0x4B,0xA8,0x0A,0x29, + 0xE3,0xFB,0x73,0xC1,0x6B,0x8E,0x75,0xB9,0x7E,0xF3,0x63,0xE2,0xFF,0xA3,0x1F,0x71, + 0xCF,0x9D,0xE5,0x38,0x4E,0x71,0xB8,0x1C,0x0A,0xC4,0xDF,0xFE,0x0C,0x10,0xE6,0x4F) + }, + },{ + .group = MODP_2048_256, .opt_exp = 32, .public = { + .subgroup = chunk_from_chars( + 0x8C,0xF8,0x36,0x42,0xA7,0x09,0xA0,0x97,0xB4,0x47,0x99,0x76,0x40,0x12,0x9D,0xA2, + 0x99,0xB1,0xA4,0x7D,0x1E,0xB3,0x75,0x0B,0xA3,0x08,0xB0,0xFE,0x64,0xF5,0xFB,0xD3), + .generator = chunk_from_chars( + 0x3F,0xB3,0x2C,0x9B,0x73,0x13,0x4D,0x0B,0x2E,0x77,0x50,0x66,0x60,0xED,0xBD,0x48, + 0x4C,0xA7,0xB1,0x8F,0x21,0xEF,0x20,0x54,0x07,0xF4,0x79,0x3A,0x1A,0x0B,0xA1,0x25, + 0x10,0xDB,0xC1,0x50,0x77,0xBE,0x46,0x3F,0xFF,0x4F,0xED,0x4A,0xAC,0x0B,0xB5,0x55, + 0xBE,0x3A,0x6C,0x1B,0x0C,0x6B,0x47,0xB1,0xBC,0x37,0x73,0xBF,0x7E,0x8C,0x6F,0x62, + 0x90,0x12,0x28,0xF8,0xC2,0x8C,0xBB,0x18,0xA5,0x5A,0xE3,0x13,0x41,0x00,0x0A,0x65, + 0x01,0x96,0xF9,0x31,0xC7,0x7A,0x57,0xF2,0xDD,0xF4,0x63,0xE5,0xE9,0xEC,0x14,0x4B, + 0x77,0x7D,0xE6,0x2A,0xAA,0xB8,0xA8,0x62,0x8A,0xC3,0x76,0xD2,0x82,0xD6,0xED,0x38, + 0x64,0xE6,0x79,0x82,0x42,0x8E,0xBC,0x83,0x1D,0x14,0x34,0x8F,0x6F,0x2F,0x91,0x93, + 0xB5,0x04,0x5A,0xF2,0x76,0x71,0x64,0xE1,0xDF,0xC9,0x67,0xC1,0xFB,0x3F,0x2E,0x55, + 0xA4,0xBD,0x1B,0xFF,0xE8,0x3B,0x9C,0x80,0xD0,0x52,0xB9,0x85,0xD1,0x82,0xEA,0x0A, + 0xDB,0x2A,0x3B,0x73,0x13,0xD3,0xFE,0x14,0xC8,0x48,0x4B,0x1E,0x05,0x25,0x88,0xB9, + 0xB7,0xD2,0xBB,0xD2,0xDF,0x01,0x61,0x99,0xEC,0xD0,0x6E,0x15,0x57,0xCD,0x09,0x15, + 0xB3,0x35,0x3B,0xBB,0x64,0xE0,0xEC,0x37,0x7F,0xD0,0x28,0x37,0x0D,0xF9,0x2B,0x52, + 0xC7,0x89,0x14,0x28,0xCD,0xC6,0x7E,0xB6,0x18,0x4B,0x52,0x3D,0x1D,0xB2,0x46,0xC3, + 0x2F,0x63,0x07,0x84,0x90,0xF0,0x0E,0xF8,0xD6,0x47,0xD1,0x48,0xD4,0x79,0x54,0x51, + 0x5E,0x23,0x27,0xCF,0xEF,0x98,0xC5,0x82,0x66,0x4B,0x4C,0x0F,0x6C,0xC4,0x16,0x59), + .prime = chunk_from_chars( + 0x87,0xA8,0xE6,0x1D,0xB4,0xB6,0x66,0x3C,0xFF,0xBB,0xD1,0x9C,0x65,0x19,0x59,0x99, + 0x8C,0xEE,0xF6,0x08,0x66,0x0D,0xD0,0xF2,0x5D,0x2C,0xEE,0xD4,0x43,0x5E,0x3B,0x00, + 0xE0,0x0D,0xF8,0xF1,0xD6,0x19,0x57,0xD4,0xFA,0xF7,0xDF,0x45,0x61,0xB2,0xAA,0x30, + 0x16,0xC3,0xD9,0x11,0x34,0x09,0x6F,0xAA,0x3B,0xF4,0x29,0x6D,0x83,0x0E,0x9A,0x7C, + 0x20,0x9E,0x0C,0x64,0x97,0x51,0x7A,0xBD,0x5A,0x8A,0x9D,0x30,0x6B,0xCF,0x67,0xED, + 0x91,0xF9,0xE6,0x72,0x5B,0x47,0x58,0xC0,0x22,0xE0,0xB1,0xEF,0x42,0x75,0xBF,0x7B, + 0x6C,0x5B,0xFC,0x11,0xD4,0x5F,0x90,0x88,0xB9,0x41,0xF5,0x4E,0xB1,0xE5,0x9B,0xB8, + 0xBC,0x39,0xA0,0xBF,0x12,0x30,0x7F,0x5C,0x4F,0xDB,0x70,0xC5,0x81,0xB2,0x3F,0x76, + 0xB6,0x3A,0xCA,0xE1,0xCA,0xA6,0xB7,0x90,0x2D,0x52,0x52,0x67,0x35,0x48,0x8A,0x0E, + 0xF1,0x3C,0x6D,0x9A,0x51,0xBF,0xA4,0xAB,0x3A,0xD8,0x34,0x77,0x96,0x52,0x4D,0x8E, + 0xF6,0xA1,0x67,0xB5,0xA4,0x18,0x25,0xD9,0x67,0xE1,0x44,0xE5,0x14,0x05,0x64,0x25, + 0x1C,0xCA,0xCB,0x83,0xE6,0xB4,0x86,0xF6,0xB3,0xCA,0x3F,0x79,0x71,0x50,0x60,0x26, + 0xC0,0xB8,0x57,0xF6,0x89,0x96,0x28,0x56,0xDE,0xD4,0x01,0x0A,0xBD,0x0B,0xE6,0x21, + 0xC3,0xA3,0x96,0x0A,0x54,0xE7,0x10,0xC3,0x75,0xF2,0x63,0x75,0xD7,0x01,0x41,0x03, + 0xA4,0xB5,0x43,0x30,0xC1,0x98,0xAF,0x12,0x61,0x16,0xD2,0x27,0x6E,0x11,0x71,0x5F, + 0x69,0x38,0x77,0xFA,0xD7,0xEF,0x09,0xCA,0xDB,0x09,0x4A,0xE9,0x1E,0x1A,0x15,0x97) + }, + }, +}; + +/** + * Described in header. + */ +diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group) +{ + int i; + + for (i = 0; i < countof(dh_params); i++) + { + if (dh_params[i].group == group) + { + if (!dh_params[i].public.exp_len) + { + if (!dh_params[i].public.subgroup.len && + lib->settings->get_int(lib->settings, + "libstrongswan.dh_exponent_ansi_x9_42", TRUE)) + { + dh_params[i].public.exp_len = dh_params[i].public.prime.len; + } + else + { + dh_params[i].public.exp_len = dh_params[i].opt_exp; + } + } + return &dh_params[i].public; + } + } + return NULL; +} + diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 842938c3b..cdc9c785e 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -24,6 +25,7 @@ typedef enum diffie_hellman_group_t diffie_hellman_group_t; typedef struct diffie_hellman_t diffie_hellman_t; +typedef struct diffie_hellman_params_t diffie_hellman_params_t; #include <library.h> @@ -48,6 +50,9 @@ enum diffie_hellman_group_t { ECP_256_BIT = 19, ECP_384_BIT = 20, ECP_521_BIT = 21, + MODP_1024_160 = 22, + MODP_2048_224 = 23, + MODP_2048_256 = 24, ECP_192_BIT = 25, ECP_224_BIT = 26, /** insecure NULL diffie hellman group for testing, in PRIVATE USE */ @@ -70,8 +75,8 @@ struct diffie_hellman_t { * Space for returned secret is allocated and must be * freed by the caller. * - * @param secret shared secret will be written into this chunk - * @return SUCCESS, FAILED if not both DH values are set + * @param secret shared secret will be written into this chunk + * @return SUCCESS, FAILED if not both DH values are set */ status_t (*get_shared_secret) (diffie_hellman_t *this, chunk_t *secret); @@ -80,7 +85,7 @@ struct diffie_hellman_t { * * Chunk gets cloned and can be destroyed afterwards. * - * @param value public value of partner + * @param value public value of partner */ void (*set_other_public_value) (diffie_hellman_t *this, chunk_t value); @@ -106,4 +111,38 @@ struct diffie_hellman_t { void (*destroy) (diffie_hellman_t *this); }; +/** + * Parameters for a specific diffie hellman group. + */ +struct diffie_hellman_params_t { + + /** + * The prime of the group + */ + const chunk_t prime; + + /** + * Generator of the group + */ + const chunk_t generator; + + /** + * Exponent length to use + */ + size_t exp_len; + + /** + * Prime order subgroup; for MODP Groups 22-24 + */ + const chunk_t subgroup; +}; + +/** + * Get the parameters associated with the specified diffie hellman group. + * + * @param group DH group + * @return The parameters or NULL, if the group is not supported + */ +diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group); + #endif /** DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index 75816e8b3..a43dde7ea 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -59,12 +59,12 @@ struct proposal_token { u_int16_t keysize; }; -#define TOTAL_KEYWORDS 89 +#define TOTAL_KEYWORDS 95 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 12 -#define MIN_HASH_VALUE 4 -#define MAX_HASH_VALUE 123 -/* maximum key range = 120, duplicates = 0 */ +#define MIN_HASH_VALUE 5 +#define MAX_HASH_VALUE 137 +/* maximum key range = 133, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 11, - 2, 23, 5, 27, 21, 8, 5, 0, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 22, 124, 24, 0, 1, - 8, 2, 50, 0, 11, 54, 124, 124, 0, 124, - 42, 0, 124, 124, 5, 9, 34, 6, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, - 124, 124, 124, 124, 124, 124, 124 + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 3, 11, + 2, 23, 29, 27, 21, 16, 5, 0, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 17, 138, 1, 0, 1, + 9, 9, 50, 0, 4, 54, 138, 138, 1, 138, + 35, 0, 138, 138, 71, 3, 38, 22, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138, 138, 138, 138, + 138, 138, 138, 138, 138, 138, 138 }; register int hval = len; @@ -135,108 +135,115 @@ hash (str, len) static const struct proposal_token wordlist[] = { - {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, - {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, - {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, - {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, - {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, - {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, - {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, - {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, - {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, - {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, - {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, - {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, - {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, - {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, - {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, - {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, - {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, - {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, - {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, - {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, - {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, - {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, - {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, - {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, - {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, - {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, - {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, - {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, - {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, - {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, - {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, - {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, - {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, - {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, - {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, - {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256} + {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, + {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, + {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, + {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, + {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, + {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, + {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, + {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, + {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, + {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, + {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, + {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, + {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, + {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, + {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, + {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, + {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, + {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, + {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, + {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, + {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, + {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, + {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, + {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, + {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, + {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, + {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, + {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, + {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, + {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, + {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, + {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, + {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, + {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, + {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, + {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, + {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, + {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, + {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, + {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, + {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, + {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, + {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, + {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, + {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, + {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, + {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, + {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, + {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, + {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, + {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, + {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256} }; static const short lookup[] = { - -1, -1, -1, -1, 0, -1, -1, -1, 1, -1, 2, -1, 3, 4, - 5, 6, -1, 7, 8, -1, 9, 10, 11, 12, 13, 14, 15, 16, - 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, -1, - 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, - 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, - 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, -1, 70, - 71, 72, -1, -1, 73, 74, 75, 76, 77, -1, 78, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 79, 80, -1, -1, -1, -1, -1, 81, - 82, 83, -1, 84, -1, -1, -1, 85, -1, 86, 87, 88 + -1, -1, -1, -1, -1, 0, 1, -1, 2, -1, 3, -1, 4, 5, + 6, 7, -1, -1, -1, -1, 8, 9, 10, 11, 12, 13, 14, 15, + 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, 26, -1, -1, + 27, 28, 29, 30, 31, 32, 33, -1, 34, 35, 36, 37, 38, 39, + 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 57, 58, -1, 59, 60, 61, 62, 63, 64, 65, 66, + 67, 68, -1, 69, 70, 71, 72, 73, 74, 75, 76, -1, -1, 77, + 78, 79, 80, 81, -1, -1, 82, 83, -1, -1, 84, 85, -1, 86, + 87, 88, 89, -1, -1, -1, -1, -1, -1, -1, 90, 91, -1, -1, + -1, -1, -1, -1, 92, -1, 93, -1, -1, -1, -1, 94 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt index 139d689ca..338993821 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt @@ -29,92 +29,98 @@ struct proposal_token { u_int16_t keysize; }; %% -null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0 -des, ENCRYPTION_ALGORITHM, ENCR_DES, 0 -3des, ENCRYPTION_ALGORITHM, ENCR_3DES, 0 -aes, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128 -aes128, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128 -aes192, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192 -aes256, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256 -aes128ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128 -aes192ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192 -aes256ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256 -aes128ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128 -aes128ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128 -aes128ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128 -aes128ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128 -aes128ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128 -aes128ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128 -aes192ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192 -aes192ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192 -aes192ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192 -aes192ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192 -aes192ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192 -aes192ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192 -aes256ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256 -aes256ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256 -aes256ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256 -aes256ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256 -aes256ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256 -aes256ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256 -aes128gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128 -aes128gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128 -aes128gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128 -aes128gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128 -aes128gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128 -aes128gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128 -aes192gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192 -aes192gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192 -aes192gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192 -aes192gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192 -aes192gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192 -aes192gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192 -aes256gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256 -aes256gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256 -aes256gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256 -aes256gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256 -aes256gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256 -aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256 -blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 -blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 -blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192 -blowfish256, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256 -camellia, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128 -camellia128, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128 -camellia192, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192 -camellia256, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256 -cast128, ENCRYPTION_ALGORITHM, ENCR_CAST, 128 -serpent, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128 -serpent128, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128 -serpent192, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192 -serpent256, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256 -twofish, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128 -twofish128, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128 -twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192 -twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256 -sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 -sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 -sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 -sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 -sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0 -sha2_256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0 -sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0 -sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0 -sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 -sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 -md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0 -aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0 -modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0 -modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0 -modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0 -modp1536, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0 -modp2048, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0 -modp3072, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0 -modp4096, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0 -modp6144, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0 -modp8192, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0 -ecp192, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0 -ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0 -ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0 -ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0 -ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0 +null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0 +des, ENCRYPTION_ALGORITHM, ENCR_DES, 0 +3des, ENCRYPTION_ALGORITHM, ENCR_3DES, 0 +aes, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128 +aes128, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128 +aes192, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192 +aes256, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256 +aes128ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128 +aes192ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192 +aes256ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256 +aes128ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128 +aes128ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128 +aes128ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128 +aes128ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128 +aes128ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128 +aes128ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128 +aes192ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192 +aes192ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192 +aes192ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192 +aes192ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192 +aes192ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192 +aes192ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192 +aes256ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256 +aes256ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256 +aes256ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256 +aes256ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256 +aes256ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256 +aes256ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256 +aes128gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128 +aes128gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128 +aes128gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128 +aes128gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128 +aes128gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128 +aes128gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128 +aes192gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192 +aes192gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192 +aes192gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192 +aes192gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192 +aes192gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192 +aes192gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192 +aes256gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256 +aes256gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256 +aes256gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256 +aes256gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256 +aes256gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256 +aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256 +aes128gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128 +aes192gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192 +aes256gmac, ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256 +blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 +blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128 +blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192 +blowfish256, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256 +camellia, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128 +camellia128, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128 +camellia192, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192 +camellia256, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256 +cast128, ENCRYPTION_ALGORITHM, ENCR_CAST, 128 +serpent, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128 +serpent128, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128 +serpent192, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192 +serpent256, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256 +twofish, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128 +twofish128, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128 +twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192 +twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256 +sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 +sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 +sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 +sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 +sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0 +sha2_256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0 +sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0 +sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0 +sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 +sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 +md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0 +aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0 +modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0 +modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0 +modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0 +modp1536, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0 +modp2048, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0 +modp3072, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0 +modp4096, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0 +modp6144, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0 +modp8192, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0 +ecp192, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0 +ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0 +ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0 +ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0 +ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0 +modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0 +modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0 +modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0 diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c index 51b7875d8..21a7e63dd 100644 --- a/src/libstrongswan/debug.c +++ b/src/libstrongswan/debug.c @@ -17,10 +17,36 @@ #include "debug.h" +ENUM(debug_names, DBG_DMN, DBG_LIB, + "DMN", + "MGR", + "IKE", + "CHD", + "JOB", + "CFG", + "KNL", + "NET", + "ENC", + "LIB", +); + +ENUM(debug_lower_names, DBG_DMN, DBG_LIB, + "dmn", + "mgr", + "ike", + "chd", + "job", + "cfg", + "knl", + "net", + "enc", + "lib", +); + /** * level logged by the default logger */ -static int default_level = 1; +static level_t default_level = 1; /** * stream logged to by the default logger @@ -30,7 +56,7 @@ static FILE *default_stream = NULL; /** * default dbg function which printf all to stderr */ -void dbg_default(int level, char *fmt, ...) +void dbg_default(debug_t group, level_t level, char *fmt, ...) { if (!default_stream) { @@ -50,7 +76,7 @@ void dbg_default(int level, char *fmt, ...) /** * set the level logged by the default stderr logger */ -void dbg_default_set_level(int level) +void dbg_default_set_level(level_t level) { default_level = level; } @@ -66,5 +92,5 @@ void dbg_default_set_stream(FILE *stream) /** * The registered debug hook. */ -void (*dbg) (int level, char *fmt, ...) = dbg_default; +void (*dbg) (debug_t group, level_t level, char *fmt, ...) = dbg_default; diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h index 085795acb..a21111d93 100644 --- a/src/libstrongswan/debug.h +++ b/src/libstrongswan/debug.h @@ -21,26 +21,95 @@ #ifndef DEBUG_H_ #define DEBUG_H_ +typedef enum debug_t debug_t; +typedef enum level_t level_t; + #include <stdio.h> +#include "enum.h" + +/** + * Debug message group. + */ +enum debug_t { + /** daemon specific */ + DBG_DMN, + /** IKE_SA_MANAGER */ + DBG_MGR, + /** IKE_SA */ + DBG_IKE, + /** CHILD_SA */ + DBG_CHD, + /** job processing */ + DBG_JOB, + /** configuration backends */ + DBG_CFG, + /** kernel interface */ + DBG_KNL, + /** networking/sockets */ + DBG_NET, + /** message encoding/decoding */ + DBG_ENC, + /** libstrongswan */ + DBG_LIB, + /** number of groups */ + DBG_MAX, + /** pseudo group with all groups */ + DBG_ANY = DBG_MAX, +}; + +/** + * short names of debug message group. + */ +extern enum_name_t *debug_names; + +/** + * short names of debug message group, lower case. + */ +extern enum_name_t *debug_lower_names; + +/** + * Debug levels used to control output verbosity. + */ +enum level_t { + /** absolutely silent */ + LEVEL_SILENT = -1, + /** most important auditing logs */ + LEVEL_AUDIT = 0, + /** control flow */ + LEVEL_CTRL = 1, + /** diagnose problems */ + LEVEL_DIAG = 2, + /** raw binary blobs */ + LEVEL_RAW = 3, + /** including sensitive data (private keys) */ + LEVEL_PRIVATE = 4, +}; + #ifndef DEBUG_LEVEL # define DEBUG_LEVEL 4 #endif /* DEBUG_LEVEL */ /** debug macros, they call the dbg function hook */ +#if DEBUG_LEVEL >= 0 +# define DBG0(group, fmt, ...) dbg(group, 0, fmt, ##__VA_ARGS__) +#endif /* DEBUG_LEVEL */ #if DEBUG_LEVEL >= 1 -# define DBG1(fmt, ...) dbg(1, fmt, ##__VA_ARGS__) +# define DBG1(group, fmt, ...) dbg(group, 1, fmt, ##__VA_ARGS__) #endif /* DEBUG_LEVEL */ #if DEBUG_LEVEL >= 2 -# define DBG2(fmt, ...) dbg(2, fmt, ##__VA_ARGS__) +# define DBG2(group, fmt, ...) dbg(group, 2, fmt, ##__VA_ARGS__) #endif /* DEBUG_LEVEL */ #if DEBUG_LEVEL >= 3 -# define DBG3(fmt, ...) dbg(3, fmt, ##__VA_ARGS__) +# define DBG3(group, fmt, ...) dbg(group, 3, fmt, ##__VA_ARGS__) #endif /* DEBUG_LEVEL */ #if DEBUG_LEVEL >= 4 -# define DBG4(fmt, ...) dbg(4, fmt, ##__VA_ARGS__) +# define DBG4(group, fmt, ...) dbg(group, 4, fmt, ##__VA_ARGS__) #endif /* DEBUG_LEVEL */ +#ifndef DBG0 +# define DBG0(...) {} +#endif #ifndef DBG1 # define DBG1(...) {} #endif @@ -55,13 +124,13 @@ #endif /** dbg function hook, uses dbg_default() by default */ -extern void (*dbg) (int level, char *fmt, ...); +extern void (*dbg) (debug_t group, level_t level, char *fmt, ...); /** default logging function */ -void dbg_default(int level, char *fmt, ...); +void dbg_default(debug_t group, level_t level, char *fmt, ...); /** set the level logged by dbg_default() */ -void dbg_default_set_level(int level); +void dbg_default_set_level(level_t level); /** set the stream logged by dbg_default() to */ void dbg_default_set_stream(FILE *stream); diff --git a/src/libstrongswan/enum.h b/src/libstrongswan/enum.h index 6b9fd7eaa..691f9f2bc 100644 --- a/src/libstrongswan/enum.h +++ b/src/libstrongswan/enum.h @@ -22,7 +22,7 @@ #ifndef ENUM_H_ #define ENUM_H_ -#include <printf_hook.h> +#include "printf_hook.h" typedef struct enum_name_t enum_name_t; diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c index b73bfacf6..c81de032c 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.c +++ b/src/libstrongswan/fetcher/fetcher_manager.c @@ -134,7 +134,7 @@ static status_t fetch(private_fetcher_manager_t *this, this->lock->unlock(this->lock); if (!capable) { - DBG1("unable to fetch from %s, no capable fetcher found", url); + DBG1(DBG_LIB, "unable to fetch from %s, no capable fetcher found", url); } return status; } diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index 51da4e725..c9cad44ae 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -26,8 +26,8 @@ #include <sys/stat.h> #include <sys/types.h> -#include <debug.h> -#include <library.h> +#include "debug.h" +#include "library.h" typedef struct private_integrity_checker_t private_integrity_checker_t; @@ -72,13 +72,14 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file, fd = open(file, O_RDONLY); if (fd == -1) { - DBG1(" opening '%s' failed: %s", file, strerror(errno)); + DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno)); return 0; } if (fstat(fd, &sb) == -1) { - DBG1(" getting file size of '%s' failed: %s", file, strerror(errno)); + DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file, + strerror(errno)); close(fd); return 0; } @@ -86,7 +87,7 @@ static u_int32_t build_file(private_integrity_checker_t *this, char *file, addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (addr == MAP_FAILED) { - DBG1(" mapping '%s' failed: %s", file, strerror(errno)); + DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno)); close(fd); return 0; } @@ -146,13 +147,13 @@ static u_int32_t build_segment(private_integrity_checker_t *this, void *sym, if (dladdr(sym, &dli) == 0) { - DBG1(" unable to locate symbol: %s", dlerror()); + DBG1(DBG_LIB, " unable to locate symbol: %s", dlerror()); return 0; } /* we reuse the Dl_info struct as in/out parameter */ if (!dl_iterate_phdr((void*)callback, &dli)) { - DBG1(" executable section not found"); + DBG1(DBG_LIB, " executable section not found"); return 0; } @@ -192,7 +193,7 @@ static bool check_file(private_integrity_checker_t *this, cs = find_checksum(this, name); if (!cs) { - DBG1(" '%s' file checksum not found", name); + DBG1(DBG_LIB, " '%s' file checksum not found", name); return FALSE; } sum = build_file(this, file, &len); @@ -202,17 +203,17 @@ static bool check_file(private_integrity_checker_t *this, } if (cs->file_len != len) { - DBG1(" invalid '%s' file size: %u bytes, expected %u bytes", + DBG1(DBG_LIB, " invalid '%s' file size: %u bytes, expected %u bytes", name, len, cs->file_len); return FALSE; } if (cs->file != sum) { - DBG1(" invalid '%s' file checksum: %08x, expected %08x", + DBG1(DBG_LIB, " invalid '%s' file checksum: %08x, expected %08x", name, sum, cs->file); return FALSE; } - DBG2(" valid '%s' file checksum: %08x", name, sum); + DBG2(DBG_LIB, " valid '%s' file checksum: %08x", name, sum); return TRUE; } @@ -229,7 +230,7 @@ static bool check_segment(private_integrity_checker_t *this, cs = find_checksum(this, name); if (!cs) { - DBG1(" '%s' segment checksum not found", name); + DBG1(DBG_LIB, " '%s' segment checksum not found", name); return FALSE; } sum = build_segment(this, sym, &len); @@ -239,17 +240,17 @@ static bool check_segment(private_integrity_checker_t *this, } if (cs->segment_len != len) { - DBG1(" invalid '%s' segment size: %u bytes, expected %u bytes", - name, len, cs->segment_len); + DBG1(DBG_LIB, " invalid '%s' segment size: %u bytes," + " expected %u bytes", name, len, cs->segment_len); return FALSE; } if (cs->segment != sum) { - DBG1(" invalid '%s' segment checksum: %08x, expected %08x", + DBG1(DBG_LIB, " invalid '%s' segment checksum: %08x, expected %08x", name, sum, cs->segment); return FALSE; } - DBG2(" valid '%s' segment checksum: %08x", name, sum); + DBG2(DBG_LIB, " valid '%s' segment checksum: %08x", name, sum); return TRUE; } @@ -262,7 +263,7 @@ static bool check(private_integrity_checker_t *this, char *name, void *sym) if (dladdr(sym, &dli) == 0) { - DBG1("unable to locate symbol: %s", dlerror()); + DBG1(DBG_LIB, "unable to locate symbol: %s", dlerror()); return FALSE; } if (!check_file(this, name, (char*)dli.dli_fname)) @@ -319,12 +320,14 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) } else { - DBG1("checksum library '%s' invalid", checksum_library); + DBG1(DBG_LIB, "checksum library '%s' invalid", + checksum_library); } } else { - DBG1("loading checksum library '%s' failed", checksum_library); + DBG1(DBG_LIB, "loading checksum library '%s' failed", + checksum_library); } } return &this->public; diff --git a/src/libstrongswan/integrity_checker.h b/src/libstrongswan/integrity_checker.h index 7349353f3..55a4658f7 100644 --- a/src/libstrongswan/integrity_checker.h +++ b/src/libstrongswan/integrity_checker.h @@ -21,8 +21,8 @@ #ifndef INTEGRITY_CHECKER_H_ #define INTEGRITY_CHECKER_H_ -#include <utils.h> -#include <plugins/plugin.h> +#include "utils.h" +#include "plugins/plugin.h" typedef struct integrity_checker_t integrity_checker_t; typedef struct integrity_checksum_t integrity_checksum_t; diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 4e8bb87d0..108ac2ca0 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -18,14 +18,12 @@ #include <stdlib.h> -#include <utils.h> -#include <chunk.h> -#include <debug.h> -#include <threading/thread.h> -#include <utils/identification.h> -#include <utils/host.h> +#include "debug.h" +#include "threading/thread.h" +#include "utils/identification.h" +#include "utils/host.h" #ifdef LEAK_DETECTIVE -#include <utils/leak_detective.h> +#include "utils/leak_detective.h" #endif #define CHECKSUM_LIBRARY IPSEC_DIR"/libchecksum.so" @@ -68,7 +66,6 @@ void library_deinit() this->public.encoding->destroy(this->public.encoding); this->public.crypto->destroy(this->public.crypto); this->public.fetcher->destroy(this->public.fetcher); - this->public.attributes->destroy(this->public.attributes); this->public.db->destroy(this->public.db); this->public.printf_hook->destroy(this->public.printf_hook); if (this->public.integrity) @@ -133,7 +130,6 @@ bool library_init(char *settings) this->public.creds = credential_factory_create(); this->public.encoding = key_encoding_create(); this->public.fetcher = fetcher_manager_create(); - this->public.attributes = attribute_manager_create(); this->public.db = database_factory_create(); this->public.plugins = plugin_loader_create(); this->public.integrity = NULL; @@ -145,11 +141,11 @@ bool library_init(char *settings) this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY); if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init)) { - DBG1("integrity check of libstrongswan failed"); + DBG1(DBG_LIB, "integrity check of libstrongswan failed"); return FALSE; } #else /* !INTEGRITY_TEST */ - DBG1("integrity test enabled, but not supported"); + DBG1(DBG_LIB, "integrity test enabled, but not supported"); return FALSE; #endif /* INTEGRITY_TEST */ } diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 78a6fe0a9..241084155 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -55,18 +55,17 @@ #ifndef LIBRARY_H_ #define LIBRARY_H_ -#include <printf_hook.h> -#include <utils.h> -#include <chunk.h> -#include <settings.h> -#include <integrity_checker.h> -#include <plugins/plugin_loader.h> -#include <crypto/crypto_factory.h> -#include <fetcher/fetcher_manager.h> -#include <attributes/attribute_manager.h> -#include <database/database_factory.h> -#include <credentials/credential_factory.h> -#include <credentials/keys/key_encoding.h> +#include "printf_hook.h" +#include "utils.h" +#include "chunk.h" +#include "settings.h" +#include "integrity_checker.h" +#include "plugins/plugin_loader.h" +#include "crypto/crypto_factory.h" +#include "fetcher/fetcher_manager.h" +#include "database/database_factory.h" +#include "credentials/credential_factory.h" +#include "credentials/keys/key_encoding.h" typedef struct library_t library_t; @@ -101,11 +100,6 @@ struct library_t { fetcher_manager_t *fetcher; /** - * manager for payload attributes - */ - attribute_manager_t *attributes; - - /** * database construction factory */ database_factory_t *db; diff --git a/src/libstrongswan/plugins/aes/Makefile.am b/src/libstrongswan/plugins/aes/Makefile.am index a3101172f..e72daeb44 100644 --- a/src/libstrongswan/plugins/aes/Makefile.am +++ b/src/libstrongswan/plugins/aes/Makefile.am @@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-aes.la +else plugin_LTLIBRARIES = libstrongswan-aes.la +endif -libstrongswan_aes_la_SOURCES = aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h -libstrongswan_aes_la_LDFLAGS = -module -avoid-version +libstrongswan_aes_la_SOURCES = \ + aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h +libstrongswan_aes_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 03ef465e0..391d23049 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -72,13 +72,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_aes_la_LIBADD = am_libstrongswan_aes_la_OBJECTS = aes_plugin.lo aes_crypter.lo libstrongswan_aes_la_OBJECTS = $(am_libstrongswan_aes_la_OBJECTS) libstrongswan_aes_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_aes_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_aes_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_aes_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-aes.la -libstrongswan_aes_la_SOURCES = aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-aes.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-aes.la +libstrongswan_aes_la_SOURCES = \ + aes_plugin.h aes_plugin.c aes_crypter.c aes_crypter.h + libstrongswan_aes_la_LDFLAGS = -module -avoid-version all: all-am @@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-aes.la: $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_DEPENDENCIES) - $(libstrongswan_aes_la_LINK) -rpath $(plugindir) $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_LIBADD) $(LIBS) + $(libstrongswan_aes_la_LINK) $(am_libstrongswan_aes_la_rpath) $(libstrongswan_aes_la_OBJECTS) $(libstrongswan_aes_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -476,8 +491,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index c6215cc7f..1e920f8cc 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_aes_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *aes_plugin_create() { private_aes_plugin_t *this = malloc_thing(private_aes_plugin_t); diff --git a/src/libstrongswan/plugins/aes/aes_plugin.h b/src/libstrongswan/plugins/aes/aes_plugin.h index a6ff620ed..f0f0e8154 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.h +++ b/src/libstrongswan/plugins/aes/aes_plugin.h @@ -39,9 +39,4 @@ struct aes_plugin_t { plugin_t plugin; }; -/** - * Create a aes_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** AES_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/agent/Makefile.am b/src/libstrongswan/plugins/agent/Makefile.am index e1000e562..ffa6e8b7f 100644 --- a/src/libstrongswan/plugins/agent/Makefile.am +++ b/src/libstrongswan/plugins/agent/Makefile.am @@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-agent.la +else plugin_LTLIBRARIES = libstrongswan-agent.la +endif -libstrongswan_agent_la_SOURCES = agent_plugin.h agent_plugin.c \ - agent_private_key.c agent_private_key.h +libstrongswan_agent_la_SOURCES = \ + agent_plugin.h agent_plugin.c \ + agent_private_key.c agent_private_key.h libstrongswan_agent_la_LDFLAGS = -module -avoid-version - diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index 5bf52aa56..bd6465374 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_agent_la_LIBADD = am_libstrongswan_agent_la_OBJECTS = agent_plugin.lo \ agent_private_key.lo @@ -80,6 +80,9 @@ libstrongswan_agent_la_OBJECTS = $(am_libstrongswan_agent_la_OBJECTS) libstrongswan_agent_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_agent_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_agent_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_agent_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,9 +258,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-agent.la -libstrongswan_agent_la_SOURCES = agent_plugin.h agent_plugin.c \ - agent_private_key.c agent_private_key.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-agent.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-agent.la +libstrongswan_agent_la_SOURCES = \ + agent_plugin.h agent_plugin.c \ + agent_private_key.c agent_private_key.h libstrongswan_agent_la_LDFLAGS = -module -avoid-version all: all-am @@ -293,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -325,7 +340,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-agent.la: $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_DEPENDENCIES) - $(libstrongswan_agent_la_LINK) -rpath $(plugindir) $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_LIBADD) $(LIBS) + $(libstrongswan_agent_la_LINK) $(am_libstrongswan_agent_la_rpath) $(libstrongswan_agent_la_OBJECTS) $(libstrongswan_agent_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -479,8 +494,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -551,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index 299b2cc1d..d40b437bb 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_agent_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *agent_plugin_create() { private_agent_plugin_t *this = malloc_thing(private_agent_plugin_t); diff --git a/src/libstrongswan/plugins/agent/agent_plugin.h b/src/libstrongswan/plugins/agent/agent_plugin.h index e49af42d8..d352c305c 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.h +++ b/src/libstrongswan/plugins/agent/agent_plugin.h @@ -39,9 +39,4 @@ struct agent_plugin_t { plugin_t plugin; }; -/** - * Create a agent_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** AGENT_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index d0a2da87f..4247f849e 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -137,7 +137,8 @@ static int open_connection(char *path) s = socket(AF_UNIX, SOCK_STREAM, 0); if (s == -1) { - DBG1("opening ssh-agent socket %s failed: %s:", path, strerror(errno)); + DBG1(DBG_LIB, "opening ssh-agent socket %s failed: %s:", path, + strerror(errno)); return -1; } @@ -147,7 +148,8 @@ static int open_connection(char *path) if (connect(s, (struct sockaddr*)&addr, SUN_LEN(&addr)) != 0) { - DBG1("connecting to ssh-agent socket failed: %s", strerror(errno)); + DBG1(DBG_LIB, "connecting to ssh-agent socket failed: %s", + strerror(errno)); close(s); return -1; } @@ -168,7 +170,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, &buf, 1) != 1) { - DBG1("writing to ssh-agent failed"); + DBG1(DBG_LIB, "writing to ssh-agent failed"); return FALSE; } @@ -179,7 +181,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) read_uint32(&blob) != blob.len || read_byte(&blob) != SSH_AGENT_ID_RESPONSE) { - DBG1("received invalid ssh-agent identity response"); + DBG1(DBG_LIB, "received invalid ssh-agent identity response"); return FALSE; } count = read_uint32(&blob); @@ -231,7 +233,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, if (scheme != SIGN_RSA_EMSA_PKCS1_SHA1) { - DBG1("signature scheme %N not supported by ssh-agent", + DBG1(DBG_LIB, "signature scheme %N not supported by ssh-agent", signature_scheme_names, scheme); return FALSE; } @@ -241,7 +243,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, &buf, 1) != 1) { - DBG1("writing to ssh-agent failed"); + DBG1(DBG_LIB, "writing to ssh-agent failed"); return FALSE; } @@ -249,7 +251,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, this->key.ptr, this->key.len) != this->key.len) { - DBG1("writing to ssh-agent failed"); + DBG1(DBG_LIB, "writing to ssh-agent failed"); return FALSE; } @@ -257,14 +259,14 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, data.ptr, data.len) != data.len) { - DBG1("writing to ssh-agent failed"); + DBG1(DBG_LIB, "writing to ssh-agent failed"); return FALSE; } flags = htonl(0); if (write(this->socket, &flags, sizeof(flags)) != sizeof(flags)) { - DBG1("writing to ssh-agent failed"); + DBG1(DBG_LIB, "writing to ssh-agent failed"); return FALSE; } @@ -274,7 +276,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, read_uint32(&blob) != blob.len || read_byte(&blob) != SSH_AGENT_SIGN_RESPONSE) { - DBG1("received invalid ssh-agent signature response"); + DBG1(DBG_LIB, "received invalid ssh-agent signature response"); return FALSE; } /* parse length */ @@ -285,7 +287,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme, blob = read_string(&blob); if (!blob.len) { - DBG1("received invalid ssh-agent signature response"); + DBG1(DBG_LIB, "received invalid ssh-agent signature response"); return FALSE; } *signature = chunk_clone(blob); @@ -306,7 +308,7 @@ static key_type_t get_type(private_agent_private_key_t *this) static bool decrypt(private_agent_private_key_t *this, chunk_t crypto, chunk_t *plain) { - DBG1("private key decryption not supported by ssh-agent"); + DBG1(DBG_LIB, "private key decryption not supported by ssh-agent"); return FALSE; } diff --git a/src/libstrongswan/plugins/attr_sql/Makefile.am b/src/libstrongswan/plugins/attr_sql/Makefile.am deleted file mode 100644 index 5be310abf..000000000 --- a/src/libstrongswan/plugins/attr_sql/Makefile.am +++ /dev/null @@ -1,15 +0,0 @@ - -INCLUDES = -I$(top_srcdir)/src/libstrongswan - -AM_CFLAGS = -rdynamic \ - -DPLUGINS=\""${libstrongswan_plugins}\"" - -plugin_LTLIBRARIES = libstrongswan-attr-sql.la -libstrongswan_attr_sql_la_SOURCES = \ - attr_sql_plugin.h attr_sql_plugin.c \ - sql_attribute.h sql_attribute.c -libstrongswan_attr_sql_la_LDFLAGS = -module -avoid-version - -ipsec_PROGRAMS = pool -pool_SOURCES = pool.c -pool_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la diff --git a/src/libstrongswan/plugins/blowfish/Makefile.am b/src/libstrongswan/plugins/blowfish/Makefile.am index de8948445..95c414204 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.am +++ b/src/libstrongswan/plugins/blowfish/Makefile.am @@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-blowfish.la +else plugin_LTLIBRARIES = libstrongswan-blowfish.la +endif libstrongswan_blowfish_la_SOURCES = \ -blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \ -bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c -libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version + blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \ + bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c +libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 7b55d69c7..f95a4abe5 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_blowfish_la_LIBADD = am_libstrongswan_blowfish_la_OBJECTS = blowfish_plugin.lo \ blowfish_crypter.lo bf_skey.lo bf_enc.lo @@ -82,6 +82,9 @@ libstrongswan_blowfish_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_blowfish_la_LDFLAGS) \ $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_blowfish_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_blowfish_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -256,10 +260,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-blowfish.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-blowfish.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-blowfish.la libstrongswan_blowfish_la_SOURCES = \ -blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \ -bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c + blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \ + bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c libstrongswan_blowfish_la_LDFLAGS = -module -avoid-version all: all-am @@ -296,6 +301,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-blowfish.la: $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_DEPENDENCIES) - $(libstrongswan_blowfish_la_LINK) -rpath $(plugindir) $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_LIBADD) $(LIBS) + $(libstrongswan_blowfish_la_LINK) $(am_libstrongswan_blowfish_la_rpath) $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -484,8 +498,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -556,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index 993dc8b3b..f9fb605b3 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -45,7 +45,7 @@ static void destroy(private_blowfish_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *blowfish_plugin_create() { private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t); diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h index 596a7c791..6a87f42ee 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h @@ -40,9 +40,4 @@ struct blowfish_plugin_t { plugin_t plugin; }; -/** - * Create a blowfish_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** BLOWFISH_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/curl/Makefile.am b/src/libstrongswan/plugins/curl/Makefile.am index f0a41e4ad..43718f678 100644 --- a/src/libstrongswan/plugins/curl/Makefile.am +++ b/src/libstrongswan/plugins/curl/Makefile.am @@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-curl.la +else plugin_LTLIBRARIES = libstrongswan-curl.la +endif + +libstrongswan_curl_la_SOURCES = \ + curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h -libstrongswan_curl_la_SOURCES = curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h libstrongswan_curl_la_LDFLAGS = -module -avoid-version libstrongswan_curl_la_LIBADD = -lcurl - diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 32b2504fe..1952b22e7 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -72,13 +72,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_curl_la_DEPENDENCIES = am_libstrongswan_curl_la_OBJECTS = curl_plugin.lo curl_fetcher.lo libstrongswan_curl_la_OBJECTS = $(am_libstrongswan_curl_la_OBJECTS) libstrongswan_curl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_curl_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_curl_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_curl_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-curl.la -libstrongswan_curl_la_SOURCES = curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-curl.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-curl.la +libstrongswan_curl_la_SOURCES = \ + curl_plugin.h curl_plugin.c curl_fetcher.c curl_fetcher.h + libstrongswan_curl_la_LDFLAGS = -module -avoid-version libstrongswan_curl_la_LIBADD = -lcurl all: all-am @@ -291,6 +297,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -323,7 +338,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-curl.la: $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_DEPENDENCIES) - $(libstrongswan_curl_la_LINK) -rpath $(plugindir) $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_LIBADD) $(LIBS) + $(libstrongswan_curl_la_LINK) $(am_libstrongswan_curl_la_rpath) $(libstrongswan_curl_la_OBJECTS) $(libstrongswan_curl_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -477,8 +492,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -549,18 +564,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 08315e932..2341c9052 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -84,7 +84,7 @@ METHOD(fetcher_t, fetch, status_t, curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers); } - DBG2(" sending http request to '%s'...", uri); + DBG2(DBG_LIB, " sending http request to '%s'...", uri); switch (curl_easy_perform(this->curl)) { case CURLE_UNSUPPORTED_PROTOCOL: @@ -94,7 +94,7 @@ METHOD(fetcher_t, fetch, status_t, status = SUCCESS; break; default: - DBG1("libcurl http request failed: %s", error); + DBG1(DBG_LIB, "libcurl http request failed: %s", error); status = FAILED; break; } diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 13dfa053f..e00fcfc03 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -48,7 +48,7 @@ static void destroy(private_curl_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *curl_plugin_create() { CURLcode res; private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t); @@ -69,7 +69,7 @@ plugin_t *plugin_create() } else { - DBG1("global libcurl initializing failed: %s, curl disabled", + DBG1(DBG_LIB, "global libcurl initializing failed: %s, curl disabled", curl_easy_strerror(res)); } return &this->public.plugin; diff --git a/src/libstrongswan/plugins/curl/curl_plugin.h b/src/libstrongswan/plugins/curl/curl_plugin.h index 1b748446b..ae17285c2 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.h +++ b/src/libstrongswan/plugins/curl/curl_plugin.h @@ -39,9 +39,4 @@ struct curl_plugin_t { plugin_t plugin; }; -/** - * Create a curl_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** CURL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/des/Makefile.am b/src/libstrongswan/plugins/des/Makefile.am index 76cfbc419..c7d9ce915 100644 --- a/src/libstrongswan/plugins/des/Makefile.am +++ b/src/libstrongswan/plugins/des/Makefile.am @@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-des.la +else plugin_LTLIBRARIES = libstrongswan-des.la +endif -libstrongswan_des_la_SOURCES = des_plugin.h des_plugin.c des_crypter.c des_crypter.h -libstrongswan_des_la_LDFLAGS = -module -avoid-version +libstrongswan_des_la_SOURCES = \ + des_plugin.h des_plugin.c des_crypter.c des_crypter.h +libstrongswan_des_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index f68b4bd03..af351cfe3 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -72,13 +72,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_des_la_LIBADD = am_libstrongswan_des_la_OBJECTS = des_plugin.lo des_crypter.lo libstrongswan_des_la_OBJECTS = $(am_libstrongswan_des_la_OBJECTS) libstrongswan_des_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_des_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_des_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_des_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-des.la -libstrongswan_des_la_SOURCES = des_plugin.h des_plugin.c des_crypter.c des_crypter.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-des.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-des.la +libstrongswan_des_la_SOURCES = \ + des_plugin.h des_plugin.c des_crypter.c des_crypter.h + libstrongswan_des_la_LDFLAGS = -module -avoid-version all: all-am @@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-des.la: $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_DEPENDENCIES) - $(libstrongswan_des_la_LINK) -rpath $(plugindir) $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_LIBADD) $(LIBS) + $(libstrongswan_des_la_LINK) $(am_libstrongswan_des_la_rpath) $(libstrongswan_des_la_OBJECTS) $(libstrongswan_des_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -476,8 +491,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index 649d224ab..afc82e8d4 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_des_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *des_plugin_create() { private_des_plugin_t *this = malloc_thing(private_des_plugin_t); diff --git a/src/libstrongswan/plugins/des/des_plugin.h b/src/libstrongswan/plugins/des/des_plugin.h index 17df220bc..cfff420c0 100644 --- a/src/libstrongswan/plugins/des/des_plugin.h +++ b/src/libstrongswan/plugins/des/des_plugin.h @@ -39,9 +39,4 @@ struct des_plugin_t { plugin_t plugin; }; -/** - * Create a des_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** DES_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.am b/src/libstrongswan/plugins/dnskey/Makefile.am index fd020f505..fbba95e0a 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.am +++ b/src/libstrongswan/plugins/dnskey/Makefile.am @@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-dnskey.la +else plugin_LTLIBRARIES = libstrongswan-dnskey.la +endif -libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \ - dnskey_builder.h dnskey_builder.c +libstrongswan_dnskey_la_SOURCES = \ + dnskey_plugin.h dnskey_plugin.c \ + dnskey_builder.h dnskey_builder.c libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version - diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index d7d5ff29b..1f1f90127 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_dnskey_la_LIBADD = am_libstrongswan_dnskey_la_OBJECTS = dnskey_plugin.lo \ dnskey_builder.lo @@ -81,6 +81,9 @@ libstrongswan_dnskey_la_OBJECTS = \ libstrongswan_dnskey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_dnskey_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_dnskey_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_dnskey_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,9 +259,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-dnskey.la -libstrongswan_dnskey_la_SOURCES = dnskey_plugin.h dnskey_plugin.c \ - dnskey_builder.h dnskey_builder.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-dnskey.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-dnskey.la +libstrongswan_dnskey_la_SOURCES = \ + dnskey_plugin.h dnskey_plugin.c \ + dnskey_builder.h dnskey_builder.c libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version all: all-am @@ -294,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-dnskey.la: $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_DEPENDENCIES) - $(libstrongswan_dnskey_la_LINK) -rpath $(plugindir) $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_LIBADD) $(LIBS) + $(libstrongswan_dnskey_la_LINK) $(am_libstrongswan_dnskey_la_rpath) $(libstrongswan_dnskey_la_OBJECTS) $(libstrongswan_dnskey_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -480,8 +495,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -552,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c index ba20e7158..ea4eb6cda 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_builder.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c @@ -52,7 +52,7 @@ static dnskey_public_key_t *parse_public_key(chunk_t blob) if (blob.len < sizeof(dnskey_rr_t)) { - DBG1("DNSKEY too short"); + DBG1(DBG_LIB, "DNSKEY too short"); return NULL; } blob = chunk_skip(blob, sizeof(dnskey_rr_t)); @@ -63,7 +63,8 @@ static dnskey_public_key_t *parse_public_key(chunk_t blob) return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_DNSKEY, blob, BUILD_END); default: - DBG1("DNSKEY public key algorithm %d not supported", rr->algorithm); + DBG1(DBG_LIB, "DNSKEY public key algorithm %d not supported", + rr->algorithm); return NULL; } } @@ -77,7 +78,7 @@ static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob) if (blob.len < 3) { - DBG1("RFC 3110 public key blob too short for exponent length"); + DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent length"); return NULL; } @@ -94,7 +95,7 @@ static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob) e.ptr = blob.ptr; if (e.len >= blob.len) { - DBG1("RFC 3110 public key blob too short for exponent"); + DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent"); return NULL; } n = chunk_skip(blob, e.len); diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c index 83dbe31a1..125047b05 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_dnskey_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *dnskey_plugin_create() { private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t); diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h index 17790e1c6..8b49bd6cb 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.h +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.h @@ -39,9 +39,4 @@ struct dnskey_plugin_t { plugin_t plugin; }; -/** - * Create a dnskey_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** DNSKEY_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.am b/src/libstrongswan/plugins/fips_prf/Makefile.am index d9431947e..c9cf2c977 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.am +++ b/src/libstrongswan/plugins/fips_prf/Makefile.am @@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-fips-prf.la +else plugin_LTLIBRARIES = libstrongswan-fips-prf.la +endif -libstrongswan_fips_prf_la_SOURCES = fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h -libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version +libstrongswan_fips_prf_la_SOURCES = \ + fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h +libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index b23af6def..70553fbd8 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_fips_prf_la_LIBADD = am_libstrongswan_fips_prf_la_OBJECTS = fips_prf_plugin.lo fips_prf.lo libstrongswan_fips_prf_la_OBJECTS = \ @@ -81,6 +81,9 @@ libstrongswan_fips_prf_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_fips_prf_la_LDFLAGS) \ $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_fips_prf_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_fips_prf_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,8 +259,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-fips-prf.la -libstrongswan_fips_prf_la_SOURCES = fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-fips-prf.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-fips-prf.la +libstrongswan_fips_prf_la_SOURCES = \ + fips_prf_plugin.h fips_prf_plugin.c fips_prf.c fips_prf.h + libstrongswan_fips_prf_la_LDFLAGS = -module -avoid-version all: all-am @@ -292,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-fips-prf.la: $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_DEPENDENCIES) - $(libstrongswan_fips_prf_la_LINK) -rpath $(plugindir) $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_LIBADD) $(LIBS) + $(libstrongswan_fips_prf_la_LINK) $(am_libstrongswan_fips_prf_la_rpath) $(libstrongswan_fips_prf_la_OBJECTS) $(libstrongswan_fips_prf_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -478,8 +494,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -550,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index 123d2a244..ad03fa585 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -126,14 +126,14 @@ static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) { /* a. XVAL = (XKEY + XSEED j) mod 2^b */ add_mod(this->b, xkey, xseed, xval); - DBG3("XVAL %b", xval, this->b); + DBG3(DBG_LIB, "XVAL %b", xval, this->b); /* b. wi = G(t, XVAL ) */ this->g(this, chunk_create(xval, this->b), &w[i * this->b]); - DBG3("w[%d] %b", i, &w[i * this->b], this->b); + DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], this->b); /* c. XKEY = (1 + XKEY + wi) mod 2b */ add_mod(this->b, xkey, &w[i * this->b], sum); add_mod(this->b, sum, one, xkey); - DBG3("XKEY %b", xkey, this->b); + DBG3(DBG_LIB, "XKEY %b", xkey, this->b); } /* 3.3 done already, mod q not used */ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 6c0842f81..f41265637 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_fips_prf_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *fips_prf_plugin_create() { private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t); diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h index 8d65254ba..3bd26ad45 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.h @@ -39,9 +39,4 @@ struct fips_prf_plugin_t { plugin_t plugin; }; -/** - * Create a fips_prf_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** FIPS_PRF_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am index a468a5ed9..48bf916ab 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.am +++ b/src/libstrongswan/plugins/gcrypt/Makefile.am @@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-gcrypt.la +else plugin_LTLIBRARIES = libstrongswan-gcrypt.la +endif -libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ +libstrongswan_gcrypt_la_SOURCES = \ + gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \ gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \ gcrypt_dh.h gcrypt_dh.c \ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index c3081e2dd..35829c950 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_gcrypt_la_DEPENDENCIES = am_libstrongswan_gcrypt_la_OBJECTS = gcrypt_plugin.lo \ gcrypt_rsa_public_key.lo gcrypt_rsa_private_key.lo \ @@ -82,6 +82,9 @@ libstrongswan_gcrypt_la_OBJECTS = \ libstrongswan_gcrypt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_gcrypt_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_gcrypt_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_gcrypt_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -220,6 +223,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -256,8 +260,10 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-gcrypt.la -libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gcrypt.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gcrypt.la +libstrongswan_gcrypt_la_SOURCES = \ + gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \ gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \ gcrypt_dh.h gcrypt_dh.c \ @@ -301,6 +307,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -333,7 +348,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-gcrypt.la: $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_DEPENDENCIES) - $(libstrongswan_gcrypt_la_LINK) -rpath $(plugindir) $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_LIBADD) $(LIBS) + $(libstrongswan_gcrypt_la_LINK) $(am_libstrongswan_gcrypt_la_rpath) $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -492,8 +507,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -564,18 +579,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index 1eee6226d..5dbdde32c 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -234,7 +234,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0); if (err) { - DBG1("grcy_cipher_open(%N) failed: %s", + DBG1(DBG_LIB, "grcy_cipher_open(%N) failed: %s", encryption_algorithm_names, algo, gpg_strerror(err)); free(this); return NULL; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index 59c82f1e7..08d6239ad 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2009 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -19,310 +20,6 @@ #include <debug.h> -/** - * Modulus of Group 1 (MODP_768_BIT). - */ -static u_int8_t group1_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 2 (MODP_1024_BIT). - */ -static u_int8_t group2_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 5 (MODP_1536_BIT). - */ -static u_int8_t group5_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; -/** - * Modulus of Group 14 (MODP_2048_BIT). - */ -static u_int8_t group14_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 15 (MODP_3072_BIT). - */ -static u_int8_t group15_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, - 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, - 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, - 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, - 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, - 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, - 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, - 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 16 (MODP_4096_BIT). - */ -static u_int8_t group16_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, - 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, - 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, - 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, - 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, - 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, - 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, - 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, - 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, - 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, - 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, - 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, - 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, - 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, - 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, - 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 17 (MODP_6144_BIT). - */ -static u_int8_t group17_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, - 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, - 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, - 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, - 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, - 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, - 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, - 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, - 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, - 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, - 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, - 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, - 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, - 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, - 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, - 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26, - 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, - 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE, - 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18, - 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, - 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42, - 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC, - 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, - 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E, - 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE, - 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, - 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0, - 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76, - 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, - 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, - 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, - 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 18 (MODP_8192_BIT). - */ -static u_int8_t group18_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, - 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, - 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, - 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, - 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, - 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, - 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, - 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, - 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, - 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, - 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, - 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, - 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, - 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, - 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, - 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26, - 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, - 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE, - 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18, - 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, - 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42, - 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC, - 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, - 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E, - 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE, - 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, - 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0, - 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76, - 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, - 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, - 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, - 0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4, - 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA, - 0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED, - 0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68, - 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D, - 0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07, - 0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B, - 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8, - 0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6, - 0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36, - 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D, - 0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73, - 0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92, - 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B, - 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA, - 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, - 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -}; - -typedef struct modulus_entry_t modulus_entry_t; - -/** - * Entry of the modulus list. - */ -struct modulus_entry_t { - /** IKEv2 DH group */ - diffie_hellman_group_t group; - /** modulus */ - chunk_t modulus; - /** optimum length of exponent in bytes */ - size_t opt_len; - /** generator */ - u_int16_t g; -}; - -/** - * All supported modulus values - optimum exponent size according to RFC 3526. - */ -static modulus_entry_t modulus_entries[] = { - {MODP_768_BIT, {group1_modulus, sizeof(group1_modulus)}, 32, 2}, - {MODP_1024_BIT, {group2_modulus, sizeof(group2_modulus)}, 32, 2}, - {MODP_1536_BIT, {group5_modulus, sizeof(group5_modulus)}, 32, 2}, - {MODP_2048_BIT, {group14_modulus, sizeof(group14_modulus)}, 48, 2}, - {MODP_3072_BIT, {group15_modulus, sizeof(group15_modulus)}, 48, 2}, - {MODP_4096_BIT, {group16_modulus, sizeof(group16_modulus)}, 64, 2}, - {MODP_6144_BIT, {group17_modulus, sizeof(group17_modulus)}, 64, 2}, - {MODP_8192_BIT, {group18_modulus, sizeof(group18_modulus)}, 64, 2}, -}; - -/** - * Lookup the modulus in modulo table - */ -static modulus_entry_t *find_entry(diffie_hellman_group_t group) -{ - int i; - - for (i = 0; i < countof(modulus_entries); i++) - { - if (modulus_entries[i].group == group) - { - return &modulus_entries[i]; - } - } - return NULL; -} - typedef struct private_gcrypt_dh_t private_gcrypt_dh_t; /** @@ -392,7 +89,7 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) err = gcry_mpi_scan(&this->yb, GCRYMPI_FMT_USG, value.ptr, value.len, NULL); if (err) { - DBG1("importing mpi yb failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "importing mpi yb failed: %s", gpg_strerror(err)); return; } @@ -413,7 +110,8 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) } else { - DBG1("public DH value verification failed: y < 2 || y > p - 1 "); + DBG1(DBG_LIB, "public DH value verification failed:" + " y < 2 || y > p - 1 "); } gcry_mpi_release(p_min_1); } @@ -485,14 +183,13 @@ static void destroy(private_gcrypt_dh_t *this) gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) { private_gcrypt_dh_t *this; - modulus_entry_t *entry; + diffie_hellman_params_t *params; gcry_error_t err; chunk_t random; rng_t *rng; - size_t len; - entry = find_entry(group); - if (!entry) + params = diffie_hellman_get_params(group); + if (!params) { return NULL; } @@ -506,53 +203,53 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; this->group = group; - this->p_len = entry->modulus.len; + this->p_len = params->prime.len; err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, - entry->modulus.ptr, entry->modulus.len, NULL); + params->prime.ptr, params->prime.len, NULL); if (err) { - DBG1("importing mpi modulus failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "importing mpi modulus failed: %s", gpg_strerror(err)); free(this); return NULL; } - if (lib->settings->get_int(lib->settings, - "libstrongswan.dh_exponent_ansi_x9_42", TRUE)) - { - len = this->p_len; - } - else + err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG, + params->generator.ptr, params->generator.len, NULL); + if (err) { - len = entry->opt_len; + DBG1(DBG_LIB, "importing mpi generator failed: %s", gpg_strerror(err)); + gcry_mpi_release(this->p); + free(this); + return NULL; } rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng) { /* prefer external randomizer */ - rng->allocate_bytes(rng, len, &random); + rng->allocate_bytes(rng, params->exp_len, &random); rng->destroy(rng); err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG, random.ptr, random.len, NULL); chunk_clear(&random); if (err) { - DBG1("importing mpi xa failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "importing mpi xa failed: %s", gpg_strerror(err)); gcry_mpi_release(this->p); + gcry_mpi_release(this->g); free(this); return NULL; } } else { /* fallback to gcrypt internal randomizer, shouldn't ever happen */ - this->xa = gcry_mpi_new(len * 8); - gcry_mpi_randomize(this->xa, len * 8, GCRY_STRONG_RANDOM); + this->xa = gcry_mpi_new(params->exp_len * 8); + gcry_mpi_randomize(this->xa, params->exp_len * 8, GCRY_STRONG_RANDOM); } - if (len == this->p_len) + if (params->exp_len == this->p_len) { /* achieve bitsof(p)-1 by setting MSB to 0 */ - gcry_mpi_clear_bit(this->xa, len * 8 - 1); + gcry_mpi_clear_bit(this->xa, params->exp_len * 8 - 1); } - this->g = gcry_mpi_set_ui(NULL, entry->g); this->ya = gcry_mpi_new(this->p_len * 8); this->yb = NULL; this->zz = NULL; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index d12fe11d5..39609c16c 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -137,7 +137,7 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) err = gcry_md_open(&this->hd, gcrypt_alg, 0); if (err) { - DBG1("grcy_md_open(%N) failed: %s", + DBG1(DBG_LIB, "grcy_md_open(%N) failed: %s", hash_algorithm_names, algo, gpg_strerror(err)); free(this); return NULL; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index 8c9ea893b..039036b2c 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -118,7 +118,7 @@ static void destroy(private_gcrypt_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *gcrypt_plugin_create() { private_gcrypt_plugin_t *this; @@ -126,7 +126,7 @@ plugin_t *plugin_create() if (!gcry_check_version(GCRYPT_VERSION)) { - DBG1("libgcrypt version mismatch"); + DBG1(DBG_LIB, "libgcrypt version mismatch"); return NULL; } @@ -190,6 +190,10 @@ plugin_t *plugin_create() /* diffie hellman groups, using modp */ lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, @@ -202,6 +206,8 @@ plugin_t *plugin_create() (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gcrypt_dh_create); diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h index f2247ed5c..05e5e7014 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h @@ -39,9 +39,4 @@ struct gcrypt_plugin_t { plugin_t plugin; }; -/** - * Create a gcrypt_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** GCRYPT_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index cd156961e..2cb13c5f3 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -130,14 +130,15 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this, chunk_free(&em); if (err) { - DBG1("building signature S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building signature S-expression failed: %s", + gpg_strerror(err)); return FALSE; } err = gcry_pk_sign(&out, in, this->key); gcry_sexp_release(in); if (err) { - DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", gpg_strerror(err)); return FALSE; } *signature = gcrypt_rsa_find_token(out, "s", this->key); @@ -176,14 +177,14 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, chunk_free(&hash); if (err) { - DBG1("building signature S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building signature S-expression failed: %s", gpg_strerror(err)); return FALSE; } err = gcry_pk_sign(&out, in, this->key); gcry_sexp_release(in); if (err) { - DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "creating pkcs1 signature failed: %s", gpg_strerror(err)); return FALSE; } *signature = gcrypt_rsa_find_token(out, "s", this->key); @@ -222,7 +223,7 @@ static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t sche case SIGN_RSA_EMSA_PKCS1_MD5: return sign_pkcs1(this, HASH_MD5, "md5", data, sig); default: - DBG1("signature scheme %N not supported in RSA", + DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); return FALSE; } @@ -243,14 +244,15 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this, encrypted.len, encrypted.ptr); if (err) { - DBG1("building decryption S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building decryption S-expression failed: %s", + gpg_strerror(err)); return FALSE; } err = gcry_pk_decrypt(&out, in, this->key); gcry_sexp_release(in); if (err) { - DBG1("decrypting pkcs1 data failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "decrypting pkcs1 data failed: %s", gpg_strerror(err)); return FALSE; } padded.ptr = (u_char*)gcry_sexp_nth_data(out, 1, &padded.len); @@ -269,7 +271,7 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this, gcry_sexp_release(out); if (!pos) { - DBG1("decrypted data has invalid pkcs1 padding"); + DBG1(DBG_LIB, "decrypted data has invalid pkcs1 padding"); return FALSE; } return TRUE; @@ -329,7 +331,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this, chunk_clear(&cp); chunk_clear(&cq); chunk_clear(&cd); - DBG1("scanning mpi for export failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "scanning mpi for export failed: %s", gpg_strerror(err)); return FALSE; } @@ -340,7 +342,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this, gcry_mpi_sub_ui(q, q, 1); exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key)); - gcry_mpi_mod(exp1, d, q); + gcry_mpi_mod(exp2, d, q); gcry_mpi_release(q); err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1) @@ -352,7 +354,7 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this, if (err) { - DBG1("printing mpi for export failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "printing mpi for export failed: %s", gpg_strerror(err)); chunk_clear(&cp); chunk_clear(&cq); chunk_clear(&cd); @@ -488,7 +490,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, err = gcry_sexp_build(¶m, NULL, "(genkey(rsa(nbits %d)))", key_size); if (err) { - DBG1("building S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building S-expression failed: %s", gpg_strerror(err)); return NULL; } this = gcrypt_rsa_private_key_create_empty(); @@ -497,7 +499,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, if (err) { free(this); - DBG1("generating RSA key failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "generating RSA key failed: %s", gpg_strerror(err)); return NULL; } return &this->public; @@ -557,14 +559,14 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, p.len, p.ptr, q.len, q.ptr, u.len, u.ptr); if (err) { - DBG1("loading private key failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "loading private key failed: %s", gpg_strerror(err)); free(this); return NULL; } err = gcry_pk_testkey(this->key); if (err) { - DBG1("private key sanity check failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "private key sanity check failed: %s", gpg_strerror(err)); destroy(this); return NULL; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index e083fac94..5fd15d9a3 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -83,14 +83,16 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, chunk_free(&em); if (err) { - DBG1("building data S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building data S-expression failed: %s", + gpg_strerror(err)); return FALSE; } err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))", signature.len, signature.ptr); if (err) { - DBG1("building signature S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building signature S-expression failed: %s", + gpg_strerror(err)); gcry_sexp_release(in); return FALSE; } @@ -99,7 +101,8 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, gcry_sexp_release(sig); if (err) { - DBG1("RSA signature verification failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "RSA signature verification failed: %s", + gpg_strerror(err)); return FALSE; } return TRUE; @@ -130,7 +133,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, chunk_free(&hash); if (err) { - DBG1("building data S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building data S-expression failed: %s", + gpg_strerror(err)); return FALSE; } @@ -138,7 +142,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, signature.len, signature.ptr); if (err) { - DBG1("building signature S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building signature S-expression failed: %s", + gpg_strerror(err)); gcry_sexp_release(in); return FALSE; } @@ -147,7 +152,8 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, gcry_sexp_release(sig); if (err) { - DBG1("RSA signature verification failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "RSA signature verification failed: %s", + gpg_strerror(err)); return FALSE; } return TRUE; @@ -184,7 +190,7 @@ static bool verify(private_gcrypt_rsa_public_key_t *this, case SIGN_RSA_EMSA_PKCS1_SHA512: return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature); default: - DBG1("signature scheme %N not supported in RSA", + DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); return FALSE; } @@ -205,14 +211,16 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, plain.len, plain.ptr); if (err) { - DBG1("building encryption S-expression failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "building encryption S-expression failed: %s", + gpg_strerror(err)); return FALSE; } err = gcry_pk_encrypt(&out, in, this->key); gcry_sexp_release(in); if (err) { - DBG1("encrypting data using pkcs1 failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "encrypting data using pkcs1 failed: %s", + gpg_strerror(err)); return FALSE; } *encrypted = gcrypt_rsa_find_token(out, "a", this->key); @@ -343,7 +351,7 @@ gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type, n.len, n.ptr, e.len, e.ptr); if (err) { - DBG1("loading public key failed: %s", gpg_strerror(err)); + DBG1(DBG_LIB, "loading public key failed: %s", gpg_strerror(err)); free(this); return NULL; } diff --git a/src/libstrongswan/plugins/gmp/Makefile.am b/src/libstrongswan/plugins/gmp/Makefile.am index 1ab358328..cc8ad34db 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.am +++ b/src/libstrongswan/plugins/gmp/Makefile.am @@ -3,13 +3,17 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-gmp.la +else plugin_LTLIBRARIES = libstrongswan-gmp.la +endif -libstrongswan_gmp_la_SOURCES = gmp_plugin.h gmp_plugin.c \ - gmp_diffie_hellman.c gmp_diffie_hellman.h \ - gmp_rsa_private_key.c gmp_rsa_private_key.h \ - gmp_rsa_public_key.c gmp_rsa_public_key.h +libstrongswan_gmp_la_SOURCES = \ + gmp_plugin.h gmp_plugin.c \ + gmp_diffie_hellman.c gmp_diffie_hellman.h \ + gmp_rsa_private_key.c gmp_rsa_private_key.h \ + gmp_rsa_public_key.c gmp_rsa_public_key.h libstrongswan_gmp_la_LDFLAGS = -module -avoid-version -libstrongswan_gmp_la_LIBADD = -lgmp - +libstrongswan_gmp_la_LIBADD = -lgmp diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 3077ea7e8..5c1a1fcd9 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_gmp_la_DEPENDENCIES = am_libstrongswan_gmp_la_OBJECTS = gmp_plugin.lo gmp_diffie_hellman.lo \ gmp_rsa_private_key.lo gmp_rsa_public_key.lo @@ -80,6 +80,8 @@ libstrongswan_gmp_la_OBJECTS = $(am_libstrongswan_gmp_la_OBJECTS) libstrongswan_gmp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_gmp_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_gmp_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_gmp_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,11 +257,13 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-gmp.la -libstrongswan_gmp_la_SOURCES = gmp_plugin.h gmp_plugin.c \ - gmp_diffie_hellman.c gmp_diffie_hellman.h \ - gmp_rsa_private_key.c gmp_rsa_private_key.h \ - gmp_rsa_public_key.c gmp_rsa_public_key.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gmp.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gmp.la +libstrongswan_gmp_la_SOURCES = \ + gmp_plugin.h gmp_plugin.c \ + gmp_diffie_hellman.c gmp_diffie_hellman.h \ + gmp_rsa_private_key.c gmp_rsa_private_key.h \ + gmp_rsa_public_key.c gmp_rsa_public_key.h libstrongswan_gmp_la_LDFLAGS = -module -avoid-version libstrongswan_gmp_la_LIBADD = -lgmp @@ -296,6 +301,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-gmp.la: $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_DEPENDENCIES) - $(libstrongswan_gmp_la_LINK) -rpath $(plugindir) $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_LIBADD) $(LIBS) + $(libstrongswan_gmp_la_LINK) $(am_libstrongswan_gmp_la_rpath) $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -484,8 +498,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -556,18 +570,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index ea7e6fdd2..4ee449890 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -1,6 +1,7 @@ /* * Copyright (C) 1998-2002 D. Hugh Redelmeier. * Copyright (C) 1999, 2000, 2001 Henry Spencer. + * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -22,309 +23,10 @@ #include <debug.h> - -/** - * Modulus of Group 1 (MODP_768_BIT). - */ -static u_int8_t group1_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 2 (MODP_1024_BIT). - */ -static u_int8_t group2_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 5 (MODP_1536_BIT). - */ -static u_int8_t group5_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; -/** - * Modulus of Group 14 (MODP_2048_BIT). - */ -static u_int8_t group14_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 15 (MODP_3072_BIT). - */ -static u_int8_t group15_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, - 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, - 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, - 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, - 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, - 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, - 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, - 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 16 (MODP_4096_BIT). - */ -static u_int8_t group16_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, - 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, - 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, - 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, - 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, - 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, - 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, - 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, - 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, - 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, - 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, - 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, - 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, - 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, - 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, - 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 17 (MODP_6144_BIT). - */ -static u_int8_t group17_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, - 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, - 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, - 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, - 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, - 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, - 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, - 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, - 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, - 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, - 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, - 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, - 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, - 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, - 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, - 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26, - 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, - 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE, - 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18, - 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, - 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42, - 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC, - 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, - 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E, - 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE, - 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, - 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0, - 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76, - 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, - 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, - 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, - 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF -}; - -/** - * Modulus of Group 18 (MODP_8192_BIT). - */ -static u_int8_t group18_modulus[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, - 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, - 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, - 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, - 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, - 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, - 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, - 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, - 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B, - 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, - 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, - 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33, - 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A, - 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7, - 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D, - 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64, - 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, - 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, - 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7, - 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C, - 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8, - 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6, - 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2, - 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, - 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, - 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, - 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26, - 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD, - 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE, - 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18, - 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B, - 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42, - 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC, - 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6, - 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E, - 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE, - 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA, - 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0, - 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76, - 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, - 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, - 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, - 0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4, - 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA, - 0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED, - 0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68, - 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D, - 0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07, - 0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B, - 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8, - 0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6, - 0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36, - 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D, - 0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73, - 0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92, - 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B, - 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA, - 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, - 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, -}; - -typedef struct modulus_entry_t modulus_entry_t; - -/** - * Entry of the modulus list. - */ -struct modulus_entry_t { - /** - * Group number as it is defined in file transform_substructure.h. - */ - diffie_hellman_group_t group; - - /** - * Pointer to first byte of modulus (network order). - */ - u_int8_t *modulus; - - /* - * Length of modulus in bytes. - */ - size_t modulus_len; - - /* - * Optimum length of exponent in bytes. - */ - size_t opt_exponent_len; - - /* - * Generator value. - */ - u_int16_t generator; -}; - -/** - * All supported modulus values - optimum exponent size according to RFC 3526. - */ -static modulus_entry_t modulus_entries[] = { - {MODP_768_BIT, group1_modulus, sizeof(group1_modulus), 32, 2}, - {MODP_1024_BIT, group2_modulus, sizeof(group2_modulus), 32, 2}, - {MODP_1536_BIT, group5_modulus, sizeof(group5_modulus), 32, 2}, - {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 48, 2}, - {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 48, 2}, - {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 64, 2}, - {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 64, 2}, - {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 64, 2}, -}; +#ifdef HAVE_MPZ_POWM_SEC +# undef mpz_powm +# define mpz_powm mpz_powm_sec +#endif typedef struct private_gmp_diffie_hellman_t private_gmp_diffie_hellman_t; @@ -378,11 +80,6 @@ struct private_gmp_diffie_hellman_t { size_t p_len; /** - * Optimal exponent length. - */ - size_t opt_exponent_len; - - /** * True if shared secret is computed and stored in my_public_value. */ bool computed; @@ -409,10 +106,20 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v #ifdef EXTENDED_DH_TEST /* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */ mpz_t q, one; + diffie_hellman_params_t *params; mpz_init(q); mpz_init(one); - mpz_fdiv_q_2exp(q, p_min_1, 1); + + params = diffie_hellman_get_params(this->group); + if (!params->subgroup.len) + { + mpz_fdiv_q_2exp(q, p_min_1, 1); + } + else + { + mpz_import(q, params->subgroup.len, 1, 1, 1, 0, params->subgroup.ptr); + } mpz_powm(one, this->yb, q, this->p); mpz_clear(q); if (mpz_cmp_ui(one, 1) == 0) @@ -422,7 +129,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v } else { - DBG1("public DH value verification failed: y ^ q mod p != 1"); + DBG1(DBG_LIB, "public DH value verification failed:" + " y ^ q mod p != 1"); } mpz_clear(one); #else @@ -432,7 +140,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v } else { - DBG1("public DH value verification failed: y < 2 || y > p - 1 "); + DBG1(DBG_LIB, "public DH value verification failed:" + " y < 2 || y > p - 1 "); } mpz_clear(p_min_1); } @@ -477,32 +186,6 @@ static diffie_hellman_group_t get_dh_group(private_gmp_diffie_hellman_t *this) } /** - * Lookup the modulus in modulo table - */ -static status_t set_modulus(private_gmp_diffie_hellman_t *this) -{ - int i; - status_t status = NOT_FOUND; - - for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++) - { - if (modulus_entries[i].group == this->group) - { - chunk_t chunk; - chunk.ptr = modulus_entries[i].modulus; - chunk.len = modulus_entries[i].modulus_len; - mpz_import(this->p, chunk.len, 1, 1, 1, 0, chunk.ptr); - this->p_len = chunk.len; - this->opt_exponent_len = modulus_entries[i].opt_exponent_len; - mpz_set_ui(this->g, modulus_entries[i].generator); - status = SUCCESS; - break; - } - } - return status; -} - -/** * Implementation of gmp_diffie_hellman_t.destroy. */ static void destroy(private_gmp_diffie_hellman_t *this) @@ -521,11 +204,18 @@ static void destroy(private_gmp_diffie_hellman_t *this) */ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) { - private_gmp_diffie_hellman_t *this = malloc_thing(private_gmp_diffie_hellman_t); + private_gmp_diffie_hellman_t *this; + diffie_hellman_params_t *params; rng_t *rng; chunk_t random; - bool ansi_x9_42; - size_t exponent_len; + + params = diffie_hellman_get_params(group); + if (!params) + { + return NULL; + } + + this = malloc_thing(private_gmp_diffie_hellman_t); /* public functions */ this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; @@ -544,35 +234,31 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) mpz_init(this->g); this->computed = FALSE; + this->p_len = params->prime.len; + mpz_import(this->p, params->prime.len, 1, 1, 1, 0, params->prime.ptr); + mpz_import(this->g, params->generator.len, 1, 1, 1, 0, params->generator.ptr); - /* find a modulus according to group */ - if (set_modulus(this) != SUCCESS) - { - destroy(this); - return NULL; - } rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) { - DBG1("no RNG found for quality %N", rng_quality_names, RNG_STRONG); + DBG1(DBG_LIB, "no RNG found for quality %N", rng_quality_names, + RNG_STRONG); destroy(this); return NULL; } - ansi_x9_42 = lib->settings->get_int(lib->settings, - "libstrongswan.dh_exponent_ansi_x9_42", TRUE); - exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len; - rng->allocate_bytes(rng, exponent_len, &random); + rng->allocate_bytes(rng, params->exp_len, &random); rng->destroy(rng); - if (ansi_x9_42) + if (params->exp_len == this->p_len) { /* achieve bitsof(p)-1 by setting MSB to 0 */ *random.ptr &= 0x7F; } mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr); chunk_free(&random); - DBG2("size of DH secret exponent: %u bits", mpz_sizeinbase(this->xa, 2)); + DBG2(DBG_LIB, "size of DH secret exponent: %u bits", + mpz_sizeinbase(this->xa, 2)); mpz_powm(this->ya, this->g, this->xa, this->p); diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index b70ff881c..fbce9732f 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -52,7 +52,7 @@ static void destroy(private_gmp_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *gmp_plugin_create() { private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t); @@ -60,6 +60,10 @@ plugin_t *plugin_create() lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, @@ -72,6 +76,8 @@ plugin_t *plugin_create() (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gmp_diffie_hellman_create); diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.h b/src/libstrongswan/plugins/gmp/gmp_plugin.h index 77d53965d..e4a87c8e2 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.h +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.h @@ -39,9 +39,4 @@ struct gmp_plugin_t { plugin_t plugin; }; -/** - * Create a gmp_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** GMP_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 1829bd459..f70b0b545 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -27,6 +27,11 @@ #include <asn1/asn1.h> #include <asn1/asn1_parser.h> +#ifdef HAVE_MPZ_POWM_SEC +# undef mpz_powm +# define mpz_powm mpz_powm_sec +#endif + /** * Public exponent to use for key generation. */ @@ -136,7 +141,8 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this, rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); if (!rng) { - DBG1("no RNG of quality %N found", rng_quality_names, RNG_TRUE); + DBG1(DBG_LIB, "no RNG of quality %N found", rng_quality_names, + RNG_TRUE); return FAILED; } @@ -144,8 +150,8 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this, do { rng->allocate_bytes(rng, prime_size, &random_bytes); - /* make sure most significant bit is set */ - random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80; + /* make sure the two most significant bits are set */ + random_bytes.ptr[0] = random_bytes.ptr[0] | 0xC0; mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); mpz_nextprime (*prime, *prime); @@ -243,7 +249,8 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, if (data.len > this->k - 3) { free(digestInfo.ptr); - DBG1("unable to sign %d bytes using a %dbit key", data.len, this->k * 8); + DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len, + this->k * 8); return FALSE; } @@ -304,7 +311,7 @@ static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature); default: - DBG1("signature scheme %N not supported in RSA", + DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); return FALSE; } @@ -327,7 +334,7 @@ static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto, /* check for hex pattern 00 02 in decrypted message */ if ((*stripped.ptr++ != 0x00) || (*(stripped.ptr++) != 0x02)) { - DBG1("incorrect padding - probably wrong rsa key"); + DBG1(DBG_LIB, "incorrect padding - probably wrong rsa key"); goto end; } stripped.len -= 2; @@ -337,7 +344,7 @@ static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto, if (stripped.len == 0) { - DBG1("no plaintext data"); + DBG1(DBG_LIB, "no plaintext data"); goto end; } @@ -494,14 +501,14 @@ static status_t check(private_gmp_rsa_private_key_t *this) */ if (this->k < 512 / BITS_PER_BYTE) { - DBG1("key shorter than 512 bits"); + DBG1(DBG_LIB, "key shorter than 512 bits"); return FAILED; } /* we picked a max modulus size to simplify buffer allocation */ if (this->k > 8192 / BITS_PER_BYTE) { - DBG1("key larger than 8192 bits"); + DBG1(DBG_LIB, "key larger than 8192 bits"); return FAILED; } @@ -575,7 +582,7 @@ static status_t check(private_gmp_rsa_private_key_t *this) mpz_clear_sensitive(q1); if (status != SUCCESS) { - DBG1("key integrity tests failed"); + DBG1(DBG_LIB, "key integrity tests failed"); } return status; } @@ -664,7 +671,7 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args) mpz_mul(n, p, q); /* n = p*q */ mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */ - mpz_init_set(m, p); /* m = p */ + mpz_init_set(m, p); /* m = p */ mpz_sub_ui(m, m, 1); /* m = m -1 */ mpz_init_set(q1, q); /* q1 = q */ mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 5fea69131..98dbb1922 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -28,6 +28,11 @@ #include <asn1/asn1_parser.h> #include <crypto/hashers/hasher.h> +#ifdef HAVE_MPZ_POWM_SEC +# undef mpz_powm +# define mpz_powm mpz_powm_sec +#endif + typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t; /** @@ -178,8 +183,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, { /* IKEv1 signatures without digestInfo */ if (em.len != data.len) { - DBG1("hash size in signature is %u bytes instead of %u bytes", - em.len, data.len); + DBG1(DBG_LIB, "hash size in signature is %u bytes instead of" + " %u bytes", em.len, data.len); goto end; } success = memeq(em.ptr, data.ptr, data.len); @@ -191,7 +196,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, int objectID; hash_algorithm_t hash_algorithm = HASH_UNKNOWN; - DBG2("signature verification:"); + DBG2(DBG_LIB, "signature verification:"); parser = asn1_parser_create(digestInfoObjects, em); while (parser->iterate(parser, &objectID, &object)) @@ -202,7 +207,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, { if (em.len > object.len) { - DBG1("digestInfo field in signature is followed by %u surplus bytes", + DBG1(DBG_LIB, "digestInfo field in signature is" + " followed by %u surplus bytes", em.len - object.len); goto end_parser; } @@ -216,8 +222,8 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, hash_algorithm = hasher_algorithm_from_oid(hash_oid); if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm) { - DBG1("expected hash algorithm %N, but found %N (OID: %#B)", - hash_algorithm_names, algorithm, + DBG1(DBG_LIB, "expected hash algorithm %N, but found" + " %N (OID: %#B)", hash_algorithm_names, algorithm, hash_algorithm_names, hash_algorithm, &object); goto end_parser; } @@ -231,15 +237,16 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); if (hasher == NULL) { - DBG1("hash algorithm %N not supported", + DBG1(DBG_LIB, "hash algorithm %N not supported", hash_algorithm_names, hash_algorithm); goto end_parser; } if (object.len != hasher->get_hash_size(hasher)) { - DBG1("hash size in signature is %u bytes instead of %u " - "bytes", object.len, hasher->get_hash_size(hasher)); + DBG1(DBG_LIB, "hash size in signature is %u bytes" + " instead of %u bytes", object.len, + hasher->get_hash_size(hasher)); hasher->destroy(hasher); goto end_parser; } @@ -297,7 +304,7 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme case SIGN_RSA_EMSA_PKCS1_SHA512: return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature); default: - DBG1("signature scheme %N not supported in RSA", + DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); return FALSE; } @@ -319,7 +326,7 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (rng == NULL) { - DBG1("no random generator available"); + DBG1(DBG_LIB, "no random generator available"); return FALSE; } @@ -327,13 +334,14 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, padding = this->k - plain.len - 3; if (padding < MIN_PS_PADDING) { - DBG1("pseudo-random padding must be at least %d octets", MIN_PS_PADDING); + DBG1(DBG_LIB, "pseudo-random padding must be at least %d octets", + MIN_PS_PADDING); return FALSE; } /* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */ - DBG2("padding %u bytes of data to the rsa modulus size of %u bytes", - plain.len, this->k); + DBG2(DBG_LIB, "padding %u bytes of data to the rsa modulus size of" + " %u bytes", plain.len, this->k); em.len = this->k; em.ptr = malloc(em.len); pos = em.ptr; @@ -359,11 +367,11 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, /* now add the data */ memcpy(pos, plain.ptr, plain.len); - DBG3("padded data before rsa encryption: %B", &em); + DBG3(DBG_LIB, "padded data before rsa encryption: %B", &em); /* rsa encryption using PKCS#1 RSAEP */ *crypto = rsaep(this, em); - DBG3("rsa encrypted data: %B", crypto); + DBG3(DBG_LIB, "rsa encrypted data: %B", crypto); chunk_clear(&em); return TRUE; } diff --git a/src/libstrongswan/plugins/hmac/Makefile.am b/src/libstrongswan/plugins/hmac/Makefile.am index 1856cad2d..77aa0ffd1 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.am +++ b/src/libstrongswan/plugins/hmac/Makefile.am @@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-hmac.la +else plugin_LTLIBRARIES = libstrongswan-hmac.la +endif -libstrongswan_hmac_la_SOURCES = hmac_plugin.h hmac_plugin.c hmac.h hmac.c \ +libstrongswan_hmac_la_SOURCES = \ + hmac_plugin.h hmac_plugin.c hmac.h hmac.c \ hmac_prf.h hmac_prf.c hmac_signer.h hmac_signer.c -libstrongswan_hmac_la_LDFLAGS = -module -avoid-version +libstrongswan_hmac_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 7dc8269a4..c965f7392 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_hmac_la_LIBADD = am_libstrongswan_hmac_la_OBJECTS = hmac_plugin.lo hmac.lo hmac_prf.lo \ hmac_signer.lo @@ -80,6 +80,8 @@ libstrongswan_hmac_la_OBJECTS = $(am_libstrongswan_hmac_la_OBJECTS) libstrongswan_hmac_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_hmac_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_hmac_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_hmac_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-hmac.la -libstrongswan_hmac_la_SOURCES = hmac_plugin.h hmac_plugin.c hmac.h hmac.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-hmac.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-hmac.la +libstrongswan_hmac_la_SOURCES = \ + hmac_plugin.h hmac_plugin.c hmac.h hmac.c \ hmac_prf.h hmac_prf.c hmac_signer.h hmac_signer.c libstrongswan_hmac_la_LDFLAGS = -module -avoid-version @@ -293,6 +298,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-hmac.la: $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_DEPENDENCIES) - $(libstrongswan_hmac_la_LINK) -rpath $(plugindir) $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_LIBADD) $(LIBS) + $(libstrongswan_hmac_la_LINK) $(am_libstrongswan_hmac_la_rpath) $(libstrongswan_hmac_la_OBJECTS) $(libstrongswan_hmac_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +495,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index 94332ee36..e6b9f7a74 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -47,7 +47,7 @@ static void destroy(private_hmac_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *hmac_plugin_create() { private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t); diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.h b/src/libstrongswan/plugins/hmac/hmac_plugin.h index 5c3afa7d6..03d1d1cf9 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.h +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.h @@ -39,9 +39,4 @@ struct hmac_plugin_t { plugin_t plugin; }; -/** - * Create a hmac_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** HMAC_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/ldap/Makefile.am b/src/libstrongswan/plugins/ldap/Makefile.am index 6ad073d97..2b2f7d31d 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.am +++ b/src/libstrongswan/plugins/ldap/Makefile.am @@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-ldap.la +else plugin_LTLIBRARIES = libstrongswan-ldap.la +endif + +libstrongswan_ldap_la_SOURCES = \ + ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c -libstrongswan_ldap_la_SOURCES = ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c libstrongswan_ldap_la_LDFLAGS = -module -avoid-version libstrongswan_ldap_la_LIBADD = -lldap -llber - diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index d9ebb0147..3b69f082f 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -72,13 +72,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_ldap_la_DEPENDENCIES = am_libstrongswan_ldap_la_OBJECTS = ldap_plugin.lo ldap_fetcher.lo libstrongswan_ldap_la_OBJECTS = $(am_libstrongswan_ldap_la_OBJECTS) libstrongswan_ldap_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_ldap_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_ldap_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_ldap_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-ldap.la -libstrongswan_ldap_la_SOURCES = ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ldap.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ldap.la +libstrongswan_ldap_la_SOURCES = \ + ldap_plugin.h ldap_plugin.c ldap_fetcher.h ldap_fetcher.c + libstrongswan_ldap_la_LDFLAGS = -module -avoid-version libstrongswan_ldap_la_LIBADD = -lldap -llber all: all-am @@ -291,6 +297,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -323,7 +338,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-ldap.la: $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_DEPENDENCIES) - $(libstrongswan_ldap_la_LINK) -rpath $(plugindir) $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_LIBADD) $(LIBS) + $(libstrongswan_ldap_la_LINK) $(am_libstrongswan_ldap_la_rpath) $(libstrongswan_ldap_la_OBJECTS) $(libstrongswan_ldap_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -477,8 +492,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -549,18 +564,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index ce5b7d56b..59e655cd5 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -73,27 +73,27 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) } else { - DBG1("LDAP response contains no values"); + DBG1(DBG_LIB, "LDAP response contains no values"); } ldap_value_free_len(values); } else { - DBG1("getting LDAP values failed: %s", + DBG1(DBG_LIB, "getting LDAP values failed: %s", ldap_err2string(ldap_result2error(ldap, entry, 0))); } ldap_memfree(attr); } else { - DBG1("finding LDAP attributes failed: %s", + DBG1(DBG_LIB, "finding LDAP attributes failed: %s", ldap_err2string(ldap_result2error(ldap, entry, 0))); } ber_free(ber, 0); } else { - DBG1("finding first LDAP entry failed: %s", + DBG1(DBG_LIB, "finding first LDAP entry failed: %s", ldap_err2string(ldap_result2error(ldap, entry, 0))); } return success; @@ -122,7 +122,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, ldap = ldap_init(lurl->lud_host, lurl->lud_port); if (ldap == NULL) { - DBG1("LDAP initialization failed: %s", strerror(errno)); + DBG1(DBG_LIB, "LDAP initialization failed: %s", strerror(errno)); ldap_free_urldesc(lurl); return FAILED; } @@ -133,7 +133,7 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &ldap_version); ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout); - DBG2("sending LDAP request to '%s'...", url); + DBG2(DBG_LIB, "sending LDAP request to '%s'...", url); res = ldap_simple_bind_s(ldap, NULL, NULL); if (res == LDAP_SUCCESS) @@ -152,12 +152,13 @@ static status_t fetch(private_ldap_fetcher_t *this, char *url, } else { - DBG1("LDAP search failed: %s", ldap_err2string(res)); + DBG1(DBG_LIB, "LDAP search failed: %s", ldap_err2string(res)); } } else { - DBG1("LDAP bind to '%s' failed: %s", url, ldap_err2string(res)); + DBG1(DBG_LIB, "LDAP bind to '%s' failed: %s", url, + ldap_err2string(res)); } ldap_unbind_s(ldap); ldap_free_urldesc(lurl); diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index a31308bbf..372ac9f93 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_ldap_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *ldap_plugin_create() { private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t); diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.h b/src/libstrongswan/plugins/ldap/ldap_plugin.h index de4ff3422..e4fcebaa3 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.h +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.h @@ -39,9 +39,4 @@ struct ldap_plugin_t { plugin_t plugin; }; -/** - * Create a ldap_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** LDAP_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/md4/Makefile.am b/src/libstrongswan/plugins/md4/Makefile.am index a47da2e8e..904af70c0 100644 --- a/src/libstrongswan/plugins/md4/Makefile.am +++ b/src/libstrongswan/plugins/md4/Makefile.am @@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-md4.la +else plugin_LTLIBRARIES = libstrongswan-md4.la +endif -libstrongswan_md4_la_SOURCES = md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h -libstrongswan_md4_la_LDFLAGS = -module -avoid-version +libstrongswan_md4_la_SOURCES = \ + md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h +libstrongswan_md4_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 6014ddcf8..cb3307bbc 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -72,13 +72,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_md4_la_LIBADD = am_libstrongswan_md4_la_OBJECTS = md4_plugin.lo md4_hasher.lo libstrongswan_md4_la_OBJECTS = $(am_libstrongswan_md4_la_OBJECTS) libstrongswan_md4_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_md4_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_md4_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_md4_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-md4.la -libstrongswan_md4_la_SOURCES = md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-md4.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-md4.la +libstrongswan_md4_la_SOURCES = \ + md4_plugin.h md4_plugin.c md4_hasher.c md4_hasher.h + libstrongswan_md4_la_LDFLAGS = -module -avoid-version all: all-am @@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-md4.la: $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_DEPENDENCIES) - $(libstrongswan_md4_la_LINK) -rpath $(plugindir) $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_LIBADD) $(LIBS) + $(libstrongswan_md4_la_LINK) $(am_libstrongswan_md4_la_rpath) $(libstrongswan_md4_la_OBJECTS) $(libstrongswan_md4_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -476,8 +491,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index ba4041d2d..38ae0d4bc 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_md4_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *md4_plugin_create() { private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t); diff --git a/src/libstrongswan/plugins/md4/md4_plugin.h b/src/libstrongswan/plugins/md4/md4_plugin.h index b13002d7b..9fde665e6 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.h +++ b/src/libstrongswan/plugins/md4/md4_plugin.h @@ -39,9 +39,4 @@ struct md4_plugin_t { plugin_t plugin; }; -/** - * Create a md4_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** MD4_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/md5/Makefile.am b/src/libstrongswan/plugins/md5/Makefile.am index ce0611c13..b2eb2abd2 100644 --- a/src/libstrongswan/plugins/md5/Makefile.am +++ b/src/libstrongswan/plugins/md5/Makefile.am @@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-md5.la +else plugin_LTLIBRARIES = libstrongswan-md5.la +endif -libstrongswan_md5_la_SOURCES = md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h -libstrongswan_md5_la_LDFLAGS = -module -avoid-version +libstrongswan_md5_la_SOURCES = \ + md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h +libstrongswan_md5_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index fcb921316..8948ddcc5 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -72,13 +72,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_md5_la_LIBADD = am_libstrongswan_md5_la_OBJECTS = md5_plugin.lo md5_hasher.lo libstrongswan_md5_la_OBJECTS = $(am_libstrongswan_md5_la_OBJECTS) libstrongswan_md5_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_md5_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_md5_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_md5_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-md5.la -libstrongswan_md5_la_SOURCES = md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-md5.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-md5.la +libstrongswan_md5_la_SOURCES = \ + md5_plugin.h md5_plugin.c md5_hasher.c md5_hasher.h + libstrongswan_md5_la_LDFLAGS = -module -avoid-version all: all-am @@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-md5.la: $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_DEPENDENCIES) - $(libstrongswan_md5_la_LINK) -rpath $(plugindir) $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_LIBADD) $(LIBS) + $(libstrongswan_md5_la_LINK) $(am_libstrongswan_md5_la_rpath) $(libstrongswan_md5_la_OBJECTS) $(libstrongswan_md5_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -476,8 +491,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index 7592c20df..cfbf6acea 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_md5_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *md5_plugin_create() { private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t); diff --git a/src/libstrongswan/plugins/md5/md5_plugin.h b/src/libstrongswan/plugins/md5/md5_plugin.h index 057689ad3..c4ca619dc 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.h +++ b/src/libstrongswan/plugins/md5/md5_plugin.h @@ -39,9 +39,4 @@ struct md5_plugin_t { plugin_t plugin; }; -/** - * Create a md5_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** MD5_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/mysql/Makefile.am b/src/libstrongswan/plugins/mysql/Makefile.am index c64481fd5..801a7a7be 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.am +++ b/src/libstrongswan/plugins/mysql/Makefile.am @@ -3,10 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic $(MYSQLCFLAG) +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-mysql.la +else plugin_LTLIBRARIES = libstrongswan-mysql.la +endif -libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c \ +libstrongswan_mysql_la_SOURCES = \ + mysql_plugin.h mysql_plugin.c \ mysql_database.h mysql_database.c + libstrongswan_mysql_la_LDFLAGS = -module -avoid-version -libstrongswan_mysql_la_LIBADD = $(MYSQLLIB) +libstrongswan_mysql_la_LIBADD = $(MYSQLLIB) diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index dc56940d2..1a97c620e 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) am__DEPENDENCIES_1 = libstrongswan_mysql_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_mysql_la_OBJECTS = mysql_plugin.lo mysql_database.lo @@ -80,6 +80,9 @@ libstrongswan_mysql_la_OBJECTS = $(am_libstrongswan_mysql_la_OBJECTS) libstrongswan_mysql_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_mysql_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_mysql_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_mysql_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,8 +258,10 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic $(MYSQLCFLAG) -plugin_LTLIBRARIES = libstrongswan-mysql.la -libstrongswan_mysql_la_SOURCES = mysql_plugin.h mysql_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-mysql.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-mysql.la +libstrongswan_mysql_la_SOURCES = \ + mysql_plugin.h mysql_plugin.c \ mysql_database.h mysql_database.c libstrongswan_mysql_la_LDFLAGS = -module -avoid-version @@ -294,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-mysql.la: $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_DEPENDENCIES) - $(libstrongswan_mysql_la_LINK) -rpath $(plugindir) $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_LIBADD) $(LIBS) + $(libstrongswan_mysql_la_LINK) $(am_libstrongswan_mysql_la_rpath) $(libstrongswan_mysql_la_OBJECTS) $(libstrongswan_mysql_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -480,8 +495,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -552,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 2338428f2..8005b9149 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -203,7 +203,7 @@ static conn_t *conn_get(private_mysql_database_t *this) this->password, this->database, this->port, NULL, 0)) { - DBG1("connecting to mysql://%s:***@%s:%d/%s failed: %s", + DBG1(DBG_LIB, "connecting to mysql://%s:***@%s:%d/%s failed: %s", this->username, this->host, this->port, this->database, mysql_error(found->mysql)); conn_destroy(found); @@ -213,7 +213,7 @@ static conn_t *conn_get(private_mysql_database_t *this) { this->mutex->lock(this->mutex); this->pool->insert_last(this->pool, found); - DBG2("increased MySQL connection pool size to %d", + DBG2(DBG_LIB, "increased MySQL connection pool size to %d", this->pool->get_count(this->pool)); this->mutex->unlock(this->mutex); } @@ -232,12 +232,14 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args) stmt = mysql_stmt_init(mysql); if (stmt == NULL) { - DBG1("creating MySQL statement failed: %s", mysql_error(mysql)); + DBG1(DBG_LIB, "creating MySQL statement failed: %s", + mysql_error(mysql)); return NULL; } if (mysql_stmt_prepare(stmt, sql, strlen(sql))) { - DBG1("preparing MySQL statement failed: %s", mysql_stmt_error(stmt)); + DBG1(DBG_LIB, "preparing MySQL statement failed: %s", + mysql_stmt_error(stmt)); mysql_stmt_close(stmt); return NULL; } @@ -303,21 +305,23 @@ static MYSQL_STMT* run(MYSQL *mysql, char *sql, va_list *args) break; } default: - DBG1("invalid data type supplied"); + DBG1(DBG_LIB, "invalid data type supplied"); mysql_stmt_close(stmt); return NULL; } } if (mysql_stmt_bind_param(stmt, bind)) { - DBG1("binding MySQL param failed: %s", mysql_stmt_error(stmt)); + DBG1(DBG_LIB, "binding MySQL param failed: %s", + mysql_stmt_error(stmt)); mysql_stmt_close(stmt); return NULL; } } if (mysql_stmt_execute(stmt)) { - DBG1("executing MySQL statement failed: %s", mysql_stmt_error(stmt)); + DBG1(DBG_LIB, "executing MySQL statement failed: %s", + mysql_stmt_error(stmt)); mysql_stmt_close(stmt); return NULL; } @@ -413,7 +417,8 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) case MYSQL_NO_DATA: return FALSE; default: - DBG1("fetching MySQL row failed: %s", mysql_stmt_error(this->stmt)); + DBG1(DBG_LIB, "fetching MySQL row failed: %s", + mysql_stmt_error(this->stmt)); return FALSE; } @@ -536,7 +541,7 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) break; } default: - DBG1("invalid result data type supplied"); + DBG1(DBG_LIB, "invalid result data type supplied"); mysql_enumerator_destroy(enumerator); va_end(args); return NULL; @@ -544,7 +549,8 @@ static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) } if (mysql_stmt_bind_result(stmt, enumerator->bind)) { - DBG1("binding MySQL result failed: %s", mysql_stmt_error(stmt)); + DBG1(DBG_LIB, "binding MySQL result failed: %s", + mysql_stmt_error(stmt)); mysql_enumerator_destroy(enumerator); enumerator = NULL; } @@ -653,7 +659,7 @@ static bool parse_uri(private_mysql_database_t *this, char *uri) } } } - DBG1("parsing MySQL database uri '%s' failed", uri); + DBG1(DBG_LIB, "parsing MySQL database uri '%s' failed", uri); return FALSE; } diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 0e64bbc3d..a13aa8091 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -46,13 +46,13 @@ static void destroy(private_mysql_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *mysql_plugin_create() { private_mysql_plugin_t *this; if (!mysql_database_init()) { - DBG1("MySQL client library initialization failed"); + DBG1(DBG_LIB, "MySQL client library initialization failed"); return NULL; } diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.h b/src/libstrongswan/plugins/mysql/mysql_plugin.h index fa53c2b7a..d1f21870c 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.h +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.h @@ -39,9 +39,4 @@ struct mysql_plugin_t { plugin_t plugin; }; -/** - * Create a mysql_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** MYSQL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am index 25cc5aa1d..a50799798 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.am +++ b/src/libstrongswan/plugins/openssl/Makefile.am @@ -3,12 +3,18 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-openssl.la +else plugin_LTLIBRARIES = libstrongswan-openssl.la +endif -libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \ +libstrongswan_openssl_la_SOURCES = \ + openssl_plugin.h openssl_plugin.c \ openssl_util.c openssl_util.h \ openssl_crypter.c openssl_crypter.h \ openssl_hasher.c openssl_hasher.h \ + openssl_sha1_prf.c openssl_sha1_prf.h \ openssl_diffie_hellman.c openssl_diffie_hellman.h \ openssl_rsa_private_key.c openssl_rsa_private_key.h \ openssl_rsa_public_key.c openssl_rsa_public_key.h \ diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index aa8ecf06c..a2a931d42 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -72,18 +72,22 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_openssl_la_DEPENDENCIES = am_libstrongswan_openssl_la_OBJECTS = openssl_plugin.lo \ openssl_util.lo openssl_crypter.lo openssl_hasher.lo \ - openssl_diffie_hellman.lo openssl_rsa_private_key.lo \ - openssl_rsa_public_key.lo openssl_ec_diffie_hellman.lo \ - openssl_ec_private_key.lo openssl_ec_public_key.lo + openssl_sha1_prf.lo openssl_diffie_hellman.lo \ + openssl_rsa_private_key.lo openssl_rsa_public_key.lo \ + openssl_ec_diffie_hellman.lo openssl_ec_private_key.lo \ + openssl_ec_public_key.lo libstrongswan_openssl_la_OBJECTS = \ $(am_libstrongswan_openssl_la_OBJECTS) libstrongswan_openssl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_openssl_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_openssl_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_openssl_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -222,6 +226,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -258,11 +263,14 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-openssl.la -libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-openssl.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-openssl.la +libstrongswan_openssl_la_SOURCES = \ + openssl_plugin.h openssl_plugin.c \ openssl_util.c openssl_util.h \ openssl_crypter.c openssl_crypter.h \ openssl_hasher.c openssl_hasher.h \ + openssl_sha1_prf.c openssl_sha1_prf.h \ openssl_diffie_hellman.c openssl_diffie_hellman.h \ openssl_rsa_private_key.c openssl_rsa_private_key.h \ openssl_rsa_public_key.c openssl_rsa_public_key.h \ @@ -306,6 +314,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -338,7 +355,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-openssl.la: $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_DEPENDENCIES) - $(libstrongswan_openssl_la_LINK) -rpath $(plugindir) $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_LIBADD) $(LIBS) + $(libstrongswan_openssl_la_LINK) $(am_libstrongswan_openssl_la_rpath) $(libstrongswan_openssl_la_OBJECTS) $(libstrongswan_openssl_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -355,6 +372,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_plugin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_rsa_private_key.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_rsa_public_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_sha1_prf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_util.Plo@am__quote@ .c.o: @@ -500,8 +518,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -572,18 +590,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index 80a1ee878..9a032c54f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2010 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -20,47 +20,6 @@ #include <debug.h> -typedef struct modulus_entry_t modulus_entry_t; - -/** - * Entry of the modulus list. - */ -struct modulus_entry_t { - /** - * Group number as it is defined in file transform_substructure.h. - */ - diffie_hellman_group_t group; - - /** - * Pointer to the function to get the modulus. - */ - BIGNUM *(*get_prime)(BIGNUM *bn); - - /* - * Optimum length of exponent in bits. - */ - long opt_exponent_len; - - /* - * Generator value. - */ - u_int16_t generator; -}; - -/** - * All supported modulus values - optimum exponent size according to RFC 3526. - */ -static modulus_entry_t modulus_entries[] = { - {MODP_768_BIT, get_rfc2409_prime_768, 256, 2}, - {MODP_1024_BIT, get_rfc2409_prime_1024, 256, 2}, - {MODP_1536_BIT, get_rfc3526_prime_1536, 256, 2}, - {MODP_2048_BIT, get_rfc3526_prime_2048, 384, 2}, - {MODP_3072_BIT, get_rfc3526_prime_3072, 384, 2}, - {MODP_4096_BIT, get_rfc3526_prime_4096, 512, 2}, - {MODP_6144_BIT, get_rfc3526_prime_6144, 512, 2}, - {MODP_8192_BIT, get_rfc3526_prime_8192, 512, 2}, -}; - typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t; /** @@ -125,7 +84,6 @@ static status_t get_shared_secret(private_openssl_diffie_hellman_t *this, memset(secret->ptr, 0, secret->len); memcpy(secret->ptr + secret->len - this->shared_secret.len, this->shared_secret.ptr, this->shared_secret.len); - return SUCCESS; } @@ -145,7 +103,7 @@ static void set_other_public_value(private_openssl_diffie_hellman_t *this, len = DH_compute_key(this->shared_secret.ptr, this->pub_key, this->dh); if (len < 0) { - DBG1("DH shared secret computation failed"); + DBG1(DBG_LIB, "DH shared secret computation failed"); return; } this->shared_secret.len = len; @@ -165,27 +123,18 @@ static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *thi */ static status_t set_modulus(private_openssl_diffie_hellman_t *this) { - int i; - bool ansi_x9_42; - - ansi_x9_42 = lib->settings->get_bool(lib->settings, - "libstrongswan.dh_exponent_ansi_x9_42", TRUE); - - for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++) + diffie_hellman_params_t *params = diffie_hellman_get_params(this->group); + if (!params) { - if (modulus_entries[i].group == this->group) - { - this->dh->p = modulus_entries[i].get_prime(NULL); - this->dh->g = BN_new(); - BN_set_word(this->dh->g, modulus_entries[i].generator); - if (!ansi_x9_42) - { - this->dh->length = modulus_entries[i].opt_exponent_len; - } - return SUCCESS; - } + return NOT_FOUND; } - return NOT_FOUND; + this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL); + this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL); + if (params->exp_len != params->prime.len) + { + this->dh->length = params->exp_len * 8; + } + return SUCCESS; } /** @@ -237,7 +186,8 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g destroy(this); return NULL; } - DBG2("size of DH secret exponent: %d bits", BN_num_bits(this->dh->priv_key)); + DBG2(DBG_LIB, "size of DH secret exponent: %d bits", + BN_num_bits(this->dh->priv_key)); return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 671fa41e2..faec411cd 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -212,14 +212,14 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch { if (!chunk2ecp(this->ec_group, value, this->pub_key)) { - DBG1("ECDH public value is malformed"); + DBG1(DBG_LIB, "ECDH public value is malformed"); return; } chunk_free(&this->shared_secret); if (!compute_shared_key(this, &this->shared_secret)) { - DBG1("ECDH shared secret computation failed"); + DBG1(DBG_LIB, "ECDH shared secret computation failed"); return; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index 89ced5a9a..bdcfda974 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -84,14 +84,14 @@ static bool build_curve_signature(private_openssl_ec_private_key_t *this, req_group = EC_GROUP_new_by_curve_name(nid_curve); if (!req_group) { - DBG1("signature scheme %N not supported in EC (required curve " + DBG1(DBG_LIB, "signature scheme %N not supported in EC (required curve " "not supported)", signature_scheme_names, scheme); return FALSE; } my_group = EC_KEY_get0_group(this->ec); if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) { - DBG1("signature scheme %N not supported by private key", + DBG1(DBG_LIB, "signature scheme %N not supported by private key", signature_scheme_names, scheme); return FALSE; } @@ -162,7 +162,7 @@ static bool sign(private_openssl_ec_private_key_t *this, return build_curve_signature(this, scheme, NID_sha512, NID_secp521r1, data, signature); default: - DBG1("signature scheme %N not supported", + DBG1(DBG_LIB, "signature scheme %N not supported", signature_scheme_names, scheme); return FALSE; } @@ -174,7 +174,7 @@ static bool sign(private_openssl_ec_private_key_t *this, static bool decrypt(private_openssl_ec_private_key_t *this, chunk_t crypto, chunk_t *plain) { - DBG1("EC private key decryption not implemented"); + DBG1(DBG_LIB, "EC private key decryption not implemented"); return FALSE; } @@ -233,11 +233,24 @@ static bool get_encoding(private_openssl_ec_private_key_t *this, switch (type) { case KEY_PRIV_ASN1_DER: + case KEY_PRIV_PEM: { + bool success = TRUE; + *encoding = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL)); p = encoding->ptr; i2d_ECPrivateKey(this->ec, &p); - return TRUE; + + if (type == KEY_PRIV_PEM) + { + chunk_t asn1_encoding = *encoding; + + success = lib->encoding->encode(lib->encoding, KEY_PRIV_PEM, + NULL, encoding, KEY_PART_ECDSA_PRIV_ASN1_DER, + asn1_encoding, KEY_PART_END); + chunk_clear(&asn1_encoding); + } + return success; } default: return FALSE; @@ -335,13 +348,13 @@ openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, this->ec = EC_KEY_new_by_curve_name(NID_secp521r1); break; default: - DBG1("EC private key size %d not supported", key_size); + DBG1(DBG_LIB, "EC private key size %d not supported", key_size); destroy(this); return NULL; } if (EC_KEY_generate_key(this->ec) != 1) { - DBG1("EC private key generation failed", key_size); + DBG1(DBG_LIB, "EC private key generation failed", key_size); destroy(this); return NULL; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index f37c736b1..790a8487d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -82,14 +82,14 @@ static bool verify_curve_signature(private_openssl_ec_public_key_t *this, req_group = EC_GROUP_new_by_curve_name(nid_curve); if (!req_group) { - DBG1("signature scheme %N not supported in EC (required curve " + DBG1(DBG_LIB, "signature scheme %N not supported in EC (required curve " "not supported)", signature_scheme_names, scheme); return FALSE; } my_group = EC_KEY_get0_group(this->ec); if (EC_GROUP_cmp(my_group, req_group, NULL) != 0) { - DBG1("signature scheme %N not supported by private key", + DBG1(DBG_LIB, "signature scheme %N not supported by private key", signature_scheme_names, scheme); return FALSE; } @@ -162,7 +162,7 @@ static bool verify(private_openssl_ec_public_key_t *this, return verify_curve_signature(this, scheme, NID_sha512, NID_secp521r1, data, signature); default: - DBG1("signature scheme %N not supported in EC", + DBG1(DBG_LIB, "signature scheme %N not supported in EC", signature_scheme_names, scheme); return FALSE; } @@ -174,7 +174,7 @@ static bool verify(private_openssl_ec_public_key_t *this, static bool encrypt_(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain) { - DBG1("EC public key encryption not implemented"); + DBG1(DBG_LIB, "EC public key encryption not implemented"); return FALSE; } @@ -217,7 +217,7 @@ bool openssl_ec_fingerprint(EC_KEY *ec, key_encoding_type_t type, chunk_t *fp) hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) { - DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed"); free(key.ptr); return FALSE; } @@ -248,11 +248,24 @@ static bool get_encoding(private_openssl_ec_public_key_t *this, switch (type) { case KEY_PUB_SPKI_ASN1_DER: + case KEY_PUB_PEM: { + bool success = TRUE; + *encoding = chunk_alloc(i2d_EC_PUBKEY(this->ec, NULL)); p = encoding->ptr; i2d_EC_PUBKEY(this->ec, &p); - return TRUE; + + if (type == KEY_PUB_PEM) + { + chunk_t asn1_encoding = *encoding; + + success = lib->encoding->encode(lib->encoding, KEY_PUB_PEM, + NULL, encoding, KEY_PART_ECDSA_PUB_ASN1_DER, + asn1_encoding, KEY_PART_END); + chunk_clear(&asn1_encoding); + } + return success; } default: return FALSE; diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 548a76bb4..c1545ffb8 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -27,6 +27,7 @@ #include "openssl_util.h" #include "openssl_crypter.h" #include "openssl_hasher.h" +#include "openssl_sha1_prf.h" #include "openssl_diffie_hellman.h" #include "openssl_ec_diffie_hellman.h" #include "openssl_rsa_private_key.h" @@ -170,6 +171,8 @@ static void destroy(private_openssl_plugin_t *this) (crypter_constructor_t)openssl_crypter_create); lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)openssl_hasher_create); + lib->crypto->remove_prf(lib->crypto, + (prf_constructor_t)openssl_sha1_prf_create); lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->remove_dh(lib->crypto, @@ -201,7 +204,7 @@ static void destroy(private_openssl_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *openssl_plugin_create() { private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t); @@ -256,9 +259,17 @@ plugin_t *plugin_create() lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)openssl_hasher_create); + /* prf */ + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, + (prf_constructor_t)openssl_sha1_prf_create); + /* (ec) diffie hellman */ lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, ECP_256_BIT, @@ -281,6 +292,8 @@ plugin_t *plugin_create() (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)openssl_diffie_hellman_create); diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h index 9f422c9d0..0762c37b9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.h +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h @@ -39,9 +39,4 @@ struct openssl_plugin_t { plugin_t plugin; }; -/** - * Create a openssl_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** OPENSSL_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 078f889a6..de751fe89 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -160,7 +160,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, NID_md5, data, signature); default: - DBG1("signature scheme %N not supported in RSA", + DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); return FALSE; } @@ -172,7 +172,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch static bool decrypt(private_openssl_rsa_private_key_t *this, chunk_t crypto, chunk_t *plain) { - DBG1("RSA private key decryption not implemented"); + DBG1(DBG_LIB, "RSA private key decryption not implemented"); return FALSE; } @@ -226,11 +226,24 @@ static bool get_encoding(private_openssl_rsa_private_key_t *this, switch (type) { case KEY_PRIV_ASN1_DER: + case KEY_PRIV_PEM: { + bool success = TRUE; + *encoding = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL)); p = encoding->ptr; i2d_RSAPrivateKey(this->rsa, &p); - return TRUE; + + if (type == KEY_PRIV_PEM) + { + chunk_t asn1_encoding = *encoding; + + success = lib->encoding->encode(lib->encoding, KEY_PRIV_PEM, + NULL, encoding, KEY_PART_RSA_PRIV_ASN1_DER, + asn1_encoding, KEY_PART_END); + chunk_clear(&asn1_encoding); + } + return success; } default: return FALSE; @@ -296,6 +309,8 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, { private_openssl_rsa_private_key_t *this; u_int key_size = 0; + RSA *rsa = NULL; + BIGNUM *e = NULL; while (TRUE) { @@ -315,10 +330,31 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, { return NULL; } + e = BN_new(); + if (!e || !BN_set_word(e, PUBLIC_EXPONENT)) + { + goto error; + } + rsa = RSA_new(); + if (!rsa || !RSA_generate_key_ex(rsa, key_size, e, NULL)) + { + goto error; + } this = create_empty(); - this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL); - + this->rsa = rsa; + BN_free(e); return &this->public; + +error: + if (e) + { + BN_free(e); + } + if (rsa) + { + RSA_free(rsa); + } + return NULL; } /** @@ -440,22 +476,22 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, } engine_id = lib->settings->get_str(lib->settings, - "library.plugins.openssl.engine_id", "pkcs11"); + "libstrongswan.plugins.openssl.engine_id", "pkcs11"); engine = ENGINE_by_id(engine_id); if (!engine) { - DBG1("engine '%s' is not available", engine_id); + DBG1(DBG_LIB, "engine '%s' is not available", engine_id); return NULL; } if (!ENGINE_init(engine)) { - DBG1("failed to initialize engine '%s'", engine_id); + DBG1(DBG_LIB, "failed to initialize engine '%s'", engine_id); ENGINE_free(engine); return NULL; } if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0)) { - DBG1("failed to set PIN on engine '%s'", engine_id); + DBG1(DBG_LIB, "failed to set PIN on engine '%s'", engine_id); ENGINE_free(engine); return NULL; } @@ -463,8 +499,8 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, key = ENGINE_load_private_key(engine, keyid, NULL, NULL); if (!key) { - DBG1("failed to load private key with ID '%s' from engine '%s'", - keyid, engine_id); + DBG1(DBG_LIB, "failed to load private key with ID '%s' from " + "engine '%s'", keyid, engine_id); ENGINE_free(engine); return NULL; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index 422262b19..ffa575a97 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -145,7 +145,7 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc case SIGN_RSA_EMSA_PKCS1_MD5: return verify_emsa_pkcs1_signature(this, NID_md5, data, signature); default: - DBG1("signature scheme %N not supported in RSA", + DBG1(DBG_LIB, "signature scheme %N not supported in RSA", signature_scheme_names, scheme); return FALSE; } @@ -157,7 +157,7 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc static bool encrypt_(private_openssl_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain) { - DBG1("RSA public key encryption not implemented"); + DBG1(DBG_LIB, "RSA public key encryption not implemented"); return FALSE; } @@ -200,7 +200,7 @@ bool openssl_rsa_fingerprint(RSA *rsa, key_encoding_type_t type, chunk_t *fp) hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) { - DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed"); free(key.ptr); return FALSE; } @@ -231,11 +231,24 @@ static bool get_encoding(private_openssl_rsa_public_key_t *this, switch (type) { case KEY_PUB_SPKI_ASN1_DER: + case KEY_PUB_PEM: { + bool success = TRUE; + *encoding = chunk_alloc(i2d_RSA_PUBKEY(this->rsa, NULL)); p = encoding->ptr; i2d_RSA_PUBKEY(this->rsa, &p); - return TRUE; + + if (type == KEY_PUB_PEM) + { + chunk_t asn1_encoding = *encoding; + + success = lib->encoding->encode(lib->encoding, KEY_PUB_PEM, + NULL, encoding, KEY_PART_RSA_PUB_ASN1_DER, + asn1_encoding, KEY_PART_END); + chunk_clear(&asn1_encoding); + } + return success; } case KEY_PUB_ASN1_DER: { diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c new file mode 100644 index 000000000..b65388010 --- /dev/null +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c @@ -0,0 +1,139 @@ +/* + * Copyright (C) 2010 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "openssl_sha1_prf.h" + +#include <openssl/sha.h> + +typedef struct private_openssl_sha1_prf_t private_openssl_sha1_prf_t; + +/** + * Private data of an openssl_sha1_prf_t object. + */ +struct private_openssl_sha1_prf_t { + + /** + * Public openssl_sha1_prf_t interface. + */ + openssl_sha1_prf_t public; + + /** + * SHA1 context + */ + SHA_CTX ctx; +}; + +METHOD(prf_t, get_bytes, void, + private_openssl_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes) +{ + SHA1_Update(&this->ctx, seed.ptr, seed.len); + + if (bytes) + { + u_int32_t *hash = (u_int32_t*)bytes; + + hash[0] = htonl(this->ctx.h0); + hash[1] = htonl(this->ctx.h1); + hash[2] = htonl(this->ctx.h2); + hash[3] = htonl(this->ctx.h3); + hash[4] = htonl(this->ctx.h4); + } +} + +METHOD(prf_t, get_block_size, size_t, + private_openssl_sha1_prf_t *this) +{ + return HASH_SIZE_SHA1; +} + +METHOD(prf_t, allocate_bytes, void, + private_openssl_sha1_prf_t *this, chunk_t seed, chunk_t *chunk) +{ + if (chunk) + { + *chunk = chunk_alloc(HASH_SIZE_SHA1); + get_bytes(this, seed, chunk->ptr); + } + else + { + get_bytes(this, seed, NULL); + } +} + +METHOD(prf_t, get_key_size, size_t, + private_openssl_sha1_prf_t *this) +{ + return HASH_SIZE_SHA1; +} + +METHOD(prf_t, set_key, void, + private_openssl_sha1_prf_t *this, chunk_t key) +{ + SHA1_Init(&this->ctx); + + if (key.len >= 4) + { + this->ctx.h0 ^= untoh32(key.ptr); + } + if (key.len >= 8) + { + this->ctx.h1 ^= untoh32(key.ptr + 4); + } + if (key.len >= 12) + { + this->ctx.h2 ^= untoh32(key.ptr + 8); + } + if (key.len >= 16) + { + this->ctx.h3 ^= untoh32(key.ptr + 12); + } + if (key.len >= 20) + { + this->ctx.h4 ^= untoh32(key.ptr + 16); + } +} + +METHOD(prf_t, destroy, void, + private_openssl_sha1_prf_t *this) +{ + free(this); +} + +/** + * See header + */ +openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo) +{ + private_openssl_sha1_prf_t *this; + + if (algo != PRF_KEYED_SHA1) + { + return NULL; + } + + INIT(this, + .public.prf = { + .get_block_size = _get_block_size, + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + ); + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h new file mode 100644 index 000000000..9a24e7ee1 --- /dev/null +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2010 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup openssl_sha1_prf openssl_sha1_prf + * @{ @ingroup sha1_p + */ + +#ifndef OPENSSL_SHA1_PRF_H_ +#define OPENSSL_SHA1_PRF_H_ + +typedef struct openssl_sha1_prf_t openssl_sha1_prf_t; + +#include <crypto/prfs/prf.h> + +/** + * Implementation of prf_t interface using keyed SHA1 algorithm as used + * in EAP-AKA/FIPS_PRF. + */ +struct openssl_sha1_prf_t { + + /** + * Implements prf_t interface. + */ + prf_t prf; +}; + +/** + * Creates a new openssl_sha1_prf_t. + * + * @param algo algorithm, must be PRF_KEYED_SHA1 + * @return sha1_keyed_prf_tobject + */ +openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo); + +#endif /** OPENSSL_SHA1_PRF_H_ @}*/ diff --git a/src/libstrongswan/plugins/padlock/Makefile.am b/src/libstrongswan/plugins/padlock/Makefile.am index b2b1f9d85..6706d26cb 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.am +++ b/src/libstrongswan/plugins/padlock/Makefile.am @@ -3,11 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-padlock.la +else plugin_LTLIBRARIES = libstrongswan-padlock.la +endif -libstrongswan_padlock_la_SOURCES = padlock_plugin.h padlock_plugin.c \ +libstrongswan_padlock_la_SOURCES = \ + padlock_plugin.h padlock_plugin.c \ padlock_aes_crypter.c padlock_aes_crypter.h \ padlock_sha1_hasher.c padlock_sha1_hasher.h \ padlock_rng.c padlock_rng.h -libstrongswan_padlock_la_LDFLAGS = -module -avoid-version +libstrongswan_padlock_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 59ea98799..84c2ef2fb 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_padlock_la_LIBADD = am_libstrongswan_padlock_la_OBJECTS = padlock_plugin.lo \ padlock_aes_crypter.lo padlock_sha1_hasher.lo padlock_rng.lo @@ -81,6 +81,9 @@ libstrongswan_padlock_la_OBJECTS = \ libstrongswan_padlock_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_padlock_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_padlock_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_padlock_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,8 +259,10 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-padlock.la -libstrongswan_padlock_la_SOURCES = padlock_plugin.h padlock_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-padlock.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-padlock.la +libstrongswan_padlock_la_SOURCES = \ + padlock_plugin.h padlock_plugin.c \ padlock_aes_crypter.c padlock_aes_crypter.h \ padlock_sha1_hasher.c padlock_sha1_hasher.h \ padlock_rng.c padlock_rng.h @@ -296,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-padlock.la: $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_DEPENDENCIES) - $(libstrongswan_padlock_la_LINK) -rpath $(plugindir) $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_LIBADD) $(LIBS) + $(libstrongswan_padlock_la_LINK) $(am_libstrongswan_padlock_la_rpath) $(libstrongswan_padlock_la_OBJECTS) $(libstrongswan_padlock_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -484,8 +499,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -556,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index 32b18ec4b..c9606ae15 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -97,7 +97,7 @@ static padlock_feature_t get_padlock_features() return d; } } - DBG1("Padlock not found, CPU is %s", vendor); + DBG1(DBG_LIB, "Padlock not found, CPU is %s", vendor); return 0; } @@ -131,7 +131,7 @@ static void destroy(private_padlock_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *padlock_plugin_create() { private_padlock_plugin_t *this = malloc_thing(private_padlock_plugin_t); @@ -143,7 +143,7 @@ plugin_t *plugin_create() free(this); return NULL; } - DBG1("Padlock found, supports:%s%s%s%s%s, enabled:%s%s%s%s%s", + DBG1(DBG_LIB, "Padlock found, supports:%s%s%s%s%s, enabled:%s%s%s%s%s", this->features & PADLOCK_RNG_AVAILABLE ? " RNG" : "", this->features & PADLOCK_ACE_AVAILABLE ? " ACE" : "", this->features & PADLOCK_ACE2_AVAILABLE ? " ACE2" : "", diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.h b/src/libstrongswan/plugins/padlock/padlock_plugin.h index 76f4d1135..d99d4db0f 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.h +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.h @@ -39,9 +39,4 @@ struct padlock_plugin_t { plugin_t plugin; }; -/** - * Create a padlock_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** PADLOCK_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pem/Makefile.am b/src/libstrongswan/plugins/pem/Makefile.am index 98f356aaf..b815b1e0b 100644 --- a/src/libstrongswan/plugins/pem/Makefile.am +++ b/src/libstrongswan/plugins/pem/Makefile.am @@ -3,10 +3,15 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-pem.la +else plugin_LTLIBRARIES = libstrongswan-pem.la +endif -libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \ - pem_builder.c pem_builder.h +libstrongswan_pem_la_SOURCES = \ + pem_plugin.h pem_plugin.c \ + pem_builder.c pem_builder.h \ + pem_encoder.c pem_encoder.h libstrongswan_pem_la_LDFLAGS = -module -avoid-version - diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index e81b4f78f..4e39c8f7b 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -72,13 +72,16 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_pem_la_LIBADD = -am_libstrongswan_pem_la_OBJECTS = pem_plugin.lo pem_builder.lo +am_libstrongswan_pem_la_OBJECTS = pem_plugin.lo pem_builder.lo \ + pem_encoder.lo libstrongswan_pem_la_OBJECTS = $(am_libstrongswan_pem_la_OBJECTS) libstrongswan_pem_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_pem_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_pem_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_pem_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,9 +257,12 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-pem.la -libstrongswan_pem_la_SOURCES = pem_plugin.h pem_plugin.c \ - pem_builder.c pem_builder.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pem.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pem.la +libstrongswan_pem_la_SOURCES = \ + pem_plugin.h pem_plugin.c \ + pem_builder.c pem_builder.h \ + pem_encoder.c pem_encoder.h libstrongswan_pem_la_LDFLAGS = -module -avoid-version all: all-am @@ -292,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -324,7 +340,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-pem.la: $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_DEPENDENCIES) - $(libstrongswan_pem_la_LINK) -rpath $(plugindir) $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_LIBADD) $(LIBS) + $(libstrongswan_pem_la_LINK) $(am_libstrongswan_pem_la_rpath) $(libstrongswan_pem_la_OBJECTS) $(libstrongswan_pem_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -333,6 +349,7 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_encoder.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem_plugin.Plo@am__quote@ .c.o: @@ -478,8 +495,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -550,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index 2f285e9bc..65be9501b 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -73,7 +73,7 @@ static bool find_boundary(char* tag, chunk_t *line) { if (present("-----", line)) { - DBG2(" -----%s %.*s-----", tag, (int)name.len, name.ptr); + DBG2(DBG_LIB, " -----%s %.*s-----", tag, (int)name.len, name.ptr); return TRUE; } line->ptr++; line->len--; name.len++; @@ -99,7 +99,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); if (hasher == NULL) { - DBG1(" MD5 hash algorithm not available"); + DBG1(DBG_LIB, " MD5 hash algorithm not available"); return NOT_SUPPORTED; } hash.len = hasher->get_hash_size(hasher); @@ -121,7 +121,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size); if (crypter == NULL) { - DBG1(" %N encryption algorithm not available", + DBG1(DBG_LIB, " %N encryption algorithm not available", encryption_algorithm_names, alg); return NOT_SUPPORTED; } @@ -131,7 +131,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, blob->len % iv.len) { crypter->destroy(crypter); - DBG1(" data size is not multiple of block size"); + DBG1(DBG_LIB, " data size is not multiple of block size"); return PARSE_ERROR; } crypter->decrypt(crypter, *blob, iv, &decrypted); @@ -155,7 +155,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, { if (*last_padding_pos != padding) { - DBG1(" invalid passphrase"); + DBG1(DBG_LIB, " invalid passphrase"); return INVALID_ARG; } } @@ -234,7 +234,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data } /* we are looking for a parameter: value pair */ - DBG2(" %.*s", (int)line.len, line.ptr); + DBG2(DBG_LIB, " %.*s", (int)line.len, line.ptr); ugh = extract_parameter_value(&name, &value, &line); if (ugh != NULL) { @@ -274,8 +274,8 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data } else { - DBG1(" encryption algorithm '%.*s' not supported", - dek.len, dek.ptr); + DBG1(DBG_LIB, " encryption algorithm '%.*s'" + " not supported", dek.len, dek.ptr); return NOT_SUPPORTED; } eat_whitespace(&value); @@ -298,7 +298,8 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data *pgp = TRUE; data.ptr++; data.len--; - DBG2(" armor checksum: %.*s", (int)data.len, data.ptr); + DBG2(DBG_LIB, " armor checksum: %.*s", (int)data.len, + data.ptr); continue; } @@ -318,7 +319,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data if (state != PEM_POST) { - DBG1(" file coded in unknown format, discarded"); + DBG1(DBG_LIB, " file coded in unknown format, discarded"); return PARSE_ERROR; } if (!encrypted) @@ -327,7 +328,7 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data } if (!cb) { - DBG1(" missing passphrase"); + DBG1(DBG_LIB, " missing passphrase"); return INVALID_ARG; } while (TRUE) @@ -404,13 +405,14 @@ static void *load_from_file(char *file, credential_type_t type, int subtype, fd = open(file, O_RDONLY); if (fd == -1) { - DBG1(" opening '%s' failed: %s", file, strerror(errno)); + DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno)); return NULL; } if (fstat(fd, &sb) == -1) { - DBG1(" getting file size of '%s' failed: %s", file, strerror(errno)); + DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file, + strerror(errno)); close(fd); return NULL; } @@ -418,7 +420,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype, addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (addr == MAP_FAILED) { - DBG1(" mapping '%s' failed: %s", file, strerror(errno)); + DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno)); close(fd); return NULL; } @@ -447,7 +449,8 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype, len = read(fd, pos, buf + sizeof(buf) - pos); if (len < 0) { - DBG1("reading from file descriptor failed: %s", strerror(errno)); + DBG1(DBG_LIB, "reading from file descriptor failed: %s", + strerror(errno)); return NULL; } if (len == 0) @@ -457,7 +460,7 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype, total += len; if (total == sizeof(buf)) { - DBG1("buffer too small to read from file descriptor"); + DBG1(DBG_LIB, "buffer too small to read from file descriptor"); return NULL; } } diff --git a/src/libstrongswan/plugins/pem/pem_builder.h b/src/libstrongswan/plugins/pem/pem_builder.h index 189a5430f..87f5a2c69 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.h +++ b/src/libstrongswan/plugins/pem/pem_builder.h @@ -18,8 +18,8 @@ * @{ @ingroup pem_p */ -#ifndef PEM_PRIVATE_KEY_H_ -#define PEM_PRIVATE_KEY_H_ +#ifndef PEM_BUILDER_H_ +#define PEM_BUILDER_H_ #include <credentials/builder.h> #include <credentials/credential_factory.h> @@ -53,5 +53,5 @@ public_key_t *pem_public_key_load(key_type_t type, va_list args); */ certificate_t *pem_certificate_load(certificate_type_t type, va_list args); -#endif /** PEM_PRIVATE_KEY_H_ @}*/ +#endif /** PEM_BUILDER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c new file mode 100644 index 000000000..13c99a958 --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_encoder.c @@ -0,0 +1,138 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pem_encoder.h" + +#define BYTES_PER_LINE 48 + +/** + * See header. + */ +bool pem_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args) +{ + chunk_t asn1; + char *label; + u_char *pos; + size_t len, written, pem_chars, pem_lines; + chunk_t n, e, d, p, q, exp1, exp2, coeff, to_free = chunk_empty; + + switch (type) + { + case KEY_PUB_PEM: + label ="PUBLIC KEY"; + /* direct PKCS#1 PEM encoding */ + if (key_encoding_args(args, KEY_PART_RSA_PUB_ASN1_DER, + &asn1, KEY_PART_END) || + key_encoding_args(args, KEY_PART_ECDSA_PUB_ASN1_DER, + &asn1, KEY_PART_END)) + { + break; + } + /* indirect PEM encoding from components */ + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_END)) + { + if (lib->encoding->encode(lib->encoding, KEY_PUB_SPKI_ASN1_DER, + NULL, &asn1, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_END)) + { + to_free = asn1; + break; + } + } + return FALSE; + case KEY_PRIV_PEM: + label ="RSA PRIVATE KEY"; + /* direct PKCS#1 PEM encoding */ + if (key_encoding_args(args, KEY_PART_RSA_PRIV_ASN1_DER, + &asn1, KEY_PART_END)) + { + break; + } + /* indirect PEM encoding from components */ + if (key_encoding_args(args, KEY_PART_RSA_MODULUS, &n, + KEY_PART_RSA_PUB_EXP, &e, KEY_PART_RSA_PRIV_EXP, &d, + KEY_PART_RSA_PRIME1, &p, KEY_PART_RSA_PRIME2, &q, + KEY_PART_RSA_EXP1, &exp1, KEY_PART_RSA_EXP2, &exp2, + KEY_PART_RSA_COEFF, &coeff, KEY_PART_END)) + { + if (lib->encoding->encode(lib->encoding, KEY_PRIV_ASN1_DER, NULL, + &asn1, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_RSA_PRIV_EXP, d, + KEY_PART_RSA_PRIME1, p, KEY_PART_RSA_PRIME2, q, + KEY_PART_RSA_EXP1, exp1, KEY_PART_RSA_EXP2, exp2, + KEY_PART_RSA_COEFF, coeff, KEY_PART_END)) + { + to_free = asn1; + break; + } + } + if (key_encoding_args(args, KEY_PART_ECDSA_PRIV_ASN1_DER, + &asn1, KEY_PART_END)) + { + label ="EC PRIVATE KEY"; + break; + } + return FALSE; + default: + return FALSE; + } + + /* compute and allocate maximum size of PEM object */ + pem_chars = 4*(asn1.len + 2)/3; + pem_lines = (asn1.len + BYTES_PER_LINE - 1) / BYTES_PER_LINE; + *encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + pem_lines); + pos = encoding->ptr; + len = encoding->len; + + /* write PEM header */ + written = snprintf(pos, len, "-----BEGIN %s-----\n", label); + pos += written; + len -= written; + + /* write PEM body */ + while (pem_lines--) + { + chunk_t asn1_line, pem_line; + + asn1_line = chunk_create(asn1.ptr, min(asn1.len, BYTES_PER_LINE)); + asn1.ptr += asn1_line.len; + asn1.len -= asn1_line.len; + pem_line = chunk_to_base64(asn1_line, pos); + pos += pem_line.len; + len -= pem_line.len; + *pos = '\n'; + pos++; + len--; + } + + chunk_clear(&to_free); + + /* write PEM trailer */ + written = snprintf(pos, len, "-----END %s-----", label); + pos += written; + len -= written; + + /* replace termination null character with newline */ + *pos = '\n'; + pos++; + len--; + + /* compute effective length of PEM object */ + encoding->len = pos - encoding->ptr; + return TRUE; +} + diff --git a/src/libstrongswan/plugins/pem/pem_encoder.h b/src/libstrongswan/plugins/pem/pem_encoder.h new file mode 100644 index 000000000..a181133b7 --- /dev/null +++ b/src/libstrongswan/plugins/pem/pem_encoder.h @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2010 Andreas Steffen + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pem_encoder pem_encoder + * @{ @ingroup pem_p + */ + +#ifndef PEM_ENCODER_H_ +#define PEM_ENCODER_H_ + +#include <credentials/keys/key_encoding.h> + +/** + * Encoding from ASN.1 to PEM format. + */ +bool pem_encoder_encode(key_encoding_type_t type, chunk_t *encoding, + va_list args); + +#endif /** PEM_ENCODER_H_ @}*/ + diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index 5a5149ca8..810901b7a 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -16,7 +16,9 @@ #include "pem_plugin.h" #include <library.h> + #include "pem_builder.h" +#include "pem_encoder.h" typedef struct private_pem_plugin_t private_pem_plugin_t; @@ -48,7 +50,7 @@ static void destroy(private_pem_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *pem_plugin_create() { private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t); @@ -100,6 +102,9 @@ plugin_t *plugin_create() lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, (builder_function_t)pem_certificate_load); + /* register PEM encoder */ + lib->encoding->add_encoder(lib->encoding, pem_encoder_encode); + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/pem/pem_plugin.h b/src/libstrongswan/plugins/pem/pem_plugin.h index 75616c496..944a3fc85 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.h +++ b/src/libstrongswan/plugins/pem/pem_plugin.h @@ -39,9 +39,4 @@ struct pem_plugin_t { plugin_t plugin; }; -/** - * Create a pem_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** PEM_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/Makefile.am b/src/libstrongswan/plugins/pgp/Makefile.am index c232971bb..4b414616d 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.am +++ b/src/libstrongswan/plugins/pgp/Makefile.am @@ -3,13 +3,17 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-pgp.la +else plugin_LTLIBRARIES = libstrongswan-pgp.la +endif -libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \ - pgp_utils.h pgp_utils.c \ - pgp_cert.h pgp_cert.c \ - pgp_encoder.h pgp_encoder.c \ - pgp_builder.h pgp_builder.c +libstrongswan_pgp_la_SOURCES = \ + pgp_plugin.h pgp_plugin.c \ + pgp_utils.h pgp_utils.c \ + pgp_cert.h pgp_cert.c \ + pgp_encoder.h pgp_encoder.c \ + pgp_builder.h pgp_builder.c libstrongswan_pgp_la_LDFLAGS = -module -avoid-version - diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 70840c400..5d487364f 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_pgp_la_LIBADD = am_libstrongswan_pgp_la_OBJECTS = pgp_plugin.lo pgp_utils.lo \ pgp_cert.lo pgp_encoder.lo pgp_builder.lo @@ -80,6 +80,8 @@ libstrongswan_pgp_la_OBJECTS = $(am_libstrongswan_pgp_la_OBJECTS) libstrongswan_pgp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_pgp_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_pgp_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_pgp_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,12 +257,14 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-pgp.la -libstrongswan_pgp_la_SOURCES = pgp_plugin.h pgp_plugin.c \ - pgp_utils.h pgp_utils.c \ - pgp_cert.h pgp_cert.c \ - pgp_encoder.h pgp_encoder.c \ - pgp_builder.h pgp_builder.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pgp.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pgp.la +libstrongswan_pgp_la_SOURCES = \ + pgp_plugin.h pgp_plugin.c \ + pgp_utils.h pgp_utils.c \ + pgp_cert.h pgp_cert.c \ + pgp_encoder.h pgp_encoder.c \ + pgp_builder.h pgp_builder.c libstrongswan_pgp_la_LDFLAGS = -module -avoid-version all: all-am @@ -296,6 +301,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +342,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-pgp.la: $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_DEPENDENCIES) - $(libstrongswan_pgp_la_LINK) -rpath $(plugindir) $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_LIBADD) $(LIBS) + $(libstrongswan_pgp_la_LINK) $(am_libstrongswan_pgp_la_rpath) $(libstrongswan_pgp_la_OBJECTS) $(libstrongswan_pgp_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -485,8 +499,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -557,18 +571,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c index d262d18ff..84c9bfddd 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.c +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -41,7 +41,7 @@ static public_key_t *parse_public_key(chunk_t blob) BUILD_BLOB_PGP, blob, BUILD_END); break; default: - DBG1("PGP public key algorithm %N not supported", + DBG1(DBG_LIB, "PGP public key algorithm %N not supported", pgp_pubkey_alg_names, alg); return NULL; } @@ -90,12 +90,13 @@ static private_key_t *parse_rsa_private_key(chunk_t blob) } if (s2k == 255 || s2k == 254) { - DBG1("string-to-key specifiers not supported"); + DBG1(DBG_LIB, "string-to-key specifiers not supported"); return NULL; } if (s2k != PGP_SYM_ALG_PLAIN) { - DBG1("%N private key encryption not supported", pgp_sym_alg_names, s2k); + DBG1(DBG_LIB, "%N private key encryption not supported", + pgp_sym_alg_names, s2k); return NULL; } @@ -121,7 +122,7 @@ static private_key_t *parse_rsa_private_key(chunk_t blob) static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { - DBG1("signing failed - decryption only key"); + DBG1(DBG_LIB, "signing failed - decryption only key"); return FALSE; } @@ -131,7 +132,7 @@ static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme, static bool decrypt_not_allowed(private_key_t *this, chunk_t crypto, chunk_t *plain) { - DBG1("decryption failed - signature only key"); + DBG1(DBG_LIB, "decryption failed - signature only key"); return FALSE; } @@ -164,7 +165,7 @@ static private_key_t *parse_private_key(chunk_t blob) case 4: break; default: - DBG1("PGP packet version V%d not supported", version); + DBG1(DBG_LIB, "PGP packet version V%d not supported", version); return FALSE; } if (!pgp_read_scalar(&packet, 4, &created)) diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c index fa2612285..cd04f3d1a 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.c +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -198,9 +198,9 @@ static bool is_newer(certificate_t *this, certificate_t *that) this->get_validity(this, &now, &this_update, NULL); that->get_validity(that, &now, &that_update, NULL); new = this_update > that_update; - DBG1(" certificate from %T is %s - existing certificate from %T %s", - &this_update, FALSE, new ? "newer":"not newer", - &that_update, FALSE, new ? "replaced":"retained"); + DBG1(DBG_LIB, " certificate from %T is %s - existing certificate" + " from %T %s", &this_update, FALSE, new ? "newer" : "not newer", + &that_update, FALSE, new ? "replaced" : "retained"); return new; } @@ -322,16 +322,18 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) } break; default: - DBG1("PGP packet version V%d not supported", this->version); + DBG1(DBG_LIB, "PGP packet version V%d not supported", + this->version); return FALSE; } if (this->valid) { - DBG2("L2 - created %T, valid %d days", &this->created, FALSE, this->valid); + DBG2(DBG_LIB, "L2 - created %T, valid %d days", &this->created, FALSE, + this->valid); } else { - DBG2("L2 - created %T, never expires", &this->created, FALSE); + DBG2(DBG_LIB, "L2 - created %T, never expires", &this->created, FALSE); } DESTROY_IF(this->key); this->key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, @@ -352,13 +354,13 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { - DBG1("no SHA-1 hasher available"); + DBG1(DBG_LIB, "no SHA-1 hasher available"); return FALSE; } hasher->allocate_hash(hasher, pubkey_packet_header, NULL); hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint); hasher->destroy(hasher); - DBG2("L2 - v4 fingerprint %#B", &this->fingerprint); + DBG2(DBG_LIB, "L2 - v4 fingerprint %#B", &this->fingerprint); } else { @@ -369,7 +371,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) return FALSE; } this->fingerprint = chunk_clone(this->fingerprint); - DBG2("L2 - v3 fingerprint %#B", &this->fingerprint); + DBG2(DBG_LIB, "L2 - v3 fingerprint %#B", &this->fingerprint); } return TRUE; } @@ -389,7 +391,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) /* we parse only v3 or v4 signature packets */ if (version != 3 && version != 4) { - DBG2("L2 - v%d signature ignored", version); + DBG2(DBG_LIB, "L2 - v%d signature ignored", version); return TRUE; } if (version == 4) @@ -398,7 +400,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) { return FALSE; } - DBG2("L2 - v%d signature of type 0x%02x", version, type); + DBG2(DBG_LIB, "L2 - v%d signature of type 0x%02x", version, type); } else { @@ -411,8 +413,8 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) { return FALSE; } - DBG2("L2 - v3 signature of type 0x%02x, created %T", type, - &created, FALSE); + DBG2(DBG_LIB, "L2 - v3 signature of type 0x%02x, created %T", type, + &created, FALSE); } /* TODO: parse and save signature to a list */ return TRUE; @@ -425,7 +427,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet) { DESTROY_IF(this->user_id); this->user_id = identification_create_from_encoding(ID_KEY_ID, packet); - DBG2("L2 - '%Y'", this->user_id); + DBG2(DBG_LIB, "L2 - '%Y'", this->user_id); return TRUE; } @@ -486,7 +488,7 @@ pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args) } break; default: - DBG1("ignoring %N packet in PGP certificate", + DBG1(DBG_LIB, "ignoring %N packet in PGP certificate", pgp_packet_tag_names, tag); break; } diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c index 56acac597..d5c3df590 100644 --- a/src/libstrongswan/plugins/pgp/pgp_encoder.c +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c @@ -31,7 +31,8 @@ static bool build_v3_fingerprint(chunk_t *encoding, va_list args) hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); if (!hasher) { - DBG1("MD5 hash algorithm not supported, PGP fingerprinting failed"); + DBG1(DBG_LIB, "MD5 hash algorithm not supported, PGP" + " fingerprinting failed"); return FALSE; } /* remove leading zero bytes before hashing modulus and exponent */ diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c index eabb3695f..3ed1faf01 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.c +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -54,7 +54,7 @@ static void destroy(private_pgp_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *pgp_plugin_create() { private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t); diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.h b/src/libstrongswan/plugins/pgp/pgp_plugin.h index 95765cd76..8a0ab89d6 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.h +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.h @@ -39,9 +39,4 @@ struct pgp_plugin_t { plugin_t plugin; }; -/** - * Create a pgp_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** PGP_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c index 1658f3232..2d85cc0c8 100644 --- a/src/libstrongswan/plugins/pgp/pgp_utils.c +++ b/src/libstrongswan/plugins/pgp/pgp_utils.c @@ -79,7 +79,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar) if (bytes > blob->len) { - DBG1("PGP data too short to read %d byte scalar", bytes); + DBG1(DBG_LIB, "PGP data too short to read %d byte scalar", bytes); return FALSE; } while (bytes-- > 0) @@ -100,13 +100,13 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi) if (!pgp_read_scalar(blob, 2, &bits)) { - DBG1("PGP data too short to read MPI length"); + DBG1(DBG_LIB, "PGP data too short to read MPI length"); return FALSE; } bytes = (bits + 7) / 8; if (bytes > blob->len) { - DBG1("PGP data too short to read %d byte MPI", bytes); + DBG1(DBG_LIB, "PGP data too short to read %d byte MPI", bytes); return FALSE; } *mpi = chunk_create(blob->ptr, bytes); @@ -146,7 +146,7 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag) if (!blob->len) { - DBG1("missing input"); + DBG1(DBG_LIB, "missing input"); return FALSE; } t = blob->ptr[0]; @@ -154,27 +154,27 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag) /* bit 7 must be set */ if (!(t & 0x80)) { - DBG1("invalid packet tag"); + DBG1(DBG_LIB, "invalid packet tag"); return FALSE; } /* bit 6 set defines new packet format */ if (t & 0x40) { - DBG1("new PGP packet format not supported"); + DBG1(DBG_LIB, "new PGP packet format not supported"); return FALSE; } t = (t & 0x3C) >> 2; if (!pgp_old_packet_length(blob, &len) || len > blob->len) { - DBG1("invalid packet length"); + DBG1(DBG_LIB, "invalid packet length"); return FALSE; } *data = chunk_create(blob->ptr, len); *blob = chunk_skip(*blob, len); *tag = t; - DBG2("L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len); - DBG3("%B", data); + DBG2(DBG_LIB, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len); + DBG3(DBG_LIB, "%B", data); return TRUE; } diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.am b/src/libstrongswan/plugins/pkcs1/Makefile.am index 88d25a26b..bd3203dae 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.am +++ b/src/libstrongswan/plugins/pkcs1/Makefile.am @@ -3,11 +3,15 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-pkcs1.la +else plugin_LTLIBRARIES = libstrongswan-pkcs1.la +endif -libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \ - pkcs1_encoder.h pkcs1_encoder.c \ - pkcs1_builder.h pkcs1_builder.c +libstrongswan_pkcs1_la_SOURCES = \ + pkcs1_plugin.h pkcs1_plugin.c \ + pkcs1_encoder.h pkcs1_encoder.c \ + pkcs1_builder.h pkcs1_builder.c libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version - diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 4439cd60f..3fdcd0590 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_pkcs1_la_LIBADD = am_libstrongswan_pkcs1_la_OBJECTS = pkcs1_plugin.lo pkcs1_encoder.lo \ pkcs1_builder.lo @@ -80,6 +80,9 @@ libstrongswan_pkcs1_la_OBJECTS = $(am_libstrongswan_pkcs1_la_OBJECTS) libstrongswan_pkcs1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_pkcs1_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_pkcs1_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_pkcs1_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,10 +258,12 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-pkcs1.la -libstrongswan_pkcs1_la_SOURCES = pkcs1_plugin.h pkcs1_plugin.c \ - pkcs1_encoder.h pkcs1_encoder.c \ - pkcs1_builder.h pkcs1_builder.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pkcs1.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pkcs1.la +libstrongswan_pkcs1_la_SOURCES = \ + pkcs1_plugin.h pkcs1_plugin.c \ + pkcs1_encoder.h pkcs1_encoder.c \ + pkcs1_builder.h pkcs1_builder.c libstrongswan_pkcs1_la_LDFLAGS = -module -avoid-version all: all-am @@ -294,6 +300,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -326,7 +341,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-pkcs1.la: $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_DEPENDENCIES) - $(libstrongswan_pkcs1_la_LINK) -rpath $(plugindir) $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_LIBADD) $(LIBS) + $(libstrongswan_pkcs1_la_LINK) $(am_libstrongswan_pkcs1_la_rpath) $(libstrongswan_pkcs1_la_OBJECTS) $(libstrongswan_pkcs1_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +496,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +568,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index fbd35e830..88c848899 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -81,10 +81,10 @@ static public_key_t *parse_public_key(chunk_t blob) /* skip initial bit string octet defining 0 unused bits */ object = chunk_skip(object, 1); } - DBG2("-- > --"); + DBG2(DBG_LIB, "-- > --"); key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type, BUILD_BLOB_ASN1_DER, object, BUILD_END); - DBG2("-- < --"); + DBG2(DBG_LIB, "-- < --"); break; } } @@ -197,7 +197,7 @@ static private_key_t *parse_rsa_private_key(chunk_t blob) case PRIV_KEY_VERSION: if (object.len > 0 && *object.ptr != 0) { - DBG1("PKCS#1 private key format is not version 1"); + DBG1(DBG_LIB, "PKCS#1 private key format is not version 1"); goto end; } break; diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h index 62ca9f351..9f251833e 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.h @@ -14,7 +14,7 @@ */ /** - * @defgroup pkcs1_public_key pkcs1_public_key + * @defgroup pkcs1_builder pkcs1_builder * @{ @ingroup pkcs1 */ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c index 0a8da815a..e46062d97 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c @@ -97,7 +97,8 @@ static bool hash_pubkey(chunk_t pubkey, chunk_t *hash) if (hasher == NULL) { chunk_free(&pubkey); - DBG1("SHA1 hash algorithm not supported, fingerprinting failed"); + DBG1(DBG_LIB, "SHA1 hash algorithm not supported, " + "fingerprinting failed"); return FALSE; } hasher->allocate_hash(hasher, pubkey, hash); diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index 9d71e1388..35ec2d2bf 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -50,7 +50,7 @@ static void destroy(private_pkcs1_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *pkcs1_plugin_create() { private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t); diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h index 465c7ef2c..588bde559 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.h @@ -39,9 +39,4 @@ struct pkcs1_plugin_t { plugin_t plugin; }; -/** - * Create a pkcs1_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** PKCS1_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h index 28c800c0c..6d8a370fb 100644 --- a/src/libstrongswan/plugins/plugin.h +++ b/src/libstrongswan/plugins/plugin.h @@ -38,9 +38,9 @@ struct plugin_t { /** * Plugin constructor function definiton. * - * Each plugin has a constructor functions. This function is called on daemon + * Each plugin has a constructor function. This function is called on daemon * startup to initialize each plugin. - * The plugin function is named plugin_create(). + * The plugin function is named plugin_name_plugin_create(). * * @return plugin_t instance */ diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index d4513f25a..cad279a9d 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2010 Tobias Brunner * Copyright (C) 2007 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -49,37 +50,83 @@ struct private_plugin_loader_t { linked_list_t *names; }; +#ifdef MONOLITHIC +/** + * load a single plugin in monolithic mode + */ +static plugin_t* load_plugin(private_plugin_loader_t *this, + char *path, char *name) +{ + char create[128]; + plugin_t *plugin; + plugin_constructor_t constructor; + + if (snprintf(create, sizeof(create), "%s_plugin_create", + name) >= sizeof(create)) + { + return NULL; + } + translate(create, "-", "_"); + constructor = dlsym(RTLD_DEFAULT, create); + if (constructor == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, + create); + return NULL; + } + plugin = constructor(); + if (plugin == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, + create); + return NULL; + } + DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); + + return plugin; +} +#else /** * load a single plugin */ static plugin_t* load_plugin(private_plugin_loader_t *this, char *path, char *name) { + char create[128]; char file[PATH_MAX]; void *handle; plugin_t *plugin; plugin_constructor_t constructor; - snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, name); - + if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, + name) >= sizeof(file) || + snprintf(create, sizeof(create), "%s_plugin_create", + name) >= sizeof(create)) + { + return NULL; + } + translate(create, "-", "_"); if (lib->integrity) { if (!lib->integrity->check_file(lib->integrity, name, file)) { - DBG1("plugin '%s': failed file integrity test of '%s'", name, file); + DBG1(DBG_LIB, "plugin '%s': failed file integrity test of '%s'", + name, file); return NULL; } } handle = dlopen(file, RTLD_LAZY); if (handle == NULL) { - DBG1("plugin '%s': failed to load '%s' - %s", name, file, dlerror()); + DBG1(DBG_LIB, "plugin '%s': failed to load '%s' - %s", name, file, + dlerror()); return NULL; } - constructor = dlsym(handle, "plugin_create"); + constructor = dlsym(handle, create); if (constructor == NULL) { - DBG1("plugin '%s': failed to load - no plugin_create() function", name); + DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, + create); dlclose(handle); return NULL; } @@ -87,25 +134,28 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, { if (!lib->integrity->check_segment(lib->integrity, name, constructor)) { - DBG1("plugin '%s': failed segment integrity test", name); + DBG1(DBG_LIB, "plugin '%s': failed segment integrity test", name); dlclose(handle); return NULL; } - DBG1("plugin '%s': passed file and segment integrity tests", name); + DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests", + name); } plugin = constructor(); if (plugin == NULL) { - DBG1("plugin '%s': failed to load - plugin_create() returned NULL", name); + DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, + create); dlclose(handle); return NULL; } - DBG2("plugin '%s': loaded successfully", name); + DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); /* we do not store or free dlopen() handles, leak_detective requires * the modules to keep loaded until leak report */ return plugin; } +#endif /** * Implementation of plugin_loader_t.load_plugins. @@ -116,10 +166,12 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) char *token; bool critical_failed = FALSE; +#ifndef MONOLITHIC if (path == NULL) { path = PLUGINDIR; } +#endif enumerator = enumerator_create_token(list, " ", " "); while (!critical_failed && enumerator->enumerate(enumerator, &token)) @@ -147,7 +199,7 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) if (critical) { critical_failed = TRUE; - DBG1("loading critical plugin '%s' failed", token); + DBG1(DBG_LIB, "loading critical plugin '%s' failed", token); } free(token); } diff --git a/src/libstrongswan/plugins/pubkey/Makefile.am b/src/libstrongswan/plugins/pubkey/Makefile.am index 770d77325..c2974a585 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.am +++ b/src/libstrongswan/plugins/pubkey/Makefile.am @@ -3,10 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-pubkey.la +else plugin_LTLIBRARIES = libstrongswan-pubkey.la +endif -libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \ - pubkey_cert.h pubkey_cert.c +libstrongswan_pubkey_la_SOURCES = \ + pubkey_plugin.h pubkey_plugin.c \ + pubkey_cert.h pubkey_cert.c libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version - diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index f95e7b357..5fe3d58f1 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_pubkey_la_LIBADD = am_libstrongswan_pubkey_la_OBJECTS = pubkey_plugin.lo pubkey_cert.lo libstrongswan_pubkey_la_OBJECTS = \ @@ -80,6 +80,9 @@ libstrongswan_pubkey_la_OBJECTS = \ libstrongswan_pubkey_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_pubkey_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_pubkey_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_pubkey_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,9 +258,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-pubkey.la -libstrongswan_pubkey_la_SOURCES = pubkey_plugin.h pubkey_plugin.c \ - pubkey_cert.h pubkey_cert.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pubkey.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pubkey.la +libstrongswan_pubkey_la_SOURCES = \ + pubkey_plugin.h pubkey_plugin.c \ + pubkey_cert.h pubkey_cert.c libstrongswan_pubkey_la_LDFLAGS = -module -avoid-version all: all-am @@ -293,6 +299,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -325,7 +340,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-pubkey.la: $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_DEPENDENCIES) - $(libstrongswan_pubkey_la_LINK) -rpath $(plugindir) $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_LIBADD) $(LIBS) + $(libstrongswan_pubkey_la_LINK) $(am_libstrongswan_pubkey_la_rpath) $(libstrongswan_pubkey_la_OBJECTS) $(libstrongswan_pubkey_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -479,8 +494,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -551,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index ad84eed99..b0eabc9ee 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_pubkey_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *pubkey_plugin_create() { private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t); diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h index a3fd2f155..db71bddc0 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.h +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.h @@ -39,9 +39,4 @@ struct pubkey_plugin_t { plugin_t plugin; }; -/** - * Create a pubkey_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** PUBKEY_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/random/Makefile.am b/src/libstrongswan/plugins/random/Makefile.am index 7c2283ae7..5df992718 100644 --- a/src/libstrongswan/plugins/random/Makefile.am +++ b/src/libstrongswan/plugins/random/Makefile.am @@ -5,9 +5,14 @@ AM_CFLAGS = -rdynamic \ -DDEV_RANDOM=\"${random_device}\" \ -DDEV_URANDOM=\"${urandom_device}\" +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-random.la +else plugin_LTLIBRARIES = libstrongswan-random.la +endif -libstrongswan_random_la_SOURCES = random_plugin.h random_plugin.c \ - random_rng.c random_rng.h -libstrongswan_random_la_LDFLAGS = -module -avoid-version +libstrongswan_random_la_SOURCES = \ + random_plugin.h random_plugin.c \ + random_rng.c random_rng.h +libstrongswan_random_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 355ab14bc..27360aa8c 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_random_la_LIBADD = am_libstrongswan_random_la_OBJECTS = random_plugin.lo random_rng.lo libstrongswan_random_la_OBJECTS = \ @@ -80,6 +80,9 @@ libstrongswan_random_la_OBJECTS = \ libstrongswan_random_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_random_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_random_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_random_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -257,9 +261,11 @@ AM_CFLAGS = -rdynamic \ -DDEV_RANDOM=\"${random_device}\" \ -DDEV_URANDOM=\"${urandom_device}\" -plugin_LTLIBRARIES = libstrongswan-random.la -libstrongswan_random_la_SOURCES = random_plugin.h random_plugin.c \ - random_rng.c random_rng.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-random.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-random.la +libstrongswan_random_la_SOURCES = \ + random_plugin.h random_plugin.c \ + random_rng.c random_rng.h libstrongswan_random_la_LDFLAGS = -module -avoid-version all: all-am @@ -296,6 +302,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -328,7 +343,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-random.la: $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_DEPENDENCIES) - $(libstrongswan_random_la_LINK) -rpath $(plugindir) $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_LIBADD) $(LIBS) + $(libstrongswan_random_la_LINK) $(am_libstrongswan_random_la_rpath) $(libstrongswan_random_la_OBJECTS) $(libstrongswan_random_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -482,8 +497,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -554,18 +569,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index df0a8f556..39678ba71 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_random_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *random_plugin_create() { private_random_plugin_t *this = malloc_thing(private_random_plugin_t); diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h index 6ce0f71be..7e22c3e5f 100644 --- a/src/libstrongswan/plugins/random/random_plugin.h +++ b/src/libstrongswan/plugins/random/random_plugin.h @@ -39,9 +39,4 @@ struct random_plugin_t { plugin_t plugin; }; -/** - * Create a random_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** RANDOM_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 34f300296..b09f3f57a 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -71,7 +71,7 @@ static void get_bytes(private_random_rng_t *this, size_t bytes, got = read(this->dev, buffer + done, bytes - done); if (got <= 0) { - DBG1("reading from \"%s\" failed: %s, retrying...", + DBG1(DBG_LIB, "reading from \"%s\" failed: %s, retrying...", this->file, strerror(errno)); close(this->dev); sleep(1); @@ -124,7 +124,7 @@ random_rng_t *random_rng_create(rng_quality_t quality) this->dev = open(this->file, 0); if (this->dev < 0) { - DBG1("opening \"%s\" failed: %s", this->file, strerror(errno)); + DBG1(DBG_LIB, "opening \"%s\" failed: %s", this->file, strerror(errno)); free(this); return NULL; } diff --git a/src/libstrongswan/plugins/sha1/Makefile.am b/src/libstrongswan/plugins/sha1/Makefile.am index ead51a45a..4e539fd83 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.am +++ b/src/libstrongswan/plugins/sha1/Makefile.am @@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-sha1.la +else plugin_LTLIBRARIES = libstrongswan-sha1.la +endif -libstrongswan_sha1_la_SOURCES = sha1_plugin.h sha1_plugin.c \ +libstrongswan_sha1_la_SOURCES = \ + sha1_plugin.h sha1_plugin.c \ sha1_hasher.c sha1_hasher.h sha1_prf.c sha1_prf.h -libstrongswan_sha1_la_LDFLAGS = -module -avoid-version +libstrongswan_sha1_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 4f08b882c..dacb5be4b 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_sha1_la_LIBADD = am_libstrongswan_sha1_la_OBJECTS = sha1_plugin.lo sha1_hasher.lo \ sha1_prf.lo @@ -80,6 +80,8 @@ libstrongswan_sha1_la_OBJECTS = $(am_libstrongswan_sha1_la_OBJECTS) libstrongswan_sha1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_sha1_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_sha1_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_sha1_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-sha1.la -libstrongswan_sha1_la_SOURCES = sha1_plugin.h sha1_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha1.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha1.la +libstrongswan_sha1_la_SOURCES = \ + sha1_plugin.h sha1_plugin.c \ sha1_hasher.c sha1_hasher.h sha1_prf.c sha1_prf.h libstrongswan_sha1_la_LDFLAGS = -module -avoid-version @@ -293,6 +298,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-sha1.la: $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_DEPENDENCIES) - $(libstrongswan_sha1_la_LINK) -rpath $(plugindir) $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_LIBADD) $(LIBS) + $(libstrongswan_sha1_la_LINK) $(am_libstrongswan_sha1_la_rpath) $(libstrongswan_sha1_la_OBJECTS) $(libstrongswan_sha1_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -480,8 +494,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -552,18 +566,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index a038228da..7b9cf878f 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -47,7 +47,7 @@ static void destroy(private_sha1_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *sha1_plugin_create() { private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t); diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.h b/src/libstrongswan/plugins/sha1/sha1_plugin.h index 36b12b91e..cd1ff615d 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.h +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.h @@ -39,9 +39,4 @@ struct sha1_plugin_t { plugin_t plugin; }; -/** - * Create a sha1_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** SHA1_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/sha2/Makefile.am b/src/libstrongswan/plugins/sha2/Makefile.am index 5422e1d4e..a255d0609 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.am +++ b/src/libstrongswan/plugins/sha2/Makefile.am @@ -3,8 +3,13 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-sha2.la +else plugin_LTLIBRARIES = libstrongswan-sha2.la +endif -libstrongswan_sha2_la_SOURCES = sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h -libstrongswan_sha2_la_LDFLAGS = -module -avoid-version +libstrongswan_sha2_la_SOURCES = \ + sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h +libstrongswan_sha2_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index e4ea58094..6db4374c8 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -72,13 +72,15 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_sha2_la_LIBADD = am_libstrongswan_sha2_la_OBJECTS = sha2_plugin.lo sha2_hasher.lo libstrongswan_sha2_la_OBJECTS = $(am_libstrongswan_sha2_la_OBJECTS) libstrongswan_sha2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_sha2_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_sha2_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_sha2_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -217,6 +219,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -253,8 +256,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-sha2.la -libstrongswan_sha2_la_SOURCES = sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha2.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha2.la +libstrongswan_sha2_la_SOURCES = \ + sha2_plugin.h sha2_plugin.c sha2_hasher.c sha2_hasher.h + libstrongswan_sha2_la_LDFLAGS = -module -avoid-version all: all-am @@ -290,6 +296,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -322,7 +337,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-sha2.la: $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_DEPENDENCIES) - $(libstrongswan_sha2_la_LINK) -rpath $(plugindir) $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_LIBADD) $(LIBS) + $(libstrongswan_sha2_la_LINK) $(am_libstrongswan_sha2_la_rpath) $(libstrongswan_sha2_la_OBJECTS) $(libstrongswan_sha2_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -476,8 +491,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -548,18 +563,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index 90f7cec77..810d9922a 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_sha2_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *sha2_plugin_create() { private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t); diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.h b/src/libstrongswan/plugins/sha2/sha2_plugin.h index b80f7560e..48ee2d94c 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.h +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.h @@ -39,9 +39,4 @@ struct sha2_plugin_t { plugin_t plugin; }; -/** - * Create a sha2_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** SHA2_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.am b/src/libstrongswan/plugins/sqlite/Makefile.am index f26e31294..2e1d9733f 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.am +++ b/src/libstrongswan/plugins/sqlite/Makefile.am @@ -3,10 +3,16 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-sqlite.la +else plugin_LTLIBRARIES = libstrongswan-sqlite.la +endif -libstrongswan_sqlite_la_SOURCES = sqlite_plugin.h sqlite_plugin.c \ +libstrongswan_sqlite_la_SOURCES = \ + sqlite_plugin.h sqlite_plugin.c \ sqlite_database.h sqlite_database.c + libstrongswan_sqlite_la_LDFLAGS = -module -avoid-version -libstrongswan_sqlite_la_LIBADD = -lsqlite3 +libstrongswan_sqlite_la_LIBADD = -lsqlite3 diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index 831408c9e..cb466ad03 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_sqlite_la_DEPENDENCIES = am_libstrongswan_sqlite_la_OBJECTS = sqlite_plugin.lo \ sqlite_database.lo @@ -81,6 +81,9 @@ libstrongswan_sqlite_la_OBJECTS = \ libstrongswan_sqlite_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_sqlite_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_sqlite_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_sqlite_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +222,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,8 +259,10 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-sqlite.la -libstrongswan_sqlite_la_SOURCES = sqlite_plugin.h sqlite_plugin.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sqlite.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sqlite.la +libstrongswan_sqlite_la_SOURCES = \ + sqlite_plugin.h sqlite_plugin.c \ sqlite_database.h sqlite_database.c libstrongswan_sqlite_la_LDFLAGS = -module -avoid-version @@ -295,6 +301,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -327,7 +342,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-sqlite.la: $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_DEPENDENCIES) - $(libstrongswan_sqlite_la_LINK) -rpath $(plugindir) $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_LIBADD) $(LIBS) + $(libstrongswan_sqlite_la_LINK) $(am_libstrongswan_sqlite_la_rpath) $(libstrongswan_sqlite_la_OBJECTS) $(libstrongswan_sqlite_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +496,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +568,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index 721f1a126..3e20dbb51 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -110,11 +110,13 @@ static sqlite3_stmt* run(private_sqlite_database_t *this, char *sql, } else { - DBG1("preparing sqlite statement failed: %s", sqlite3_errmsg(this->db)); + DBG1(DBG_LIB, "preparing sqlite statement failed: %s", + sqlite3_errmsg(this->db)); } if (res != SQLITE_OK) { - DBG1("binding sqlite statement failed: %s", sqlite3_errmsg(this->db)); + DBG1(DBG_LIB, "binding sqlite statement failed: %s", + sqlite3_errmsg(this->db)); sqlite3_finalize(stmt); return NULL; } @@ -160,7 +162,7 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) case SQLITE_ROW: break; default: - DBG1("stepping sqlite statement failed: %s", + DBG1(DBG_LIB, "stepping sqlite statement failed: %s", sqlite3_errmsg(this->database->db)); /* fall */ case SQLITE_DONE: @@ -203,7 +205,7 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) break; } default: - DBG1("invalid result type supplied"); + DBG1(DBG_LIB, "invalid result type supplied"); return FALSE; } } @@ -272,7 +274,8 @@ static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...) } else { - DBG1("sqlite execute failed: %s", sqlite3_errmsg(this->db)); + DBG1(DBG_LIB, "sqlite execute failed: %s", + sqlite3_errmsg(this->db)); } sqlite3_finalize(stmt); } @@ -337,7 +340,7 @@ sqlite_database_t *sqlite_database_create(char *uri) if (sqlite3_open(file, &this->db) != SQLITE_OK) { - DBG1("opening SQLite database '%s' failed: %s", + DBG1(DBG_LIB, "opening SQLite database '%s' failed: %s", file, sqlite3_errmsg(this->db)); destroy(this); return NULL; diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index 955402bf9..332d82318 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -44,7 +44,7 @@ static void destroy(private_sqlite_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *sqlite_plugin_create() { private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t); diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h index 82735a311..dbc461cf4 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.h +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.h @@ -39,9 +39,4 @@ struct sqlite_plugin_t { plugin_t plugin; }; -/** - * Create a sqlite_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** SQLITE_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index 6028805c4..6d3b05d19 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -3,7 +3,11 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-test-vectors.la +else plugin_LTLIBRARIES = libstrongswan-test-vectors.la +endif libstrongswan_test_vectors_la_SOURCES = \ test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \ @@ -29,5 +33,5 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/sha2_hmac.c \ test_vectors/fips_prf.c \ test_vectors/rng.c -libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version +libstrongswan_test_vectors_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index a8674d282..dbe62c056 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_test_vectors_la_LIBADD = am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \ 3des_cbc.lo aes_cbc.lo aes_xcbc.lo blowfish.lo camellia_cbc.lo \ @@ -85,6 +85,9 @@ libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_test_vectors_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_test_vectors_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_test_vectors_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -223,6 +226,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -259,7 +263,8 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-test-vectors.la +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-test-vectors.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-test-vectors.la libstrongswan_test_vectors_la_SOURCES = \ test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \ test_vectors/3des_cbc.c \ @@ -320,6 +325,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -352,7 +366,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-test-vectors.la: $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_DEPENDENCIES) - $(libstrongswan_test_vectors_la_LINK) -rpath $(plugindir) $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_LIBADD) $(LIBS) + $(libstrongswan_test_vectors_la_LINK) $(am_libstrongswan_test_vectors_la_rpath) $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -681,8 +695,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -753,18 +767,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c index 4dc1cc174..18e0c9278 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c @@ -44,7 +44,7 @@ static bool test_monobit(monobit_t *param, chunk_t data) } } } - DBG2(" Monobit: %d/%d bits set", bits, data.len * 8); + DBG2(DBG_LIB, " Monobit: %d/%d bits set", bits, data.len * 8); if (bits > param->lower && bits < param->upper) { return TRUE; @@ -101,7 +101,7 @@ static bool test_poker(poker_t *param, chunk_t data) sum += (counter[i] * counter[i]) / 5000.0 * 16.0; } sum -= 5000.0; - DBG2(" Poker: %f", sum); + DBG2(DBG_LIB, " Poker: %f", sum); if (sum > param->lower && sum < param->upper) { return TRUE; @@ -190,7 +190,7 @@ static bool test_runs(runs_t *param, chunk_t data) } } - DBG2(" Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, " + DBG2(DBG_LIB, " Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, " "longruns: %d", zero_runs[1], zero_runs[2], zero_runs[3], zero_runs[4], zero_runs[5], zero_runs[6], diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index 7ad8c3c73..234d237f3 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -104,7 +104,7 @@ static void destroy(private_test_vectors_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *test_vectors_plugin_create() { private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t); int i; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h index 9cb959c88..661529295 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h @@ -39,9 +39,4 @@ struct test_vectors_plugin_t { plugin_t plugin; }; -/** - * Create a test_vectors_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** TEST_VECTORS_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/x509/Makefile.am b/src/libstrongswan/plugins/x509/Makefile.am index 853b1cebc..4b50d78dc 100644 --- a/src/libstrongswan/plugins/x509/Makefile.am +++ b/src/libstrongswan/plugins/x509/Makefile.am @@ -3,14 +3,19 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-x509.la +else plugin_LTLIBRARIES = libstrongswan-x509.la +endif -libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \ - x509_cert.h x509_cert.c \ - x509_crl.h x509_crl.c \ - x509_ac.h x509_ac.c \ - x509_pkcs10.h x509_pkcs10.c \ - x509_ocsp_request.h x509_ocsp_request.c \ - x509_ocsp_response.h x509_ocsp_response.c -libstrongswan_x509_la_LDFLAGS = -module -avoid-version +libstrongswan_x509_la_SOURCES = \ + x509_plugin.h x509_plugin.c \ + x509_cert.h x509_cert.c \ + x509_crl.h x509_crl.c \ + x509_ac.h x509_ac.c \ + x509_pkcs10.h x509_pkcs10.c \ + x509_ocsp_request.h x509_ocsp_request.c \ + x509_ocsp_response.h x509_ocsp_response.c +libstrongswan_x509_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 428643254..2bee453cd 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_x509_la_LIBADD = am_libstrongswan_x509_la_OBJECTS = x509_plugin.lo x509_cert.lo \ x509_crl.lo x509_ac.lo x509_pkcs10.lo x509_ocsp_request.lo \ @@ -81,6 +81,8 @@ libstrongswan_x509_la_OBJECTS = $(am_libstrongswan_x509_la_OBJECTS) libstrongswan_x509_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_x509_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_x509_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_x509_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -219,6 +221,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -255,14 +258,16 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-x509.la -libstrongswan_x509_la_SOURCES = x509_plugin.h x509_plugin.c \ - x509_cert.h x509_cert.c \ - x509_crl.h x509_crl.c \ - x509_ac.h x509_ac.c \ - x509_pkcs10.h x509_pkcs10.c \ - x509_ocsp_request.h x509_ocsp_request.c \ - x509_ocsp_response.h x509_ocsp_response.c +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-x509.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-x509.la +libstrongswan_x509_la_SOURCES = \ + x509_plugin.h x509_plugin.c \ + x509_cert.h x509_cert.c \ + x509_crl.h x509_crl.c \ + x509_ac.h x509_ac.c \ + x509_pkcs10.h x509_pkcs10.c \ + x509_ocsp_request.h x509_ocsp_request.c \ + x509_ocsp_response.h x509_ocsp_response.c libstrongswan_x509_la_LDFLAGS = -module -avoid-version all: all-am @@ -299,6 +304,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -331,7 +345,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-x509.la: $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_DEPENDENCIES) - $(libstrongswan_x509_la_LINK) -rpath $(plugindir) $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_LIBADD) $(LIBS) + $(libstrongswan_x509_la_LINK) $(am_libstrongswan_x509_la_rpath) $(libstrongswan_x509_la_OBJECTS) $(libstrongswan_x509_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -490,8 +504,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -562,18 +576,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index 79ff80933..95e72789e 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -192,7 +192,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi } else { - DBG1("more than one directory name - first selected"); + DBG1(DBG_LIB, "more than one directory name - first selected"); directoryName->destroy(directoryName); } } @@ -200,7 +200,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi } else { - DBG1("no directoryName found"); + DBG1(DBG_LIB, "no directoryName found"); } list->destroy(list); @@ -359,10 +359,11 @@ static bool parse_certificate(private_x509_ac_t *this) break; case AC_OBJ_VERSION: this->version = (object.len) ? (1 + (u_int)*object.ptr) : 1; - DBG2(" v%d", this->version); + DBG2(DBG_LIB, " v%d", this->version); if (this->version != 2) { - DBG1("v%d attribute certificates are not supported", this->version); + DBG1(DBG_LIB, "v%d attribute certificates are not " + "supported", this->version); goto end; } break; @@ -407,20 +408,20 @@ static bool parse_certificate(private_x509_ac_t *this) switch (type) { case OID_AUTHENTICATION_INFO: - DBG2(" need to parse authenticationInfo"); + DBG2(DBG_LIB, " need to parse authenticationInfo"); break; case OID_ACCESS_IDENTITY: - DBG2(" need to parse accessIdentity"); + DBG2(DBG_LIB, " need to parse accessIdentity"); break; case OID_CHARGING_IDENTITY: - DBG2("-- > --"); + DBG2(DBG_LIB, "-- > --"); this->charging = ietf_attributes_create_from_encoding(object); - DBG2("-- < --"); + DBG2(DBG_LIB, "-- < --"); break; case OID_GROUP: - DBG2("-- > --"); + DBG2(DBG_LIB, "-- > --"); this->groups = ietf_attributes_create_from_encoding(object); - DBG2("-- < --"); + DBG2(DBG_LIB, "-- < --"); break; case OID_ROLE: parse_roleSyntax(object, level); @@ -435,21 +436,21 @@ static bool parse_certificate(private_x509_ac_t *this) break; case AC_OBJ_CRITICAL: critical = object.len && *object.ptr; - DBG2(" %s",(critical)?"TRUE":"FALSE"); + DBG2(DBG_LIB, " %s",(critical)?"TRUE":"FALSE"); break; case AC_OBJ_EXTN_VALUE: { switch (extn_oid) { case OID_CRL_DISTRIBUTION_POINTS: - DBG2(" need to parse crlDistributionPoints"); + DBG2(DBG_LIB, " need to parse crlDistributionPoints"); break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, level, &this->authKeySerialNumber); break; case OID_TARGET_INFORMATION: - DBG2(" need to parse targetInformation"); + DBG2(DBG_LIB, " need to parse targetInformation"); break; case OID_NO_REV_AVAIL: this->noRevAvail = TRUE; @@ -464,7 +465,7 @@ static bool parse_certificate(private_x509_ac_t *this) NULL); if (this->algorithm != sig_alg) { - DBG1(" signature algorithms do not agree"); + DBG1(DBG_LIB, " signature algorithms do not agree"); success = FALSE; goto end; } @@ -824,9 +825,9 @@ static bool is_newer(private_x509_ac_t *this, ac_t *that) this_cert->get_validity(this_cert, &now, &this_update, NULL); that_cert->get_validity(that_cert, &now, &that_update, NULL); new = this_update > that_update; - DBG1(" attr cert from %T is %s - existing attr cert from %T %s", - &this_update, FALSE, new ? "newer":"not newer", - &that_update, FALSE, new ? "replaced":"retained"); + DBG1(DBG_LIB, " attr cert from %T is %s - existing attr cert from %T %s", + &this_update, FALSE, new ? "newer":"not newer", + &that_update, FALSE, new ? "replaced":"retained"); return new; } diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 3b729236e..bdbaa8d4a 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -219,7 +219,7 @@ static void parse_basicConstraints(chunk_t blob, int level0, { case BASIC_CONSTRAINTS_CA: isCA = object.len && *object.ptr; - DBG2(" %s", isCA ? "TRUE" : "FALSE"); + DBG2(DBG_LIB, " %s", isCA ? "TRUE" : "FALSE"); if (isCA) { this->flags |= X509_CA; @@ -383,7 +383,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0) if (id_type != ID_ANY) { gn = identification_create_from_encoding(id_type, object); - DBG2(" '%Y'", gn); + DBG2(DBG_LIB, " '%Y'", gn); goto end; } } @@ -539,7 +539,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, /* parsing went wrong - abort */ goto end; } - DBG2(" '%Y'", id); + DBG2(DBG_LIB, " '%Y'", id); if (accessMethod == OID_OCSP && asprintf(&uri, "%Y", id) > 0) { @@ -704,34 +704,36 @@ static bool check_address_object(ts_type_t ts_type, chunk_t object) case TS_IPV4_ADDR_RANGE: if (object.len > 5) { - DBG1("IPv4 address object is larger than 5 octets"); + DBG1(DBG_LIB, "IPv4 address object is larger than 5 octets"); return FALSE; } break; case TS_IPV6_ADDR_RANGE: if (object.len > 17) { - DBG1("IPv6 address object is larger than 17 octets"); + DBG1(DBG_LIB, "IPv6 address object is larger than 17 octets"); return FALSE; } break; default: - DBG1("unknown address family"); + DBG1(DBG_LIB, "unknown address family"); return FALSE; } if (object.len == 0) { - DBG1("An ASN.1 bit string must contain at least the initial octet"); + DBG1(DBG_LIB, "An ASN.1 bit string must contain at least the " + "initial octet"); return FALSE; } if (object.len == 1 && object.ptr[0] != 0) { - DBG1("An empty ASN.1 bit string must contain a zero initial octet"); + DBG1(DBG_LIB, "An empty ASN.1 bit string must contain a zero " + "initial octet"); return FALSE; } if (object.ptr[0] > 7) { - DBG1("number of unused bits is too large"); + DBG1(DBG_LIB, "number of unused bits is too large"); return FALSE; } return TRUE; @@ -769,11 +771,11 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, { break; } - DBG2(" %N", ts_type_name, ts_type); + DBG2(DBG_LIB, " %N", ts_type_name, ts_type); } break; case IP_ADDR_BLOCKS_INHERIT: - DBG1("inherit choice is not supported"); + DBG1(DBG_LIB, "inherit choice is not supported"); break; case IP_ADDR_BLOCKS_PREFIX: if (!check_address_object(ts_type, object)) @@ -782,7 +784,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, } ts = traffic_selector_create_from_rfc3779_format(ts_type, object, object); - DBG2(" %R", ts); + DBG2(DBG_LIB, " %R", ts); this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts); break; case IP_ADDR_BLOCKS_MIN: @@ -799,7 +801,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, } ts = traffic_selector_create_from_rfc3779_format(ts_type, min_object, object); - DBG2(" %R", ts); + DBG2(DBG_LIB, " %R", ts); this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts); break; default: @@ -893,12 +895,12 @@ static bool parse_certificate(private_x509_cert_t *this) this->version = (object.len) ? (1+(u_int)*object.ptr) : 1; if (this->version < 1 || this->version > 3) { - DBG1("X.509v%d not supported", this->version); + DBG1(DBG_LIB, "X.509v%d not supported", this->version); goto end; } else { - DBG2(" X.509v%d", this->version); + DBG2(DBG_LIB, " X.509v%d", this->version); } break; case X509_OBJ_SERIAL_NUMBER: @@ -909,7 +911,7 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_ISSUER: this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(" '%Y'", this->issuer); + DBG2(DBG_LIB, " '%Y'", this->issuer); break; case X509_OBJ_NOT_BEFORE: this->notBefore = asn1_parse_time(object, level); @@ -919,13 +921,13 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_SUBJECT: this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(" '%Y'", this->subject); + DBG2(DBG_LIB, " '%Y'", this->subject); break; case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO: - DBG2("-- > --"); + DBG2(DBG_LIB, "-- > --"); this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); - DBG2("-- < --"); + DBG2(DBG_LIB, "-- < --"); if (this->public_key == NULL) { goto end; @@ -934,7 +936,7 @@ static bool parse_certificate(private_x509_cert_t *this) case X509_OBJ_OPTIONAL_EXTENSIONS: if (this->version != 3) { - DBG1("Only X.509v3 certificates have extensions"); + DBG1(DBG_LIB, "Only X.509v3 certificates have extensions"); goto end; } break; @@ -943,7 +945,7 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_CRITICAL: critical = object.len && *object.ptr; - DBG2(" %s", critical ? "TRUE" : "FALSE"); + DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE"); break; case X509_OBJ_EXTN_VALUE: { @@ -974,6 +976,9 @@ static bool parse_certificate(private_x509_cert_t *this) case OID_AUTHORITY_INFO_ACCESS: parse_authorityInfoAccess(object, level, this); break; + case OID_KEY_USAGE: + /* TODO parse the flags */ + break; case OID_EXTENDED_KEY_USAGE: parse_extendedKeyUsage(object, level, this); break; @@ -994,7 +999,7 @@ static bool parse_certificate(private_x509_cert_t *this) if (critical && lib->settings->get_bool(lib->settings, "libstrongswan.plugins.x509.enforce_critical", FALSE)) { - DBG1("critical %s extension not supported", + DBG1(DBG_LIB, "critical %s extension not supported", (extn_oid == OID_UNKNOWN) ? "unknown" : (char*)oid_names[extn_oid].name); goto end; @@ -1007,7 +1012,7 @@ static bool parse_certificate(private_x509_cert_t *this) this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); if (this->algorithm != sig_alg) { - DBG1(" signature algorithms do not agree"); + DBG1(DBG_LIB, " signature algorithms do not agree"); goto end; } break; @@ -1035,7 +1040,7 @@ end: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { - DBG1(" unable to create hash of certificate, SHA1 not supported"); + DBG1(DBG_LIB, " unable to create hash of certificate, SHA1 not supported"); return NULL; } hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); @@ -1214,9 +1219,9 @@ static bool is_newer(certificate_t *this, certificate_t *that) this->get_validity(this, &now, &this_update, NULL); that->get_validity(that, &now, &that_update, NULL); new = this_update > that_update; - DBG1(" certificate from %T is %s - existing certificate from %T %s", - &this_update, FALSE, new ? "newer":"not newer", - &that_update, FALSE, new ? "replaced":"retained"); + DBG1(DBG_LIB, " certificate from %T is %s - existing certificate " + "from %T %s", &this_update, FALSE, new ? "newer":"not newer", + &that_update, FALSE, new ? "replaced":"retained"); return new; } @@ -1453,7 +1458,7 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) context = ASN1_CONTEXT_S_7; break; default: - DBG1("encoding %N as subjectAltName not supported", + DBG1(DBG_LIB, "encoding %N as subjectAltName not supported", id_type_names, id->get_type(id)); enumerator->destroy(enumerator); free(subjectAltNames.ptr); @@ -1481,7 +1486,9 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty; chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty; chunk_t ocspSigning = chunk_empty; - chunk_t basicConstraints = chunk_empty, subjectAltNames = chunk_empty; + chunk_t basicConstraints = chunk_empty; + chunk_t keyUsage = chunk_empty; + chunk_t subjectAltNames = chunk_empty; chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; identification_t *issuer, *subject; @@ -1583,7 +1590,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_SEQUENCE, "m", authorityInfoAccess))); } - /* build CA basicConstraint for CA certificates */ + /* build CA basicConstraint and keyUsage flags for CA certificates */ if (cert->flags & X509_CA) { chunk_t pathLenConstraint = chunk_empty; @@ -1603,6 +1610,13 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), pathLenConstraint))); + keyUsage = asn1_wrap(ASN1_SEQUENCE, "mmm", + asn1_build_known_oid(OID_KEY_USAGE), + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF)), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_BIT_STRING, "c", + chunk_from_chars(0x01, 0x06)))); } /* add serverAuth extendedKeyUsage flag */ @@ -1663,8 +1677,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, crlDistributionPoints.ptr) { extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m", - asn1_wrap(ASN1_SEQUENCE, "mmmmmmm", - basicConstraints, subjectKeyIdentifier, + asn1_wrap(ASN1_SEQUENCE, "mmmmmmmm", + basicConstraints, keyUsage, subjectKeyIdentifier, authKeyIdentifier, subjectAltNames, extendedKeyUsage, crlDistributionPoints, authorityInfoAccess)); diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index b9ef3218b..c755d7f63 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -216,14 +216,14 @@ static bool parse(private_x509_crl_t *this) break; case CRL_OBJ_VERSION: this->version = (object.len) ? (1+(u_int)*object.ptr) : 1; - DBG2(" v%d", this->version); + DBG2(DBG_LIB, " v%d", this->version); break; case CRL_OBJ_SIG_ALG: sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL); break; case CRL_OBJ_ISSUER: this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(" '%Y'", this->issuer); + DBG2(DBG_LIB, " '%Y'", this->issuer); break; case CRL_OBJ_THIS_UPDATE: this->thisUpdate = asn1_parse_time(object, level); @@ -248,7 +248,7 @@ static bool parse(private_x509_crl_t *this) case CRL_OBJ_CRL_ENTRY_CRITICAL: case CRL_OBJ_CRITICAL: critical = object.len && *object.ptr; - DBG2(" %s", critical ? "TRUE" : "FALSE"); + DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE"); break; case CRL_OBJ_CRL_ENTRY_EXTN_VALUE: case CRL_OBJ_EXTN_VALUE: @@ -262,7 +262,8 @@ static bool parse(private_x509_crl_t *this) { revoked->reason = *object.ptr; } - DBG2(" '%N'", crl_reason_names, revoked->reason); + DBG2(DBG_LIB, " '%N'", crl_reason_names, + revoked->reason); } else if (extn_oid == OID_AUTHORITY_KEY_ID) { @@ -286,7 +287,7 @@ static bool parse(private_x509_crl_t *this) this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); if (this->algorithm != sig_alg) { - DBG1(" signature algorithms do not agree"); + DBG1(DBG_LIB, " signature algorithms do not agree"); goto end; } break; @@ -483,7 +484,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that) if (this->crlNumber.ptr != NULL && that_crlNumber.ptr != NULL) { new = chunk_compare(this->crlNumber, that_crlNumber) > 0; - DBG1(" crl #%#B is %s - existing crl #%#B %s", + DBG1(DBG_LIB, " crl #%#B is %s - existing crl #%#B %s", &this->crlNumber, new ? "newer":"not newer", &that_crlNumber, new ? "replaced":"retained"); } @@ -497,7 +498,7 @@ static bool is_newer(private_x509_crl_t *this, crl_t *that) this_cert->get_validity(this_cert, &now, &this_update, NULL); that_cert->get_validity(that_cert, &now, &that_update, NULL); new = this_update > that_update; - DBG1(" crl from %T is %s - existing crl from %T %s", + DBG1(DBG_LIB, " crl from %T is %s - existing crl from %T %s", &this_update, FALSE, new ? "newer":"not newer", &that_update, FALSE, new ? "replaced":"retained"); } diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index f86f87751..c835d5dc8 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -179,13 +179,14 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this) } else { - DBG1("creating OCSP request failed, SHA1 not supported"); + DBG1(DBG_LIB, "creating OCSP request failed, SHA1 not supported"); } public->destroy(public); } else { - DBG1("creating OCSP request failed, CA certificate has no public key"); + DBG1(DBG_LIB, "creating OCSP request failed, CA certificate has " + "no public key"); } return asn1_wrap(ASN1_SEQUENCE, "m", list); } @@ -205,7 +206,7 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this) return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid, asn1_simple_object(ASN1_OCTET_STRING, this->nonce)); } - DBG1("creating OCSP request nonce failed, no RNG found"); + DBG1(DBG_LIB, "creating OCSP request nonce failed, no RNG found"); return chunk_empty; } @@ -263,14 +264,14 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, scheme = SIGN_ECDSA_WITH_SHA1_DER; break; default: - DBG1("unable to sign OCSP request, %N signature not supported", - key_type_names, this->key->get_type(this->key)); + DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not " + "supported", key_type_names, this->key->get_type(this->key)); return chunk_empty; } if (!this->key->sign(this->key, scheme, tbsRequest, &signature)) { - DBG1("creating OCSP signature failed, skipped"); + DBG1(DBG_LIB, "creating OCSP signature failed, skipped"); return chunk_empty; } if (this->cert) @@ -378,7 +379,7 @@ static id_match_t has_issuer(private_x509_ocsp_request_t *this, */ static bool issued_by(private_x509_ocsp_request_t *this, certificate_t *issuer) { - DBG1("OCSP request validation not implemented!"); + DBG1(DBG_LIB, "OCSP request validation not implemented!"); return FALSE; } diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 948d7ad85..c70d461df 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -509,7 +509,8 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, if (version != OCSP_BASIC_RESPONSE_VERSION) { - DBG1(" ocsp ResponseData version %d not supported", version); + DBG1(DBG_LIB, " ocsp ResponseData version %d not " + "supported", version); goto end; } break; @@ -517,12 +518,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, case BASIC_RESPONSE_ID_BY_NAME: this->responderId = identification_create_from_encoding( ID_DER_ASN1_DN, object); - DBG2(" '%Y'", this->responderId); + DBG2(DBG_LIB, " '%Y'", this->responderId); break; case BASIC_RESPONSE_ID_BY_KEY: this->responderId = identification_create_from_encoding( ID_KEY_ID, object); - DBG2(" '%Y'", this->responderId); + DBG2(DBG_LIB, " '%Y'", this->responderId); break; case BASIC_RESPONSE_PRODUCED_AT: this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME); @@ -536,7 +537,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, break; case BASIC_RESPONSE_CRITICAL: critical = object.len && *object.ptr; - DBG2(" %s", critical ? "TRUE" : "FALSE"); + DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE"); break; case BASIC_RESPONSE_EXT_VALUE: if (extn_oid == OID_NONCE) @@ -622,7 +623,7 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this) case OCSP_SUCCESSFUL: break; default: - DBG1(" ocsp response status: %N", + DBG1(DBG_LIB, " ocsp response status: %N", ocsp_status_names, status); goto end; } @@ -638,7 +639,8 @@ static bool parse_OCSPResponse(private_x509_ocsp_response_t *this) parser->get_level(parser)+1); break; default: - DBG1(" ocsp response type %#B not supported", &object); + DBG1(DBG_LIB, " ocsp response type %#B not supported", + &object); goto end; } break; @@ -772,9 +774,9 @@ static bool is_newer(certificate_t *this, certificate_t *that) this->get_validity(this, &now, &this_update, NULL); that->get_validity(that, &now, &that_update, NULL); new = this_update > that_update; - DBG1(" ocsp response from %T is %s - existing ocsp response from %T %s", - &this_update, FALSE, new ? "newer":"not newer", - &that_update, FALSE, new ? "replaced":"retained"); + DBG1(DBG_LIB, " ocsp response from %T is %s - existing ocsp response " + "from %T %s", &this_update, FALSE, new ? "newer" : "not newer", + &that_update, FALSE, new ? "replaced" : "retained"); return new; } diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c index 6d750c98c..1009ec931 100644 --- a/src/libstrongswan/plugins/x509/x509_pkcs10.c +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c @@ -297,7 +297,7 @@ static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, i break; case PKCS10_EXTN_CRITICAL: critical = object.len && *object.ptr; - DBG2(" %s", critical ? "TRUE" : "FALSE"); + DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE"); break; case PKCS10_EXTN_VALUE: { @@ -330,25 +330,25 @@ static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, i if (blob.len < 2) { - DBG1("L%d - challengePassword: ASN.1 object smaller than 2 octets", - level); + DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object smaller " + "than 2 octets", level); return FALSE; } tag = *blob.ptr; if (tag < ASN1_UTF8STRING || tag > ASN1_IA5STRING) { - DBG1("L%d - challengePassword: ASN.1 object is not a character string", - level); + DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object is not " + "a character string", level); return FALSE; } if (asn1_length(&blob) == ASN1_INVALID_LENGTH) { - DBG1("L%d - challengePassword: ASN.1 object has an invalid length", - level); + DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object has an " + "invalid length", level); return FALSE; - } - DBG2("L%d - challengePassword:", level); - DBG4(" '%.*s'", blob.len, blob.ptr); + } + DBG2(DBG_LIB, "L%d - challengePassword:", level); + DBG4(DBG_LIB, " '%.*s'", blob.len, blob.ptr); return TRUE; } @@ -406,13 +406,14 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this) case PKCS10_VERSION: if (object.len > 0 && *object.ptr != 0) { - DBG1("PKCS#10 certificate request format is not version 1"); + DBG1(DBG_LIB, "PKCS#10 certificate request format is " + "not version 1"); goto end; } break; case PKCS10_SUBJECT: this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(" '%Y'", this->subject); + DBG2(DBG_LIB, " '%Y'", this->subject); break; case PKCS10_SUBJECT_PUBLIC_KEY_INFO: this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, @@ -467,7 +468,7 @@ end: } else { - DBG1("certificate request is not self-signed"); + DBG1(DBG_LIB, "certificate request is not self-signed"); success = FALSE; } } diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index 94c49b1e1..e71c55efc 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -65,7 +65,7 @@ static void destroy(private_x509_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *x509_plugin_create() { private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t); diff --git a/src/libstrongswan/plugins/x509/x509_plugin.h b/src/libstrongswan/plugins/x509/x509_plugin.h index fe8c0b31f..e3f959ffa 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.h +++ b/src/libstrongswan/plugins/x509/x509_plugin.h @@ -39,9 +39,4 @@ struct x509_plugin_t { plugin_t plugin; }; -/** - * Create a x509_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** X509_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/xcbc/Makefile.am b/src/libstrongswan/plugins/xcbc/Makefile.am index 515b75031..7de306832 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.am +++ b/src/libstrongswan/plugins/xcbc/Makefile.am @@ -3,9 +3,14 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-xcbc.la +else plugin_LTLIBRARIES = libstrongswan-xcbc.la +endif -libstrongswan_xcbc_la_SOURCES = xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \ +libstrongswan_xcbc_la_SOURCES = \ + xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \ xcbc_prf.h xcbc_prf.c xcbc_signer.h xcbc_signer.c -libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version +libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 3720aeaeb..c49e2b76a 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -72,7 +72,7 @@ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -LTLIBRARIES = $(plugin_LTLIBRARIES) +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_xcbc_la_LIBADD = am_libstrongswan_xcbc_la_OBJECTS = xcbc_plugin.lo xcbc.lo xcbc_prf.lo \ xcbc_signer.lo @@ -80,6 +80,8 @@ libstrongswan_xcbc_la_OBJECTS = $(am_libstrongswan_xcbc_la_OBJECTS) libstrongswan_xcbc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libstrongswan_xcbc_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_xcbc_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_xcbc_la_rpath = DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -218,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -254,8 +257,10 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-xcbc.la -libstrongswan_xcbc_la_SOURCES = xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \ +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-xcbc.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-xcbc.la +libstrongswan_xcbc_la_SOURCES = \ + xcbc_plugin.h xcbc_plugin.c xcbc.h xcbc.c \ xcbc_prf.h xcbc_prf.c xcbc_signer.h xcbc_signer.c libstrongswan_xcbc_la_LDFLAGS = -module -avoid-version @@ -293,6 +298,15 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" @@ -325,7 +339,7 @@ clean-pluginLTLIBRARIES: rm -f "$${dir}/so_locations"; \ done libstrongswan-xcbc.la: $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_DEPENDENCIES) - $(libstrongswan_xcbc_la_LINK) -rpath $(plugindir) $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_LIBADD) $(LIBS) + $(libstrongswan_xcbc_la_LINK) $(am_libstrongswan_xcbc_la_rpath) $(libstrongswan_xcbc_la_OBJECTS) $(libstrongswan_xcbc_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -481,8 +495,8 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -553,18 +567,19 @@ uninstall-am: uninstall-pluginLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-pluginLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-pluginLTLIBRARIES \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 3eb7f0927..9d903bfaa 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -47,7 +47,7 @@ static void destroy(private_xcbc_plugin_t *this) /* * see header file */ -plugin_t *plugin_create() +plugin_t *xcbc_plugin_create() { private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t); diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h index 803d847aa..9824088c6 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.h +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.h @@ -39,9 +39,4 @@ struct xcbc_plugin_t { plugin_t plugin; }; -/** - * Create a xcbc_plugin instance. - */ -plugin_t *plugin_create(); - #endif /** XCBC_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c index 0b516c99e..037f0b918 100644 --- a/src/libstrongswan/printf_hook.c +++ b/src/libstrongswan/printf_hook.c @@ -16,8 +16,8 @@ #include "printf_hook.h" -#include <utils.h> -#include <debug.h> +#include "utils.h" +#include "debug.h" #include <stdio.h> #include <stdarg.h> @@ -333,7 +333,8 @@ static void add_handler(private_printf_hook_t *this, char spec, if (!IS_VALID_SPEC(spec)) { - DBG1("'%c' is not a valid printf hook specifier, not registered!", spec); + DBG1(DBG_LIB, "'%c' is not a valid printf hook specifier, " + "not registered!", spec); return; } @@ -345,7 +346,8 @@ static void add_handler(private_printf_hook_t *this, char spec, { if (++i >= ARGS_MAX) { - DBG1("Too many arguments for printf hook with specifier '%c', not registered!", spec); + DBG1(DBG_LIB, "Too many arguments for printf hook with " + "specifier '%c', not registered!", spec); va_end(args); free(handler); return; @@ -427,7 +429,7 @@ printf_hook_t *printf_hook_create() #ifdef USE_VSTR if (!vstr_init()) { - DBG1("failed to initialize Vstr library!"); + DBG1(DBG_LIB, "failed to initialize Vstr library!"); free(this); return NULL; } diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h index b5964b541..257da3f24 100644 --- a/src/libstrongswan/selectors/traffic_selector.h +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -74,8 +74,8 @@ struct traffic_selector_t { * * @param other traffic selector to compare * @return - * - created subset of them - * - or NULL if no match between this and other + * - created subset of them + * - or NULL if no match between this and other */ traffic_selector_t *(*get_subset) (traffic_selector_t *this, traffic_selector_t *other); @@ -173,7 +173,7 @@ struct traffic_selector_t { * Compare two traffic selectors for equality. * * @param other ts to compare with this - * @return TRUE if equal, FALSE otherwise + * @return TRUE if equal, FALSE otherwise */ bool (*equals) (traffic_selector_t *this, traffic_selector_t *other); @@ -215,15 +215,15 @@ struct traffic_selector_t { /** * Create a new traffic selector using human readable params. * - * @param protocol protocol for this ts, such as TCP or UDP + * @param protocol protocol for this ts, such as TCP or UDP * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE * @param from_addr start of address range as string * @param from_port port number in host order * @param to_addr end of address range as string * @param to_port port number in host order * @return - * - traffic_selector_t object - * - NULL if invalid address strings/protocol + * - traffic_selector_t object + * - NULL if invalid address strings/protocol */ traffic_selector_t *traffic_selector_create_from_string( u_int8_t protocol, ts_type_t type, @@ -237,11 +237,11 @@ traffic_selector_t *traffic_selector_create_from_string( * But the parser gives us this data in this format, so we * don't have to convert twice. * - * @param protocol protocol for this ts, such as TCP or UDP + * @param protocol protocol for this ts, such as TCP or UDP * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE - * @param from_addr start of address range, network order + * @param from_address start of address range, network order * @param from_port port number, host order - * @param to_addr end of address range, network order + * @param to_address end of address range, network order * @param to_port port number, host order * @return traffic_selector_t object */ @@ -273,11 +273,11 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, * * @param net subnet to use * @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation - * @param protocol protocol for this ts, such as TCP or UDP + * @param protocol protocol for this ts, such as TCP or UDP * @param port port number, host order * @return - * - traffic_selector_t object - * - NULL if address family of net not supported + * - traffic_selector_t object + * - NULL if address family of net not supported */ traffic_selector_t *traffic_selector_create_from_subnet( host_t *net, u_int8_t netbits, @@ -295,8 +295,8 @@ traffic_selector_t *traffic_selector_create_from_subnet( * @param from_port start of allowed port range * @param to_port end of range * @return - * - traffic_selector_t object - * - NULL if type not supported + * - traffic_selector_t object + * - NULL if type not supported */ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, u_int16_t from_port, u_int16_t to_port); diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c index 4a822bcbf..610e2b8ea 100644 --- a/src/libstrongswan/settings.c +++ b/src/libstrongswan/settings.c @@ -21,8 +21,8 @@ #include "settings.h" -#include <debug.h> -#include <utils/linked_list.h> +#include "debug.h" +#include "utils/linked_list.h" typedef struct private_settings_t private_settings_t; @@ -293,8 +293,8 @@ static u_int32_t get_time(private_settings_t *this, char *key, u_int32_t def, .. if (value) { errno = 0; - timeval = strtol(value, &endptr, 10); - if (errno == 0 && timeval >= 0) + timeval = strtoul(value, &endptr, 10); + if (errno == 0) { switch (*endptr) { @@ -497,7 +497,7 @@ static section_t* parse_section(char **text, char *name) continue; } } - DBG1("matching '}' not found near %s", *text); + DBG1(DBG_LIB, "matching '}' not found near %s", *text); break; case '=': if (parse(text, "\t ", "\n", NULL, &value)) @@ -508,7 +508,7 @@ static section_t* parse_section(char **text, char *name) section->kv->insert_last(section->kv, kv); continue; } - DBG1("parsing value failed near %s", *text); + DBG1(DBG_LIB, "parsing value failed near %s", *text); break; case '#': parse(text, "", "\n", NULL, &value); @@ -566,7 +566,7 @@ settings_t *settings_create(char *file) fd = fopen(file, "r"); if (fd == NULL) { - DBG1("'%s' does not exist or is not readable", file); + DBG1(DBG_LIB, "'%s' does not exist or is not readable", file); return &this->public; } fseek(fd, 0, SEEK_END); diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h index 9e8d75cc0..f274fb33c 100644 --- a/src/libstrongswan/settings.h +++ b/src/libstrongswan/settings.h @@ -23,8 +23,8 @@ typedef struct settings_t settings_t; -#include <utils.h> -#include <utils/enumerator.h> +#include "utils.h" +#include "utils/enumerator.h" /** * Generic configuration options read from a config file. diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c index a35695624..8597abb44 100644 --- a/src/libstrongswan/threading/mutex.c +++ b/src/libstrongswan/threading/mutex.c @@ -108,7 +108,7 @@ static void lock(private_mutex_t *this) err = pthread_mutex_lock(&this->mutex); if (err) { - DBG1("!!! MUTEX LOCK ERROR: %s !!!", strerror(err)); + DBG1(DBG_LIB, "!!! MUTEX LOCK ERROR: %s !!!", strerror(err)); } profiler_end(&this->profile); } @@ -123,7 +123,7 @@ static void unlock(private_mutex_t *this) err = pthread_mutex_unlock(&this->mutex); if (err) { - DBG1("!!! MUTEX UNLOCK ERROR: %s !!!", strerror(err)); + DBG1(DBG_LIB, "!!! MUTEX UNLOCK ERROR: %s !!!", strerror(err)); } } diff --git a/src/libstrongswan/threading/rwlock.c b/src/libstrongswan/threading/rwlock.c index ee9fb10be..cec43f59c 100644 --- a/src/libstrongswan/threading/rwlock.c +++ b/src/libstrongswan/threading/rwlock.c @@ -98,7 +98,7 @@ static void read_lock(private_rwlock_t *this) err = pthread_rwlock_rdlock(&this->rwlock); if (err != 0) { - DBG1("!!! RWLOCK READ LOCK ERROR: %s !!!", strerror(err)); + DBG1(DBG_LIB, "!!! RWLOCK READ LOCK ERROR: %s !!!", strerror(err)); } profiler_end(&this->profile); } @@ -114,7 +114,7 @@ static void write_lock(private_rwlock_t *this) err = pthread_rwlock_wrlock(&this->rwlock); if (err != 0) { - DBG1("!!! RWLOCK WRITE LOCK ERROR: %s !!!", strerror(err)); + DBG1(DBG_LIB, "!!! RWLOCK WRITE LOCK ERROR: %s !!!", strerror(err)); } profiler_end(&this->profile); } @@ -137,7 +137,7 @@ static void rw_unlock(private_rwlock_t *this) err = pthread_rwlock_unlock(&this->rwlock); if (err != 0) { - DBG1("!!! RWLOCK UNLOCK ERROR: %s !!!", strerror(err)); + DBG1(DBG_LIB, "!!! RWLOCK UNLOCK ERROR: %s !!!", strerror(err)); } } diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index bbfb2c2c6..3751bb749 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -155,7 +155,7 @@ static void cancel(private_thread_t *this) if (pthread_equal(this->thread_id, pthread_self())) { this->mutex->unlock(this->mutex); - DBG1("!!! CANNOT CANCEL CURRENT THREAD !!!"); + DBG1(DBG_LIB, "!!! CANNOT CANCEL CURRENT THREAD !!!"); return; } #ifdef HAVE_PTHREAD_CANCEL @@ -180,7 +180,7 @@ static void _kill(private_thread_t *this, int sig) * returned, so depending on the signal, the lock might not get * unlocked. */ this->mutex->unlock(this->mutex); - DBG1("!!! CANNOT SEND SIGNAL TO CURRENT THREAD !!!"); + DBG1(DBG_LIB, "!!! CANNOT SEND SIGNAL TO CURRENT THREAD !!!"); return; } pthread_kill(this->thread_id, sig); @@ -209,13 +209,13 @@ static void *join(private_thread_t *this) if (pthread_equal(this->thread_id, pthread_self())) { this->mutex->unlock(this->mutex); - DBG1("!!! CANNOT JOIN CURRENT THREAD !!!"); + DBG1(DBG_LIB, "!!! CANNOT JOIN CURRENT THREAD !!!"); return NULL; } if (this->detached_or_joined) { this->mutex->unlock(this->mutex); - DBG1("!!! CANNOT JOIN DETACHED THREAD !!!"); + DBG1(DBG_LIB, "!!! CANNOT JOIN DETACHED THREAD !!!"); return NULL; } thread_id = this->thread_id; @@ -299,7 +299,8 @@ thread_t *thread_create(thread_main_t main, void *arg) this->arg = arg; if (pthread_create(&this->thread_id, NULL, (void*)thread_main, this) != 0) { - DBG1("failed to create thread!"); + DBG1(DBG_LIB, "failed to create thread!"); + this->mutex->lock(this->mutex); thread_destroy(this); return NULL; } @@ -354,7 +355,7 @@ void thread_cleanup_pop(bool execute) (void**)&handler) != SUCCESS) { this->mutex->unlock(this->mutex); - DBG1("!!! THREAD CLEANUP ERROR !!!"); + DBG1(DBG_LIB, "!!! THREAD CLEANUP ERROR !!!"); return; } this->mutex->unlock(this->mutex); @@ -433,6 +434,7 @@ void threads_init() void threads_deinit() { private_thread_t *main_thread = (private_thread_t*)thread_current(); + main_thread->mutex->lock(main_thread->mutex); thread_destroy(main_thread); current_thread->destroy(current_thread); id_mutex->destroy(id_mutex); diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h index 6bf8fac79..31b9e1b3a 100644 --- a/src/libstrongswan/threading/thread.h +++ b/src/libstrongswan/threading/thread.h @@ -24,6 +24,12 @@ typedef struct thread_t thread_t; #ifdef __APPLE__ +/* thread_create is a syscall used to create Mach kernel threads and although + * there are no errors or warnings during compilation or linkage the dynamic + * linker does not use our implementation, therefore we rename it here + */ +#define thread_create(main, arg) strongswan_thread_create(main, arg) + /* on Mac OS X 10.5 several system calls we use are no cancellation points. * fortunately, select isn't one of them, so we wrap some of the others with * calls to select(2). diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c index e331ac0d0..63958593d 100644 --- a/src/libstrongswan/utils.c +++ b/src/libstrongswan/utils.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2009 Tobias Brunner + * Copyright (C) 2008-2010 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -25,8 +25,8 @@ #include <dirent.h> #include <time.h> -#include <enum.h> -#include <debug.h> +#include "enum.h" +#include "debug.h" ENUM(status_names, SUCCESS, DESTROY_ME, "SUCCESS", @@ -119,9 +119,31 @@ void *memstr(const void *haystack, const char *needle, size_t n) /** * Described in header. */ +char* translate(char *str, const char *from, const char *to) +{ + char *pos = str; + if (strlen(from) != strlen(to)) + { + return str; + } + while (pos && *pos) + { + char *match; + if ((match = strchr(from, *pos)) != NULL) + { + *pos = to[match - from]; + } + pos++; + } + return str; +} + +/** + * Described in header. + */ bool mkdir_p(const char *path, mode_t mode) { - size_t len; + int len; char *pos, full[PATH_MAX]; pos = full; if (!path || *path == '\0') @@ -131,7 +153,7 @@ bool mkdir_p(const char *path, mode_t mode) len = snprintf(full, sizeof(full)-1, "%s", path); if (len < 0 || len >= sizeof(full)-1) { - DBG1("path string %s too long", path); + DBG1(DBG_LIB, "path string %s too long", path); return FALSE; } /* ensure that the path ends with a '/' */ @@ -152,7 +174,7 @@ bool mkdir_p(const char *path, mode_t mode) { if (mkdir(full, mode) < 0) { - DBG1("failed to create directory %s", full); + DBG1(DBG_LIB, "failed to create directory %s", full); return FALSE; } } diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index 964cbd1d2..04551835e 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2009 Tobias Brunner + * Copyright (C) 2008-2010 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -29,7 +29,7 @@ #include <arpa/inet.h> #include <string.h> -#include <enum.h> +#include "enum.h" /** * strongSwan program return codes @@ -125,7 +125,7 @@ #define METHOD(iface, name, ret, this, ...) \ static ret name(union {iface *_public; this;} \ __attribute__((transparent_union)), ##__VA_ARGS__); \ - const static typeof(name) *_##name = (const typeof(name)*)name; \ + static const typeof(name) *_##name = (const typeof(name)*)name; \ static ret name(this, ##__VA_ARGS__) /** @@ -134,7 +134,7 @@ #define METHOD2(iface1, iface2, name, ret, this, ...) \ static ret name(union {iface1 *_public1; iface2 *_public2; this;} \ __attribute__((transparent_union)), ##__VA_ARGS__); \ - const static typeof(name) *_##name = (const typeof(name)*)name; \ + static const typeof(name) *_##name = (const typeof(name)*)name; \ static ret name(this, ##__VA_ARGS__) /** @@ -150,7 +150,7 @@ /** * Ignore result of functions tagged with warn_unused_result attributes */ -#define ignore_result(call) { if(call); } +#define ignore_result(call) { if(call){}; } /** * Assign a function as a class method @@ -311,6 +311,14 @@ void memxor(u_int8_t dest[], u_int8_t src[], size_t n); void *memstr(const void *haystack, const char *needle, size_t n); /** + * Translates the characters in the given string, searching for characters + * in 'from' and mapping them to characters in 'to'. + * The two characters sets 'from' and 'to' must contain the same number of + * characters. + */ +char *translate(char *str, const char *from, const char *to); + +/** * Creates a directory and all required parent directories. * * @param path path to the new directory diff --git a/src/libstrongswan/utils/enumerator.c b/src/libstrongswan/utils/enumerator.c index 7efdd883e..fb461b448 100644 --- a/src/libstrongswan/utils/enumerator.c +++ b/src/libstrongswan/utils/enumerator.c @@ -76,7 +76,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative, char **absolute, struct stat *st) { struct dirent *entry = readdir(this->dir); - size_t len, remaining; + size_t remaining; + int len; if (!entry) { @@ -96,7 +97,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative, len = snprintf(this->full_end, remaining, "%s", entry->d_name); if (len < 0 || len >= remaining) { - DBG1("buffer too small to enumerate file '%s'", entry->d_name); + DBG1(DBG_LIB, "buffer too small to enumerate file '%s'", + entry->d_name); return FALSE; } if (absolute) @@ -107,7 +109,8 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative, { if (stat(this->full, st)) { - DBG1("stat() on '%s' failed: %s", this->full, strerror(errno)); + DBG1(DBG_LIB, "stat() on '%s' failed: %s", this->full, + strerror(errno)); return FALSE; } } @@ -120,7 +123,7 @@ static bool enumerate_dir_enum(dir_enum_t *this, char **relative, */ enumerator_t* enumerator_create_directory(char *path) { - size_t len; + int len; dir_enum_t *this = malloc_thing(dir_enum_t); this->public.enumerate = (void*)enumerate_dir_enum; this->public.destroy = (void*)destroy_dir_enum; @@ -132,7 +135,7 @@ enumerator_t* enumerator_create_directory(char *path) len = snprintf(this->full, sizeof(this->full)-1, "%s", path); if (len < 0 || len >= sizeof(this->full)-1) { - DBG1("path string '%s' too long", path); + DBG1(DBG_LIB, "path string '%s' too long", path); free(this); return NULL; } @@ -147,7 +150,7 @@ enumerator_t* enumerator_create_directory(char *path) this->dir = opendir(path); if (this->dir == NULL) { - DBG1("opening directory '%s' failed: %s", path, strerror(errno)); + DBG1(DBG_LIB, "opening directory '%s' failed: %s", path, strerror(errno)); free(this); return NULL; } diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h index 3056498b1..537bf69e1 100644 --- a/src/libstrongswan/utils/enumerator.h +++ b/src/libstrongswan/utils/enumerator.h @@ -23,7 +23,7 @@ typedef struct enumerator_t enumerator_t; -#include <utils.h> +#include "../utils.h" /** * Enumerate is simpler, but more flexible than iterator. diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index a610b3a4d..112d07e5c 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -482,7 +482,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) error = getaddrinfo(string, NULL, &hints, &result); if (error != 0) { - DBG1("resolving '%s' failed: %s", string, gai_strerror(error)); + DBG1(DBG_LIB, "resolving '%s' failed: %s", string, gai_strerror(error)); return NULL; } /* result is a linked list, but we use only the first address */ diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index b0da340bc..6a3c3936c 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -798,7 +798,7 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, return print_in_hook(dst, len, "%*s", spec->width, buf); } -METHOD(identification_t, clone, identification_t*, +METHOD(identification_t, clone_, identification_t*, private_identification_t *this) { private_identification_t *clone = malloc_thing(private_identification_t); @@ -830,7 +830,7 @@ static private_identification_t *identification_create(id_type_t type) .get_encoding = _get_encoding, .get_type = _get_type, .create_part_enumerator = _create_part_enumerator, - .clone = _clone, + .clone = _clone_, .destroy = _destroy, }, .type = type, diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 2c2a36af3..2f8a7187c 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -167,6 +167,7 @@ char *whitelist[] = { "tzset", "inet_ntoa", "strerror", + "getprotobyname", "getprotobynumber", "getservbyport", "getservbyname", diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index bf528caa0..d8f635c62 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -80,14 +80,15 @@ bool from(private_options_t *this, char *filename, int *argcp, char **argvp[], this->nuses++; if (this->nuses >= MAX_USES) { - DBG1("optionsfrom called %d times by \"%s\" - looping?", this->nuses + 1, (*argvp)[0]); + DBG1(DBG_LIB, "optionsfrom called %d times by \"%s\" - looping?", + this->nuses + 1, (*argvp)[0]); return FALSE; } fd = fopen(filename, "r"); if (fd == NULL) { - DBG1("optionsfrom: unable to open file '%s': %s", + DBG1(DBG_LIB, "optionsfrom: unable to open file '%s': %s", filename, strerror(errno)); return FALSE; } @@ -132,7 +133,7 @@ bool from(private_options_t *this, char *filename, int *argcp, char **argvp[], line.len--; if (!extract_token(&token, delimiter, &line)) { - DBG1("optionsfrom: missing terminator at %s:%d", + DBG1(DBG_LIB, "optionsfrom: missing terminator at %s:%d", filename, linepos); good = FALSE; break; diff --git a/src/manager/Makefile.am b/src/manager/Makefile.am index e6c31e9b4..e67335673 100644 --- a/src/manager/Makefile.am +++ b/src/manager/Makefile.am @@ -10,7 +10,8 @@ controller/control_controller.c controller/control_controller.h \ controller/config_controller.c controller/config_controller.h \ controller/gateway_controller.c controller/gateway_controller.h -manager_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la ${xml_LIBS} +manager_fcgi_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la ${xml_LIBS} +main.o : $(top_builddir)/config.status INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast ${xml_CFLAGS} AM_CFLAGS = -rdynamic \ diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 20438acc3..54e2cc11c 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -68,8 +68,9 @@ am_manager_fcgi_OBJECTS = main.$(OBJEXT) manager.$(OBJEXT) \ gateway_controller.$(OBJEXT) manager_fcgi_OBJECTS = $(am_manager_fcgi_OBJECTS) am__DEPENDENCIES_1 = -manager_fcgi_DEPENDENCIES = $(top_builddir)/src/libfast/libfast.la \ - $(am__DEPENDENCIES_1) +manager_fcgi_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libfast/libfast.la $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -235,6 +236,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -278,7 +280,7 @@ controller/control_controller.c controller/control_controller.h \ controller/config_controller.c controller/config_controller.h \ controller/gateway_controller.c controller/gateway_controller.h -manager_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la ${xml_LIBS} +manager_fcgi_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la ${xml_LIBS} INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast ${xml_CFLAGS} AM_CFLAGS = -rdynamic \ -DIPSECDIR=\"${ipsecdir}\" \ @@ -881,6 +883,7 @@ uninstall-am: uninstall-managerPROGRAMS \ uninstall-manager_templates_ikesaDATA \ uninstall-manager_templates_staticDATA +main.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/manager/main.c b/src/manager/main.c index 1f5c45113..5c297cf0c 100644 --- a/src/manager/main.c +++ b/src/manager/main.c @@ -48,7 +48,8 @@ int main (int arc, char *argv[]) database = lib->settings->get_str(lib->settings, "manager.database", NULL); if (!database) { - DBG1("database URI undefined, set manager.database in strongswan.conf"); + DBG1(DBG_LIB, "database URI undefined, set manager.database " + "in strongswan.conf"); return 1; } diff --git a/src/medsrv/Makefile.am b/src/medsrv/Makefile.am index 9f5c9e2f7..bdec08190 100644 --- a/src/medsrv/Makefile.am +++ b/src/medsrv/Makefile.am @@ -7,7 +7,8 @@ main.c filter/auth_filter.c filter/auth_filter.h \ controller/user_controller.c controller/user_controller.h \ controller/peer_controller.c controller/peer_controller.h -medsrv_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la +medsrv_fcgi_LDADD = $(top_srcdir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la +main.o : $(top_builddir)/config.status INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast AM_CFLAGS = -rdynamic \ diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 8f602930d..2f79ca4d4 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -62,7 +62,9 @@ am_medsrv_fcgi_OBJECTS = user.$(OBJEXT) main.$(OBJEXT) \ auth_filter.$(OBJEXT) user_controller.$(OBJEXT) \ peer_controller.$(OBJEXT) medsrv_fcgi_OBJECTS = $(am_medsrv_fcgi_OBJECTS) -medsrv_fcgi_DEPENDENCIES = $(top_builddir)/src/libfast/libfast.la +medsrv_fcgi_DEPENDENCIES = \ + $(top_srcdir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libfast/libfast.la DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -224,6 +226,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -264,7 +267,7 @@ main.c filter/auth_filter.c filter/auth_filter.h \ controller/user_controller.c controller/user_controller.h \ controller/peer_controller.c controller/peer_controller.h -medsrv_fcgi_LDADD = $(top_builddir)/src/libfast/libfast.la +medsrv_fcgi_LDADD = $(top_srcdir)/src/libstrongswan/libstrongswan.la $(top_builddir)/src/libfast/libfast.la INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/libfast AM_CFLAGS = -rdynamic \ -DIPSECDIR=\"${ipsecdir}\" \ @@ -751,6 +754,7 @@ uninstall-am: uninstall-medsrvPROGRAMS uninstall-medsrv_templatesDATA \ uninstall-medsrv_templates_staticDATA \ uninstall-medsrv_templates_userDATA +main.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/openac/Makefile.am b/src/openac/Makefile.am index ca6238258..a278cdd17 100644 --- a/src/openac/Makefile.am +++ b/src/openac/Makefile.am @@ -7,4 +7,4 @@ AM_CFLAGS = \ -DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${libstrongswan_plugins}\"" openac_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la - +openac.o : $(top_builddir)/config.status diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in index 08f621395..9f0f96561 100644 --- a/src/openac/Makefile.in +++ b/src/openac/Makefile.in @@ -220,6 +220,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -633,6 +634,7 @@ uninstall-man: uninstall-man8 tags uninstall uninstall-am uninstall-ipsecPROGRAMS \ uninstall-man uninstall-man8 +openac.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/openac/openac.c b/src/openac/openac.c index 2b9270ff9..a280192c2 100755 --- a/src/openac/openac.c +++ b/src/openac/openac.c @@ -105,7 +105,8 @@ static chunk_t read_serial(void) } else { - DBG1(" file '%s' does not exist yet - serial number set to 01", OPENAC_SERIAL); + DBG1(DBG_LIB, " file '%s' does not exist yet - serial number " + "set to 01", OPENAC_SERIAL); } if (!serial.len) { @@ -129,7 +130,7 @@ static void write_serial(chunk_t serial) { chunk_t hex_serial; - DBG1(" serial number is %#B", &serial); + DBG1(DBG_LIB, " serial number is %#B", &serial); hex_serial = chunk_to_hex(serial, NULL, FALSE); fprintf(fd, "%.*s\n", hex_serial.len, hex_serial.ptr); fclose(fd); @@ -137,7 +138,7 @@ static void write_serial(chunk_t serial) } else { - DBG1(" could not open file '%s' for writing", OPENAC_SERIAL); + DBG1(DBG_LIB, " could not open file '%s' for writing", OPENAC_SERIAL); } } @@ -151,7 +152,7 @@ static bool stderr_quiet = FALSE; /** * openac dbg function */ -static void openac_dbg(int level, char *fmt, ...) +static void openac_dbg(debug_t group, level_t level, char *fmt, ...) { int priority = LOG_INFO; char buffer[8192]; @@ -431,7 +432,7 @@ int main(int argc, char **argv) goto end; } - DBG1("starting openac (strongSwan Version %s)", VERSION); + DBG1(DBG_LIB, "starting openac (strongSwan Version %s)", VERSION); /* load the signer's RSA private key */ if (keyfile != NULL) @@ -444,7 +445,7 @@ int main(int argc, char **argv) { goto end; } - DBG1(" loaded private key file '%s'", keyfile); + DBG1(DBG_LIB, " loaded private key file '%s'", keyfile); } /* load the signer's X.509 certificate */ diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am index a471b6477..8eac07afc 100644 --- a/src/pki/Makefile.am +++ b/src/pki/Makefile.am @@ -7,9 +7,11 @@ pki_SOURCES = pki.c pki.h command.c command.h \ commands/pub.c \ commands/req.c \ commands/self.c \ - commands/verify.c + commands/verify.c pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +pki.o : $(top_builddir)/config.status + INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ -DPLUGINS=\""${libstrongswan_plugins}\"" diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 1261d7fa8..522b9e887 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -196,6 +196,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -237,7 +238,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \ commands/pub.c \ commands/req.c \ commands/self.c \ - commands/verify.c + commands/verify.c pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la INCLUDES = -I$(top_srcdir)/src/libstrongswan @@ -667,6 +668,7 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-ipsecPROGRAMS +pki.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index 16d8d48d4..b2769da54 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -47,7 +47,7 @@ static int gen() return command_usage("invalid key type"); } continue; - case 'o': + case 'f': if (!get_form(arg, &form, FALSE)) { return command_usage("invalid key output format"); diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 07ab9066a..fcd758f87 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -161,7 +161,7 @@ static int issue() } } - DBG2("Reading ca certificate:"); + DBG2(DBG_LIB, "Reading ca certificate:"); ca = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, cacert, BUILD_END); if (!ca) @@ -182,7 +182,7 @@ static int issue() goto end; } - DBG2("Reading ca private key:"); + DBG2(DBG_LIB, "Reading ca private key:"); private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, public->get_type(public), BUILD_FROM_FILE, cakey, BUILD_END); @@ -212,6 +212,11 @@ static int issue() goto end; } rng->allocate_bytes(rng, 8, &serial); + while (*serial.ptr == 0x00) + { + /* we don't accept a serial number with leading zeroes */ + rng->get_bytes(rng, 1, serial.ptr); + } rng->destroy(rng); } @@ -221,7 +226,7 @@ static int issue() identification_t *subjectAltName; pkcs10_t *req; - DBG2("Reading certificate request"); + DBG2(DBG_LIB, "Reading certificate request"); if (file) { cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, @@ -261,7 +266,7 @@ static int issue() } else { - DBG2("Reading public key:"); + DBG2(DBG_LIB, "Reading public key:"); if (file) { public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 30ae23be5..d283daa6a 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -158,6 +158,11 @@ static int self() goto end; } rng->allocate_bytes(rng, 8, &serial); + while (*serial.ptr == 0x00) + { + /* we don't accept a serial number with leading zeroes */ + rng->get_bytes(rng, 1, serial.ptr); + } rng->destroy(rng); } not_before = time(NULL); diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am index b83e4be33..a264e642e 100644 --- a/src/pluto/Makefile.am +++ b/src/pluto/Makefile.am @@ -46,6 +46,7 @@ state.c state.h \ timer.c timer.h \ vendor.c vendor.h \ virtual.c virtual.h \ +whack_attribute.c whack_attribute.h \ xauth.c xauth.h \ x509.c x509.h \ builder.c builder.h \ @@ -53,13 +54,17 @@ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h _pluto_adns_SOURCES = adns.c adns.h +plutomain.o : $(top_builddir)/config.status + LIBSTRONGSWANDIR=$(top_builddir)/src/libstrongswan LIBFREESWANDIR=$(top_builddir)/src/libfreeswan +LIBHYDRADIR=$(top_builddir)/src/libhydra INCLUDES = \ -I${linux_headers} \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libfreeswan \ +-I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/whack AM_CFLAGS = \ @@ -75,6 +80,7 @@ AM_CFLAGS = \ pluto_LDADD = \ $(LIBSTRONGSWANDIR)/libstrongswan.la \ $(LIBFREESWANDIR)/libfreeswan.a \ +$(LIBHYDRADIR)/libhydra.la \ -lresolv $(PTHREADLIB) $(DLLIB) _pluto_adns_LDADD = \ diff --git a/src/pluto/Makefile.in b/src/pluto/Makefile.in index c93756c44..47be9acf7 100644 --- a/src/pluto/Makefile.in +++ b/src/pluto/Makefile.in @@ -94,12 +94,13 @@ am_pluto_OBJECTS = ac.$(OBJEXT) alg_info.$(OBJEXT) ca.$(OBJEXT) \ pkcs7.$(OBJEXT) plutomain.$(OBJEXT) rcv_whack.$(OBJEXT) \ server.$(OBJEXT) smartcard.$(OBJEXT) spdb.$(OBJEXT) \ state.$(OBJEXT) timer.$(OBJEXT) vendor.$(OBJEXT) \ - virtual.$(OBJEXT) xauth.$(OBJEXT) x509.$(OBJEXT) \ - builder.$(OBJEXT) + virtual.$(OBJEXT) whack_attribute.$(OBJEXT) xauth.$(OBJEXT) \ + x509.$(OBJEXT) builder.$(OBJEXT) pluto_OBJECTS = $(am_pluto_OBJECTS) pluto_DEPENDENCIES = $(LIBSTRONGSWANDIR)/libstrongswan.la \ - $(LIBFREESWANDIR)/libfreeswan.a $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(LIBFREESWANDIR)/libfreeswan.a $(LIBHYDRADIR)/libhydra.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -263,6 +264,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -339,6 +341,7 @@ state.c state.h \ timer.c timer.h \ vendor.c vendor.h \ virtual.c virtual.h \ +whack_attribute.c whack_attribute.h \ xauth.c xauth.h \ x509.c x509.h \ builder.c builder.h \ @@ -347,10 +350,12 @@ rsaref/pkcs11t.h rsaref/pkcs11.h rsaref/unix.h rsaref/pkcs11f.h _pluto_adns_SOURCES = adns.c adns.h LIBSTRONGSWANDIR = $(top_builddir)/src/libstrongswan LIBFREESWANDIR = $(top_builddir)/src/libfreeswan +LIBHYDRADIR = $(top_builddir)/src/libhydra INCLUDES = \ -I${linux_headers} \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libfreeswan \ +-I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/whack AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ @@ -362,8 +367,8 @@ AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_4) $(am__append_5) $(am__append_7) pluto_LDADD = $(LIBSTRONGSWANDIR)/libstrongswan.la \ - $(LIBFREESWANDIR)/libfreeswan.a -lresolv $(PTHREADLIB) \ - $(DLLIB) $(am__append_6) + $(LIBFREESWANDIR)/libfreeswan.a $(LIBHYDRADIR)/libhydra.la \ + -lresolv $(PTHREADLIB) $(DLLIB) $(am__append_6) _pluto_adns_LDADD = \ $(LIBFREESWANDIR)/libfreeswan.a \ -lresolv $(DLLIB) @@ -501,6 +506,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timer.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vendor.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/virtual.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/whack_attribute.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth.Po@am__quote@ @@ -826,6 +832,8 @@ uninstall-man: uninstall-man5 uninstall-man8 uninstall-man8 +plutomain.o : $(top_builddir)/config.status + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/pluto/ac.c b/src/pluto/ac.c index d8b16112f..3ee05d213 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -88,16 +88,17 @@ bool ac_verify_cert(certificate_t *cert, bool strict) cert_t *aacert; time_t notBefore, valid_until; - DBG1("holder: '%Y'", subject); - DBG1("issuer: '%Y'", issuer); + DBG1(DBG_LIB, "holder: '%Y'", subject); + DBG1(DBG_LIB, "issuer: '%Y'", issuer); if (!cert->get_validity(cert, NULL, NULL, &valid_until)) { - DBG1("attribute certificate is invalid (valid from %T to %T)", + DBG1(DBG_LIB, "attribute certificate is invalid (valid from %T to %T)", ¬Before, FALSE, &valid_until, FALSE); return FALSE; } - DBG1("attribute certificate is valid until %T", &valid_until, FALSE); + DBG1(DBG_LIB, "attribute certificate is valid until %T", &valid_until, + FALSE); lock_authcert_list("verify_x509acert"); aacert = get_authcert(issuer, authKeyID, X509_AA); @@ -105,17 +106,17 @@ bool ac_verify_cert(certificate_t *cert, bool strict) if (aacert == NULL) { - DBG1("issuer aacert not found"); + DBG1(DBG_LIB, "issuer aacert not found"); return FALSE; } - DBG2("issuer aacert found"); + DBG2(DBG_LIB, "issuer aacert found"); if (!cert->issued_by(cert, aacert->cert)) { - DBG1("attribute certificate signature is invalid"); + DBG1(DBG_LIB, "attribute certificate signature is invalid"); return FALSE; } - DBG1("attribute certificate signature is valid"); + DBG1(DBG_LIB, "attribute certificate signature is valid"); return verify_x509cert(aacert, strict, &valid_until); } @@ -175,8 +176,8 @@ bool match_group_membership(ietf_attributes_t *peer_attributes, char *conn, } match = conn_attributes->matches(conn_attributes, peer_attributes); - DBG1("%s: peer with attributes '%s' is %sa member of the groups '%s'", - conn, peer_attributes->get_string(peer_attributes), + DBG1(DBG_LIB, "%s: peer with attributes '%s' is %sa member of the " + "groups '%s'", conn, peer_attributes->get_string(peer_attributes), match ? "" : "not ", conn_attributes->get_string(conn_attributes)); return match; @@ -191,7 +192,7 @@ void ac_load_certs(void) struct stat st; char *file; - DBG1("loading attribute certificates from '%s'", A_CERT_PATH); + DBG1(DBG_LIB, "loading attribute certificates from '%s'", A_CERT_PATH); enumerator = enumerator_create_directory(A_CERT_PATH); if (!enumerator) @@ -212,7 +213,7 @@ void ac_load_certs(void) BUILD_FROM_FILE, file, BUILD_END); if (cert) { - DBG1(" loaded attribute certificate from '%s'", file); + DBG1(DBG_LIB, " loaded attribute certificate from '%s'", file); ac_add_cert(cert); } } @@ -266,7 +267,7 @@ void ac_list_certs(bool utc) whack_log(RC_COMMENT, " hserial: %#B", &holderSerial); } - groups = ac->get_groups(ac); + groups = ac->get_groups(ac); if (groups) { whack_log(RC_COMMENT, " groups: %s", groups->get_string(groups)); diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c index edecf14c6..32fd46ef4 100644 --- a/src/pluto/alg_info.c +++ b/src/pluto/alg_info.c @@ -139,6 +139,7 @@ static bool is_authenticated_encryption(int ealg_id) case ESP_AES_GCM_8: case ESP_AES_GCM_12: case ESP_AES_GCM_16: + case ESP_AES_GMAC: return TRUE; } return FALSE; @@ -474,7 +475,7 @@ struct alg_info_ike *alg_info_ike_create_from_str(char *alg_str) if (alg_info_parse_str((struct alg_info *)alg_info_ike, alg_str) == SUCCESS) { - alg_info_ike->ref_cnt = 1; + alg_info_ike->ref_cnt = 1; return alg_info_ike; } else diff --git a/src/pluto/ca.c b/src/pluto/ca.c index e25e7f6f5..2654774fa 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -293,12 +293,12 @@ void load_authcerts(char *type, char *path, x509_flag_t auth_flags) struct stat st; char *file; - DBG1("loading %s certificates from '%s'", type, path); + DBG1(DBG_LIB, "loading %s certificates from '%s'", type, path); enumerator = enumerator_create_directory(path); if (!enumerator) { - DBG1(" reading directory '%s' failed"); + DBG1(DBG_LIB, " reading directory '%s' failed", path); return; } diff --git a/src/pluto/connections.c b/src/pluto/connections.c index fece34eec..dd193042a 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -30,6 +30,7 @@ #include <freeswan.h> #include "kameipsec.h" +#include <hydra.h> #include <credentials/certificates/ac.h> #include <credentials/keys/private_key.h> @@ -61,6 +62,7 @@ #include "kernel_alg.h" #include "nat_traversal.h" #include "virtual.h" +#include "whack_attribute.h" static void flush_pending_by_connection(connection_t *c); /* forward */ @@ -104,7 +106,7 @@ bool his_id_was_instantiated(const connection_t *c) { identification_t *host; bool equal; - + host = identification_create_from_sockaddr((sockaddr_t*)&c->spd.that.host_addr); equal = host->equals(host, c->spd.that.id); host->destroy(host); @@ -113,7 +115,7 @@ bool his_id_was_instantiated(const connection_t *c) else { return TRUE; - } + } } /** @@ -369,11 +371,16 @@ void delete_connection(connection_t *c, bool relations) host_t *vip; vip = host_create_from_sockaddr((sockaddr_t*)&c->spd.that.host_srcip); - lib->attributes->release_address(lib->attributes, c->spd.that.pool, - vip, c->spd.that.id); + hydra->attributes->release_address(hydra->attributes, c->spd.that.pool, + vip, c->spd.that.id); vip->destroy(vip); } + if (c->kind != CK_GOING_AWAY) + { + whack_attr->del_pool(whack_attr, c->name); + } + /* free internal data */ #ifdef DEBUG cur_debugging = old_cur_debugging; @@ -683,7 +690,7 @@ size_t format_end(char *buf, size_t buf_len, const struct end *this, } /* id */ - snprintf(host_id, sizeof(host_id), "[%Y]", this->id); + snprintf(host_id, sizeof(host_id), "[%Y]", this->id); /* [---hop] */ hop[0] = '\0'; @@ -769,7 +776,7 @@ static void load_end_certificate(char *filename, struct end *dst) cert_t *cert = NULL; certificate_t *certificate; bool cached_cert = FALSE; - + /* initialize end certificate */ dst->cert = NULL; @@ -853,10 +860,11 @@ static void load_end_certificate(char *filename, struct end *dst) } static bool extract_end(struct end *dst, const whack_end_t *src, - const char *which) + const char *name, bool is_left) { bool same_ca = FALSE; + dst->is_left = is_left; dst->id = identification_create_from_string(src->id); dst->ca = NULL; @@ -1117,15 +1125,14 @@ void add_connection(const whack_message_t *wm) c->tunnel_addr_family = wm->tunnel_addr_family; c->requested_ca = NULL; + same_leftca = extract_end(&c->spd.this, &wm->left, wm->name, TRUE); + same_rightca = extract_end(&c->spd.that, &wm->right, wm->name, FALSE); - same_leftca = extract_end(&c->spd.this, &wm->left, "left"); - same_rightca = extract_end(&c->spd.that, &wm->right, "right"); - - if (same_rightca) + if (same_rightca && c->spd.this.ca) { c->spd.that.ca = c->spd.this.ca->clone(c->spd.this.ca); } - else if (same_leftca) + else if (same_leftca && c->spd.that.ca) { c->spd.this.ca = c->spd.that.ca->clone(c->spd.that.ca); } @@ -1196,6 +1203,17 @@ void add_connection(const whack_message_t *wm) (void)orient(c); + /* if rightsourceip defines a subnet then create an in-memory pool */ + if (whack_attr->add_pool(whack_attr, c->name, + c->spd.this.is_left ? &wm->right : &wm->left)) + { + c->spd.that.pool = clone_str(c->name); + c->spd.that.modecfg = TRUE; + c->spd.that.has_client = FALSE; + /* reset the host_srcip so that it gets assigned in modecfg */ + anyaddr(AF_INET, &c->spd.that.host_srcip); + } + if (c->ikev1) { connect_to_host_pair(c); @@ -1794,7 +1812,7 @@ connection_t *build_outgoing_opportunistic_connection(struct gw_info *gw, else { chunk_t encoding = gw->gw_id->get_encoding(gw->gw_id); - id_type_t type = gw->gw_id->get_type(gw->gw_id); + id_type_t type = gw->gw_id->get_type(gw->gw_id); ip_address ip_addr; initaddr(encoding.ptr, encoding.len, @@ -2758,7 +2776,7 @@ static void initiate_opportunistic_body(struct find_oppo_bundle *b, addrtot(&b->peer_client, 0, pcb, sizeof(pcb)); loglog(RC_OPPOFAILURE, "no suitable connection for opportunism " - "between %s and %s with %Y as peer", + "between %s and %s with %Y as peer", ocb, pcb, ac->gateways_from_dns->gw_id); #ifdef KLIPS @@ -3379,7 +3397,7 @@ connection_t *refine_host_connection(const struct state *st, id_match_t match_level = peer_id->matches(peer_id, d->spd.that.id); bool matching_id = match_level > ID_MATCH_NONE; - + bool matching_auth = (d->policy & auth_policy) != LEMPTY; bool matching_trust = trusted_ca(peer_ca @@ -3580,7 +3598,7 @@ static connection_t *fc_try(const connection_t *c, struct host_pair *hp, policy_prio_t best_prio = BOTTOM_PRIO; id_match_t match_level; int pathlen; - + const bool peer_net_is_host = subnetisaddr(peer_net, &c->spd.that.host_addr); @@ -3675,7 +3693,8 @@ static connection_t *fc_try(const connection_t *c, struct host_pair *hp, } else { - if (!peer_net_is_host) + if (!peer_net_is_host && !(sr->that.modecfg && c->spd.that.modecfg && + subnetisaddr(peer_net, &c->spd.that.host_srcip))) { continue; } @@ -3843,7 +3862,7 @@ void get_peer_ca_and_groups(connection_t *c, if (cert && ac_verify_cert(cert, strict_crl_policy)) { ac_t *ac = (ac_t*)cert; - + *peer_attributes = ac->get_groups(ac); } else diff --git a/src/pluto/connections.h b/src/pluto/connections.h index ee2e00da6..66aea1541 100644 --- a/src/pluto/connections.h +++ b/src/pluto/connections.h @@ -137,6 +137,7 @@ struct end { host_srcip; ip_subnet client; + bool is_left; bool key_from_DNS_on_demand; bool has_client; bool has_client_wildcard; diff --git a/src/pluto/constants.c b/src/pluto/constants.c index 6f991fd69..63a37009b 100644 --- a/src/pluto/constants.c +++ b/src/pluto/constants.c @@ -392,7 +392,8 @@ static const char *const esp_transform_name[] = { "AES_GCM_12", "AES_GCM_16", "SEED_CBC", - "CAMELLIA_CBC" + "CAMELLIA_CBC", + "AES_GMAC" }; static const char *const esp_transform_name_high[] = { @@ -404,7 +405,7 @@ enum_names esp_transform_names_high = { ESP_SERPENT, ESP_TWOFISH, esp_transform_name_high, NULL }; enum_names esp_transform_names = - { ESP_DES_IV64, ESP_CAMELLIA, esp_transform_name, &esp_transform_names_high }; + { ESP_DES_IV64, ESP_AES_GMAC, esp_transform_name, &esp_transform_names_high }; /* IPCOMP transform values */ @@ -919,12 +920,15 @@ static const char *const oakley_group_name_rfc4753[] = { }; static const char *const oakley_group_name_rfc5114[] = { + "MODP_1024_160", + "MODP_2048_224", + "MODP_2048_256", "ECP_192", "ECP_224" }; enum_names oakley_group_names_rfc5114 = - { ECP_192_BIT, ECP_224_BIT, + { MODP_1024_160, ECP_224_BIT, oakley_group_name_rfc5114, NULL }; enum_names oakley_group_names_rfc4753 = diff --git a/src/pluto/constants.h b/src/pluto/constants.h index 8c574ebc5..e9567c07a 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -125,10 +125,10 @@ extern const char sparse_end[]; #define MAX_DIGEST_LEN HASH_SIZE_SHA512 /* RFC 2404 "HMAC-SHA-1-96" section 3 */ -#define HMAC_SHA1_KEY_LEN HASH_SIZE_SHA1 +#define HMAC_SHA1_KEY_LEN HASH_SIZE_SHA1 /* RFC 2403 "HMAC-MD5-96" section 3 */ -#define HMAC_MD5_KEY_LEN HASH_SIZE_MD5 +#define HMAC_MD5_KEY_LEN HASH_SIZE_MD5 #define IKE_UDP_PORT 500 @@ -150,7 +150,7 @@ enum ipsec_authentication_algo { AH_AES_128_GMAC = 11, AH_AES_192_GMAC = 12, AH_AES_256_GMAC = 13, - AH_SHA2_256_96 = 252 + AH_SHA2_256_96 = 252 }; extern enum_names ah_transform_names; @@ -184,6 +184,7 @@ enum ipsec_cipher_algo { ESP_AES_GCM_16 = 20, ESP_SEED_CBC = 21, ESP_CAMELLIA = 22, + ESP_AES_GMAC = 23, ESP_SERPENT = 252, ESP_TWOFISH = 253 }; diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index 2113cecbc..a62e7632d 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -237,6 +237,27 @@ static struct dh_desc dh_desc_ecp_521 = { ke_size: 2*528 / BITS_PER_BYTE }; +static struct dh_desc dh_desc_modp_1024_160 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_1024_160, + algo_next: NULL, + ke_size: 1024 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_2048_224 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_2048_224, + algo_next: NULL, + ke_size: 2048 / BITS_PER_BYTE +}; + +static struct dh_desc dh_desc_modp_2048_256 = { + algo_type: IKE_ALG_DH_GROUP, + algo_id: MODP_2048_256, + algo_next: NULL, + ke_size: 2048 / BITS_PER_BYTE +}; + static struct dh_desc dh_desc_ecp_192 = { algo_type: IKE_ALG_DH_GROUP, algo_id: ECP_192_BIT, @@ -370,6 +391,15 @@ bool init_crypto(void) case ECP_521_BIT: desc = &dh_desc_ecp_521; break; + case MODP_1024_160: + desc = &dh_desc_modp_1024_160; + break; + case MODP_2048_224: + desc = &dh_desc_modp_2048_224; + break; + case MODP_2048_256: + desc = &dh_desc_modp_2048_256; + break; case ECP_192_BIT: desc = &dh_desc_ecp_192; break; @@ -580,9 +610,11 @@ int esp_from_encryption_algorithm(encryption_algorithm_t alg) return ESP_AES_GCM_16; case ENCR_CAMELLIA_CBC: return ESP_CAMELLIA; + case ENCR_NULL_AUTH_AES_GMAC: + return ESP_AES_GMAC; case ENCR_SERPENT_CBC: return ESP_SERPENT; - case ENCR_TWOFISH_CBC: + case ENCR_TWOFISH_CBC: return ESP_TWOFISH; default: return 0; diff --git a/src/pluto/demux.h b/src/pluto/demux.h index 4faf6e532..2161bbd02 100644 --- a/src/pluto/demux.h +++ b/src/pluto/demux.h @@ -61,6 +61,7 @@ struct msg_digest { notification_t note; /* reason for failure */ bool dpd; /* peer supports RFC 3706 DPD */ bool openpgp; /* peer supports OpenPGP certificates */ + bool ms_nt5; /* peer is a windows 2000+ host */ # define PAYLIMIT 40 struct payload_digest diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index 6172165bd..1d2d13371 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -266,10 +266,10 @@ x509crl_t* fetch_crl(char *url) x509crl_t *crl; chunk_t blob; - DBG1(" fetching crl from '%s' ...", url); + DBG1(DBG_LIB, " fetching crl from '%s' ...", url); if (lib->fetcher->fetch(lib->fetcher, url, &blob, FETCH_END) != SUCCESS) { - DBG1("crl fetching failed"); + DBG1(DBG_LIB, "crl fetching failed"); return FALSE; } crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, @@ -277,7 +277,8 @@ x509crl_t* fetch_crl(char *url) free(blob.ptr); if (!crl) { - DBG1("crl fetched successfully but data coded in unknown format"); + DBG1(DBG_LIB, "crl fetched successfully but data coded in unknown " + "format"); } return crl; } @@ -395,7 +396,7 @@ static void fetch_ocsp_status(ocsp_location_t* location) chunk_t request = build_ocsp_request(location); chunk_t response = chunk_empty; - DBG1(" requesting ocsp status from '%s' ...", location->uri); + DBG1(DBG_LIB, " requesting ocsp status from '%s' ...", location->uri); if (lib->fetcher->fetch(lib->fetcher, location->uri, &response, FETCH_REQUEST_DATA, request, FETCH_REQUEST_TYPE, "application/ocsp-request", @@ -405,7 +406,7 @@ static void fetch_ocsp_status(ocsp_location_t* location) } else { - DBG1("ocsp request to %s failed", location->uri); + DBG1(DBG_LIB, "ocsp request to %s failed", location->uri); } free(request.ptr); diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 1f8917d79..34c42e294 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -702,6 +702,8 @@ void accept_delete(struct state *st, struct msg_digest *md, struct payload_digest *p) { struct isakmp_delete *d = &(p->payload.delete); + identification_t *this_id, *that_id; + ip_address peer_addr; size_t sizespi; int i; @@ -759,6 +761,15 @@ void accept_delete(struct state *st, struct msg_digest *md, return; } + if (d->isad_protoid == PROTO_ISAKMP) + { + struct end *this = &st->st_connection->spd.this; + struct end *that = &st->st_connection->spd.that; + this_id = this->id->clone(this->id); + that_id = that->id->clone(that->id); + peer_addr = st->st_connection->spd.that.host_addr; + } + for (i = 0; i < d->isad_nospi; i++) { u_char *spi = p->pbs.cur + (i * sizespi); @@ -770,7 +781,7 @@ void accept_delete(struct state *st, struct msg_digest *md, */ struct state *dst = find_state(spi /*iCookie*/ , spi+COOKIE_SIZE /*rCookie*/ - , &st->st_connection->spd.that.host_addr + , &peer_addr , MAINMODE_MSGID); if (dst == NULL) @@ -778,7 +789,8 @@ void accept_delete(struct state *st, struct msg_digest *md, loglog(RC_LOG_SERIOUS, "ignoring Delete SA payload: " "ISAKMP SA not found (maybe expired)"); } - else if (!same_peer_ids(st->st_connection, dst->st_connection, NULL)) + else if (! this_id->equals(this_id, dst->st_connection->spd.this.id) || + ! that_id->equals(that_id, dst->st_connection->spd.that.id)) { /* we've not authenticated the relevant identities */ loglog(RC_LOG_SERIOUS, "ignoring Delete SA payload: " @@ -876,6 +888,12 @@ void accept_delete(struct state *st, struct msg_digest *md, } } } + + if (d->isad_protoid == PROTO_ISAKMP) + { + this_id->destroy(this_id); + that_id->destroy(that_id); + } } /* The whole message must be a multiple of 4 octets. @@ -2753,6 +2771,7 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid, case ESP_AES_GCM_12: case ESP_AES_GCM_16: case ESP_AES_CTR: + case ESP_AES_GMAC: needed_len += 4; break; default: @@ -3620,7 +3639,7 @@ stf_status main_inR2_outI3(struct msg_digest *md) if (send_cert) { bool success; - chunk_t cert_encoding; + chunk_t cert_encoding; pb_stream cert_pbs; struct isakmp_cert cert_hd; @@ -3634,7 +3653,7 @@ stf_status main_inR2_outI3(struct msg_digest *md) cert_encoding = mycert->cert->get_encoding(mycert->cert); success = out_chunk(cert_encoding, &cert_pbs, "CERT"); free(cert_encoding.ptr); - if (!success) + if (!success) { return STF_INTERNAL_ERROR; } @@ -4076,7 +4095,7 @@ main_inI3_outR3_tail(struct msg_digest *md success = out_chunk(cert_encoding, &cert_pbs, "CERT"); free(cert_encoding.ptr); if (!success) - { + { return STF_INTERNAL_ERROR; } close_output_pbs(&cert_pbs); @@ -4871,6 +4890,21 @@ static stf_status quick_inI1_outR1_tail(struct verify_oppo_bundle *b, */ p = rw_instantiate(p, &c->spd.that.host_addr, md->sender_port , his_net, c->spd.that.id); + + /* inherit any virtual IP assigned by a Mode Config exchange */ + if (p->spd.that.modecfg && c->spd.that.modecfg && + subnetisaddr(his_net, &c->spd.that.host_srcip)) + { + char srcip[ADDRTOT_BUF]; + + DBG(DBG_CONTROL, + addrtot(&c->spd.that.host_srcip, 0, srcip, sizeof(srcip)); + DBG_log("inheriting virtual IP source address %s from ModeCfg", srcip) + ) + p->spd.that.host_srcip = c->spd.that.host_srcip; + p->spd.that.client = c->spd.that.client; + p->spd.that.has_client = TRUE; + } } } #ifdef DEBUG diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index fe4655d3f..ee22fb55e 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -1993,6 +1993,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) case ESP_AES_GCM_12: case ESP_AES_GCM_16: case ESP_AES_CTR: + case ESP_AES_GMAC: key_len += 4; break; default: diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c index bf67315e6..7c2855edc 100644 --- a/src/pluto/kernel_alg.c +++ b/src/pluto/kernel_alg.c @@ -395,6 +395,10 @@ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen) kernel_alg_add(satype, supp_exttype, &alg); } } + + /* also register AES_GMAC */ + alg.sadb_alg_id = SADB_X_EALG_NULL_AES_GMAC; + kernel_alg_add(satype, supp_exttype, &alg); } /* if SHA2_256 is registered then also register SHA2_256_96 */ if (satype == SADB_SATYPE_ESP && diff --git a/src/pluto/kernel_netlink.c b/src/pluto/kernel_netlink.c index 289714b50..75d0c98d3 100644 --- a/src/pluto/kernel_netlink.c +++ b/src/pluto/kernel_netlink.c @@ -112,6 +112,7 @@ static sparse_names ealg_list = { { SADB_X_EALG_AES_GCM_ICV8, "rfc4106(gcm(aes))" }, { SADB_X_EALG_AES_GCM_ICV12, "rfc4106(gcm(aes))" }, { SADB_X_EALG_AES_GCM_ICV16, "rfc4106(gcm(aes))" }, + { SADB_X_EALG_NULL_AES_GMAC, "rfc4543(gcm(aes))" }, { SADB_X_EALG_CAMELLIACBC, "cbc(camellia)" }, { SADB_X_EALG_SERPENTCBC, "serpent" }, { SADB_X_EALG_TWOFISHCBC, "twofish" }, @@ -687,6 +688,7 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) break; case SADB_X_EALG_AES_CCM_ICV16: case SADB_X_EALG_AES_GCM_ICV16: + case SADB_X_EALG_NULL_AES_GMAC: icv_size += 32; /* FALL */ case SADB_X_EALG_AES_CCM_ICV12: diff --git a/src/pluto/lex.c b/src/pluto/lex.c index f48d24a54..d5ebdaba9 100644 --- a/src/pluto/lex.c +++ b/src/pluto/lex.c @@ -205,7 +205,7 @@ flushline(const char *m) { if (m != NULL) loglog(RC_LOG_SERIOUS, "\"%s\" line %d: %s", flp->filename, flp->lino, m); - do ; while (shift()); + do {} while (shift()); return FALSE; } } diff --git a/src/pluto/log.c b/src/pluto/log.c index 2f3536ff3..444ac2220 100644 --- a/src/pluto/log.c +++ b/src/pluto/log.c @@ -40,7 +40,8 @@ #include "connections.h" #include "myid.h" #include "kernel.h" -#include "whack.h" /* needs connections.h */ +#include "whack.h" +#include "whack_attribute.h" #include "timer.h" /* close one per-peer log */ @@ -85,7 +86,7 @@ u_int16_t cur_from_port; /* host order */ /** * pluto dbg function for libstrongswan */ -static void pluto_dbg(int level, char *fmt, ...) +static void pluto_dbg(debug_t group, level_t level, char *fmt, ...) { int priority = LOG_INFO; int debug_level; @@ -856,6 +857,7 @@ void show_status(bool all, const char *name) show_myid_status(); show_loaded_plugins(); show_debug_status(); + show_pools(name); whack_log(RC_COMMENT, BLANK_FORMAT); /* spacer */ } show_connections_status(all, name); diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index 03ec7f41f..0c4f2bd6b 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -26,6 +26,7 @@ #include <freeswan.h> #include <library.h> +#include <hydra.h> #include <attributes/attributes.h> #include <crypto/prfs/prf.h> @@ -119,7 +120,7 @@ static void init_internal_addr(internal_addr_t *ia) static void get_internal_addr(connection_t *c, host_t *requested_vip, internal_addr_t *ia) { - int i, dns_idx = 0, nbns_idx = 0; + int dns_idx = 0, nbns_idx = 0; enumerator_t *enumerator; configuration_attribute_type_t type; chunk_t value; @@ -129,13 +130,13 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip, { if (c->spd.that.pool) { - vip = lib->attributes->acquire_address(lib->attributes, + vip = hydra->attributes->acquire_address(hydra->attributes, c->spd.that.pool, c->spd.that.id, requested_vip); if (vip) { chunk_t addr = vip->get_address(vip); - + plog("assigning virtual IP %H to peer", vip); initaddr(addr.ptr, addr.len, vip->get_family(vip), &ia->ipaddr); @@ -150,7 +151,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip, { ia->ipaddr = c->spd.that.host_srcip; vip = host_create_from_sockaddr((sockaddr_t*)&ia->ipaddr); - plog("assigning virtual IP %H to peer", vip); + plog("assigning virtual IP %H to peer", vip); } if (!isanyaddr(&ia->ipaddr)) /* We got an IP address, send it */ @@ -164,67 +165,15 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip, | LELEM(INTERNAL_IP4_NETMASK); } - /* assign DNS servers from strongswan.conf */ - for (i = 1; i <= DNS_SERVER_MAX; i++) - { - char dns_key[16], *dns_str; - - snprintf(dns_key, sizeof(dns_key), "pluto.dns%d", i); - dns_str = lib->settings->get_str(lib->settings, dns_key, NULL); - if (dns_str) - { - err_t ugh; - sa_family_t family = strchr(dns_str, ':') ? AF_INET6 : AF_INET; - - ugh = ttoaddr(dns_str, 0, family, &ia->dns[dns_idx]); - if (ugh) - { - plog("error in DNS server address: %s", ugh); - continue; - } - plog("assigning DNS server %s to peer", dns_str); - - /* differentiate between IP4 and IP6 in modecfg_build_msg() */ - ia->attr_set |= LELEM(INTERNAL_IP4_DNS); - dns_idx++; - } - } - - /* assign NBNS servers from strongswan.conf */ - for (i = 1; i <= NBNS_SERVER_MAX; i++) - { - char nbns_key[16], *nbns_str; - - snprintf(nbns_key, sizeof(nbns_key), "pluto.nbns%d", i); - nbns_str = lib->settings->get_str(lib->settings, nbns_key, NULL); - if (nbns_str) - { - err_t ugh; - sa_family_t family = strchr(nbns_str, ':') ? AF_INET6 : AF_INET; - - ugh = ttoaddr(nbns_str, 0, family, &ia->nbns[nbns_idx]); - if (ugh) - { - plog("error in NBNS server address: %s", ugh); - continue; - } - plog("assigning NBNS server %s to peer", nbns_str); - - /* differentiate between IP4 and IP6 in modecfg_build_msg() */ - ia->attr_set |= LELEM(INTERNAL_IP4_NBNS); - nbns_idx++; - } - } - /* assign attributes from registered providers */ - enumerator = lib->attributes->create_responder_enumerator(lib->attributes, + enumerator = hydra->attributes->create_responder_enumerator(hydra->attributes, c->spd.that.id, vip); while (enumerator->enumerate(enumerator, &type, &value)) { err_t ugh; host_t *server; sa_family_t family = AF_INET; - + switch (type) { case INTERNAL_IP6_DNS: @@ -257,7 +206,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip, /* fallthrough */ case INTERNAL_IP4_NBNS: if (nbns_idx >= NBNS_SERVER_MAX) - { + { plog("exceeded the maximum number of %d NBNS servers", NBNS_SERVER_MAX); break; @@ -279,7 +228,7 @@ static void get_internal_addr(connection_t *c, host_t *requested_vip, default: break; - } + } } enumerator->destroy(enumerator); DESTROY_IF(vip); diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c index 733dd2623..b24ef1a8c 100644 --- a/src/pluto/pkcs7.c +++ b/src/pluto/pkcs7.c @@ -146,7 +146,7 @@ bool pkcs7_parse_contentInfo(chunk_t blob, u_int level0, contentInfo_t *cInfo) if (cInfo->type < OID_PKCS7_DATA || cInfo->type > OID_PKCS7_ENCRYPTED_DATA) { - DBG1("unknown pkcs7 content type"); + DBG1(DBG_LIB, "unknown pkcs7 content type"); goto end; } } @@ -187,7 +187,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, } if (cInfo.type != OID_PKCS7_SIGNED_DATA) { - DBG1("pkcs7 content type is not signedData"); + DBG1(DBG_LIB, "pkcs7 content type is not signedData"); return FALSE; } @@ -202,7 +202,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, { case PKCS7_SIGNED_VERSION: version = object.len ? (int)*object.ptr : 0; - DBG2(" v%d", version); + DBG2(DBG_LIB, " v%d", version); break; case PKCS7_DIGEST_ALG: digest_alg = asn1_parse_algorithmIdentifier(object, level, NULL); @@ -217,7 +217,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, { certificate_t *cert; - DBG2(" parsing pkcs7-wrapped certificate"); + DBG2(DBG_LIB, " parsing pkcs7-wrapped certificate"); cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, object, @@ -230,17 +230,17 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, break; case PKCS7_SIGNER_INFO: signerInfos++; - DBG2(" signer #%d", signerInfos); + DBG2(DBG_LIB, " signer #%d", signerInfos); break; case PKCS7_SIGNER_INFO_VERSION: version = object.len ? (int)*object.ptr : 0; - DBG2(" v%d", version); + DBG2(DBG_LIB, " v%d", version); break; case PKCS7_SIGNED_ISSUER: { identification_t *issuer = identification_create_from_encoding( ID_DER_ASN1_DN, object); - DBG2(" \"%Y\"", issuer); + DBG2(DBG_LIB, " \"%Y\"", issuer); issuer->destroy(issuer); break; } @@ -277,27 +277,27 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, scheme = signature_scheme_from_oid(digest_alg); if (scheme == SIGN_UNKNOWN) { - DBG1("unsupported signature scheme"); + DBG1(DBG_LIB, "unsupported signature scheme"); return FALSE; } if (signerInfos == 0) { - DBG1("no signerInfo object found"); + DBG1(DBG_LIB, "no signerInfo object found"); return FALSE; } else if (signerInfos > 1) { - DBG1("more than one signerInfo object found"); + DBG1(DBG_LIB, "more than one signerInfo object found"); return FALSE; } if (attributes->ptr == NULL) { - DBG1("no authenticatedAttributes object found"); + DBG1(DBG_LIB, "no authenticatedAttributes object found"); return FALSE; } if (enc_alg != OID_RSA_ENCRYPTION) { - DBG1("only RSA digest encryption supported"); + DBG1(DBG_LIB, "only RSA digest encryption supported"); return FALSE; } @@ -305,16 +305,16 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, key = cacert->get_public_key(cacert); if (key == NULL) { - DBG1("no public key found in CA certificate"); + DBG1(DBG_LIB, "no public key found in CA certificate"); return FALSE; } if (key->verify(key, scheme, *attributes, encrypted_digest)) { - DBG2("signature is valid"); + DBG2(DBG_LIB, "signature is valid"); } else { - DBG1("invalid signature"); + DBG1(DBG_LIB, "invalid signature"); success = FALSE; } key->destroy(key); @@ -352,7 +352,7 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, } if (cInfo.type != OID_PKCS7_ENVELOPED_DATA) { - DBG1("pkcs7 content type is not envelopedData"); + DBG1(DBG_LIB, "pkcs7 content type is not envelopedData"); goto failed; } @@ -367,19 +367,19 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, { case PKCS7_ENVELOPED_VERSION: version = object.len ? (int)*object.ptr : 0; - DBG2(" v%d", version); + DBG2(DBG_LIB, " v%d", version); if (version != 0) { - DBG1("envelopedData version is not 0"); + DBG1(DBG_LIB, "envelopedData version is not 0"); goto end; } break; case PKCS7_RECIPIENT_INFO_VERSION: version = object.len ? (int)*object.ptr : 0; - DBG2(" v%d", version); + DBG2(DBG_LIB, " v%d", version); if (version != 0) { - DBG1("recipient info version is not 0"); + DBG1(DBG_LIB, "recipient info version is not 0"); goto end; } break; @@ -387,14 +387,14 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, { identification_t *issuer = identification_create_from_encoding( ID_DER_ASN1_DN, object); - DBG2(" \"%Y\"", issuer); + DBG2(DBG_LIB, " \"%Y\"", issuer); issuer->destroy(issuer); break; } case PKCS7_SERIAL_NUMBER: if (!chunk_equals(serialNumber, object)) { - DBG1("serial numbers do not match"); + DBG1(DBG_LIB, "serial numbers do not match"); goto end; } break; @@ -402,22 +402,22 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, enc_alg = asn1_parse_algorithmIdentifier(object, level, NULL); if (enc_alg != OID_RSA_ENCRYPTION) { - DBG1("only rsa encryption supported"); + DBG1(DBG_LIB, "only rsa encryption supported"); goto end; } break; case PKCS7_ENCRYPTED_KEY: if (!key->decrypt(key, object, &symmetric_key)) { - DBG1("symmetric key could not be decrypted with rsa"); + DBG1(DBG_LIB, "symmetric key could not be decrypted with rsa"); goto end; } - DBG4("symmetric key %B", &symmetric_key); + DBG4(DBG_LIB, "symmetric key %B", &symmetric_key); break; case PKCS7_CONTENT_TYPE: if (asn1_known_oid(object) != OID_PKCS7_DATA) { - DBG1("encrypted content not of type pkcs7 data"); + DBG1(DBG_LIB, "encrypted content not of type pkcs7 data"); goto end; } break; @@ -426,12 +426,12 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, if (content_enc_alg == OID_UNKNOWN) { - DBG1("unknown content encryption algorithm"); + DBG1(DBG_LIB, "unknown content encryption algorithm"); goto end; } if (!asn1_parse_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV")) { - DBG1("IV could not be parsed"); + DBG1(DBG_LIB, "IV could not be parsed"); goto end; } break; @@ -459,28 +459,28 @@ end: alg = encryption_algorithm_from_oid(content_enc_alg, &key_size); if (alg == ENCR_UNDEFINED) { - DBG1("unsupported content encryption algorithm"); + DBG1(DBG_LIB, "unsupported content encryption algorithm"); goto failed; } crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size); if (crypter == NULL) { - DBG1("crypter %N not available", encryption_algorithm_names, alg); + DBG1(DBG_LIB, "crypter %N not available", encryption_algorithm_names, alg); goto failed; } if (symmetric_key.len != crypter->get_key_size(crypter)) { - DBG1("symmetric key length %d is wrong", symmetric_key.len); + DBG1(DBG_LIB, "symmetric key length %d is wrong", symmetric_key.len); goto failed; } if (iv.len != crypter->get_block_size(crypter)) { - DBG1("IV length %d is wrong", iv.len); + DBG1(DBG_LIB, "IV length %d is wrong", iv.len); goto failed; } crypter->set_key(crypter, symmetric_key); crypter->decrypt(crypter, encrypted_content, iv, data); - DBG4("decrypted content with padding: %B", data); + DBG4(DBG_LIB, "decrypted content with padding: %B", data); } /* remove the padding */ @@ -491,7 +491,7 @@ end: if (padding > data->len) { - DBG1("padding greater than data length"); + DBG1(DBG_LIB, "padding greater than data length"); goto failed; } data->len -= padding; @@ -500,7 +500,7 @@ end: { if (*pos-- != pattern) { - DBG1("wrong padding pattern"); + DBG1(DBG_LIB, "wrong padding pattern"); goto failed; } } @@ -631,7 +631,7 @@ chunk_t pkcs7_build_signedData(chunk_t data, chunk_t attributes, , asn1_wrap(ASN1_SET, "m", signerInfo)); cInfo = pkcs7_build_contentInfo(&signedData); - DBG3("signedData %B", &cInfo); + DBG3(DBG_LIB, "signedData %B", &cInfo); free(pkcs7Data.content.ptr); free(signedData.content.ptr); @@ -653,7 +653,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg alg_key_size/BITS_PER_BYTE); if (crypter == NULL) { - DBG1("crypter for %N not available", encryption_algorithm_names, alg); + DBG1(DBG_LIB, "crypter for %N not available", encryption_algorithm_names, alg); return chunk_empty; } @@ -663,12 +663,12 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); rng->allocate_bytes(rng, crypter->get_key_size(crypter), &symmetricKey); - DBG4("symmetric encryption key %B", &symmetricKey); + DBG4(DBG_LIB, "symmetric encryption key %B", &symmetricKey); rng->destroy(rng); rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); rng->allocate_bytes(rng, crypter->get_block_size(crypter), &iv); - DBG4("initialization vector: %B", &iv); + DBG4(DBG_LIB, "initialization vector: %B", &iv); rng->destroy(rng); } @@ -680,7 +680,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg in.len = data.len + padding; in.ptr = malloc(in.len); - DBG2("padding %u bytes of data to multiple block size of %u bytes", + DBG2(DBG_LIB, "padding %u bytes of data to multiple block size of %u bytes", data.len, in.len); /* copy data */ @@ -688,14 +688,14 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg /* append padding */ memset(in.ptr + data.len, padding, padding); } - DBG3("padded unencrypted data %B", &in); + DBG3(DBG_LIB, "padded unencrypted data %B", &in); /* symmetric encryption of data object */ crypter->set_key(crypter, symmetricKey); crypter->encrypt(crypter, in, iv, &out); crypter->destroy(crypter); chunk_clear(&in); - DBG3("encrypted data %B", &out); + DBG3(DBG_LIB, "encrypted data %B", &out); /* protect symmetric key by public key encryption */ { @@ -703,7 +703,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg if (key == NULL) { - DBG1("public key not found in encryption certificate"); + DBG1(DBG_LIB, "public key not found in encryption certificate"); chunk_clear(&symmetricKey); chunk_free(&iv); chunk_free(&out); @@ -744,7 +744,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, certificate_t *cert, int enc_alg , encryptedContentInfo); cInfo = pkcs7_build_contentInfo(&envelopedData); - DBG3("envelopedData %B", &cInfo); + DBG3(DBG_LIB, "envelopedData %B", &cInfo); chunk_free(&envelopedData.content); chunk_free(&iv); diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index 8b922df8c..aa04594bc 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -38,6 +38,7 @@ #include <freeswan.h> +#include <hydra.h> #include <library.h> #include <debug.h> #include <utils/enumerator.h> @@ -74,6 +75,7 @@ #include "timer.h" #include "vendor.h" #include "builder.h" +#include "whack_attribute.h" static void usage(const char *mess) { @@ -242,7 +244,7 @@ static void print_plugins() len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin); } enumerator->destroy(enumerator); - DBG1("loaded plugins: %s", buf); + DBG1(DBG_DMN, "loaded plugins: %s", buf); } int main(int argc, char **argv) @@ -273,6 +275,12 @@ int main(int argc, char **argv) library_deinit(); exit(SS_RC_DAEMON_INTEGRITY); } + if (!libhydra_init("pluto")) + { + libhydra_deinit(); + library_deinit(); + exit(SS_RC_INITIALIZATION_FAILED); + } options = options_create(); /* handle arguments */ @@ -648,6 +656,7 @@ int main(int argc, char **argv) { plog("integrity tests enabled:"); plog("lib 'libstrongswan': passed file and segment integrity tests"); + plog("lib 'libhydra': passed file and segment integrity tests"); plog("daemon 'pluto': passed file integrity test"); } @@ -676,6 +685,7 @@ int main(int argc, char **argv) init_myid(); fetch_initialize(); ac_initialize(); + whack_attribute_initialize(); /* drop unneeded capabilities and change UID/GID */ prctl(PR_SET_KEEPCAPS, 1); @@ -750,6 +760,7 @@ void exit_pluto(int status) free_preshared_secrets(); free_remembered_public_keys(); delete_every_connection(); + whack_attribute_finalize(); /* free in-memory pools */ fetch_finalize(); /* stop fetching thread */ free_crl_fetch(); /* free chain of crl fetch requests */ free_ocsp_fetch(); /* free chain of ocsp fetch requests */ @@ -770,6 +781,8 @@ void exit_pluto(int status) free_builder(); delete_lock(); options->destroy(options); + lib->plugins->unload(lib->plugins); + libhydra_deinit(); library_deinit(); close_log(); exit(status); diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c index 826a1aa6e..bf5ccb10c 100644 --- a/src/pluto/rcv_whack.c +++ b/src/pluto/rcv_whack.c @@ -57,6 +57,7 @@ #include "myid.h" #include "kernel_alg.h" #include "ike_alg.h" +#include "whack_attribute.h" /* helper variables and function to decode strings from whack message */ @@ -326,6 +327,8 @@ void whack_handle(int whackctlfd) || !unpack_str(&msg.ike) /* string 24 */ || !unpack_str(&msg.esp) /* string 25 */ || !unpack_str(&msg.sc_data) /* string 26 */ + || !unpack_str(&msg.whack_lease_ip) /* string 27 */ + || !unpack_str(&msg.whack_lease_id) /* string 28 */ || str_roof - next_str != (ptrdiff_t)msg.keyval.len) /* check chunk */ { ugh = "message from whack contains bad string"; @@ -376,7 +379,9 @@ void whack_handle(int whackctlfd) } if (msg.whack_myid) + { set_myid(MYID_SPECIFIED, msg.myid); + } /* Deleting combined with adding a connection works as replace. * To make this more useful, in only this combination, @@ -385,9 +390,13 @@ void whack_handle(int whackctlfd) if (msg.whack_delete) { if (msg.whack_ca) + { find_ca_info_by_name(msg.name, TRUE); + } else + { delete_connections_by_name(msg.name, !msg.whack_connection); + } } if (msg.whack_deletestate) @@ -406,13 +415,19 @@ void whack_handle(int whackctlfd) } if (msg.whack_crash) + { delete_states_by_peer(&msg.whack_crash_peer); + } if (msg.whack_connection) + { add_connection(&msg); + } if (msg.whack_ca && msg.cacert != NULL) + { add_ca_info(&msg); + } /* process "listen" before any operation that could require it */ if (msg.whack_listen) @@ -469,7 +484,12 @@ void whack_handle(int whackctlfd) free_ocsp_cache(); } - if (msg.whack_list & LIST_PUBKEYS) + if (msg.whack_leases) + { + list_leases(msg.name, msg.whack_lease_ip, msg.whack_lease_id); + } + + if (msg.whack_list & LIST_PUBKEYS) { list_public_keys(msg.whack_utc); } @@ -552,12 +572,18 @@ void whack_handle(int whackctlfd) { set_cur_connection(c); if (!oriented(*c)) + { whack_log(RC_ORIENT , "we have no ipsecN interface for either end of this connection"); + } else if (c->policy & POLICY_GROUP) + { route_group(c); + } else if (!trap_connection(c)) + { whack_log(RC_ROUTE, "could not route"); + } reset_cur_connection(); } } @@ -584,14 +610,22 @@ void whack_handle(int whackctlfd) for (sr = &c->spd; sr != NULL; sr = sr->next) { if (sr->routing >= RT_ROUTED_TUNNEL) + { fail++; + } } if (fail > 0) + { whack_log(RC_RTBUSY, "cannot unroute: route busy"); + } else if (c->policy & POLICY_GROUP) + { unroute_group(c); + } else + { unroute_connection(c); + } reset_cur_connection(); } } @@ -618,11 +652,15 @@ void whack_handle(int whackctlfd) if (msg.whack_oppo_initiate) { if (!listening) + { whack_log(RC_DEAF, "need --listen before opportunistic initiation"); + } else + { initiate_opportunistic(&msg.oppo_my_client, &msg.oppo_peer_client, 0 , FALSE , msg.whack_async? NULL_FD : dup_any(whackfd)); + } } if (msg.whack_terminate) @@ -639,7 +677,9 @@ void whack_handle(int whackctlfd) } if (msg.whack_status) + { show_status(msg.whack_statusall, msg.name); + } if (msg.whack_shutdown) { @@ -650,10 +690,14 @@ void whack_handle(int whackctlfd) if (msg.whack_sc_op != SC_OP_NONE) { if (pkcs11_proxy) + { scx_op_via_whack(msg.sc_data, msg.inbase, msg.outbase , msg.whack_sc_op, msg.keyid, whackfd); + } else + { plog("pkcs11 access to smartcard not allowed (set pkcs11proxy=yes)"); + } } whack_log_fd = NULL_FD; diff --git a/src/pluto/timer.c b/src/pluto/timer.c index 74806a40c..b112d67f6 100644 --- a/src/pluto/timer.c +++ b/src/pluto/timer.c @@ -48,7 +48,7 @@ time_t now(void) { static time_t delta = 0 , last_time = 0; - time_t n = time((time_t)NULL); + time_t n = time(NULL); passert(n != (time_t)-1); if (last_time > n) diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index 7d3c96c87..99cfc5734 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -198,6 +198,7 @@ static struct vid_struct _vid_tab[] = { * strongSwan */ DEC_MD5_VID(STRONGSWAN, "strongSwan") + DEC_MD5_VID(STRONGSWAN_4_3_5, "strongSwan 4.3.5") DEC_MD5_VID(STRONGSWAN_4_3_4, "strongSwan 4.3.4") DEC_MD5_VID(STRONGSWAN_4_3_3, "strongSwan 4.3.3") @@ -234,14 +235,6 @@ static struct vid_struct _vid_tab[] = { DEC_MD5_VID(STRONGSWAN_4_1_2, "strongSwan 4.1.2") DEC_MD5_VID(STRONGSWAN_4_1_1, "strongSwan 4.1.1") DEC_MD5_VID(STRONGSWAN_4_1_0, "strongSwan 4.1.0") - DEC_MD5_VID(STRONGSWAN_4_0_7, "strongSwan 4.0.7") - DEC_MD5_VID(STRONGSWAN_4_0_6, "strongSwan 4.0.6") - DEC_MD5_VID(STRONGSWAN_4_0_5, "strongSwan 4.0.5") - DEC_MD5_VID(STRONGSWAN_4_0_4, "strongSwan 4.0.4") - DEC_MD5_VID(STRONGSWAN_4_0_3, "strongSwan 4.0.3") - DEC_MD5_VID(STRONGSWAN_4_0_2, "strongSwan 4.0.2") - DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1") - DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0") DEC_MD5_VID(STRONGSWAN_2_8_11,"strongSwan 2.8.11") DEC_MD5_VID(STRONGSWAN_2_8_10,"strongSwan 2.8.10") @@ -255,34 +248,6 @@ static struct vid_struct _vid_tab[] = { DEC_MD5_VID(STRONGSWAN_2_8_2, "strongSwan 2.8.2") DEC_MD5_VID(STRONGSWAN_2_8_1, "strongSwan 2.8.1") DEC_MD5_VID(STRONGSWAN_2_8_0, "strongSwan 2.8.0") - DEC_MD5_VID(STRONGSWAN_2_7_3, "strongSwan 2.7.3") - DEC_MD5_VID(STRONGSWAN_2_7_2, "strongSwan 2.7.2") - DEC_MD5_VID(STRONGSWAN_2_7_1, "strongSwan 2.7.1") - DEC_MD5_VID(STRONGSWAN_2_7_0, "strongSwan 2.7.0") - DEC_MD5_VID(STRONGSWAN_2_6_4, "strongSwan 2.6.4") - DEC_MD5_VID(STRONGSWAN_2_6_3, "strongSwan 2.6.3") - DEC_MD5_VID(STRONGSWAN_2_6_2, "strongSwan 2.6.2") - DEC_MD5_VID(STRONGSWAN_2_6_1, "strongSwan 2.6.1") - DEC_MD5_VID(STRONGSWAN_2_6_0, "strongSwan 2.6.0") - DEC_MD5_VID(STRONGSWAN_2_5_7, "strongSwan 2.5.7") - DEC_MD5_VID(STRONGSWAN_2_5_6, "strongSwan 2.5.6") - DEC_MD5_VID(STRONGSWAN_2_5_5, "strongSwan 2.5.5") - DEC_MD5_VID(STRONGSWAN_2_5_4, "strongSwan 2.5.4") - DEC_MD5_VID(STRONGSWAN_2_5_3, "strongSwan 2.5.3") - DEC_MD5_VID(STRONGSWAN_2_5_2, "strongSwan 2.5.2") - DEC_MD5_VID(STRONGSWAN_2_5_1, "strongSwan 2.5.1") - DEC_MD5_VID(STRONGSWAN_2_5_0, "strongSwan 2.5.0") - DEC_MD5_VID(STRONGSWAN_2_4_4, "strongSwan 2.4.4") - DEC_MD5_VID(STRONGSWAN_2_4_3, "strongSwan 2.4.3") - DEC_MD5_VID(STRONGSWAN_2_4_2, "strongSwan 2.4.2") - DEC_MD5_VID(STRONGSWAN_2_4_1, "strongSwan 2.4.1") - DEC_MD5_VID(STRONGSWAN_2_4_0, "strongSwan 2.4.0") - DEC_MD5_VID(STRONGSWAN_2_3_2, "strongSwan 2.3.2") - DEC_MD5_VID(STRONGSWAN_2_3_1, "strongSwan 2.3.1") - DEC_MD5_VID(STRONGSWAN_2_3_0, "strongSwan 2.3.0") - DEC_MD5_VID(STRONGSWAN_2_2_2, "strongSwan 2.2.2") - DEC_MD5_VID(STRONGSWAN_2_2_1, "strongSwan 2.2.1") - DEC_MD5_VID(STRONGSWAN_2_2_0, "strongSwan 2.2.0") /* NAT-Traversal */ @@ -375,51 +340,63 @@ static void handle_known_vendorid (struct msg_digest *md, const char *vidstr, bool vid_useful = FALSE; size_t i, j; - switch (vid->id) { - /* Remote side supports OpenPGP certificates */ - case VID_OPENPGP: - md->openpgp = TRUE; - vid_useful = TRUE; - break; + switch (vid->id) + { + /* Remote side is a strongSwan host */ + case VID_STRONGSWAN: + vid_useful = TRUE; + break; + + /* Remote side supports OpenPGP certificates */ + case VID_OPENPGP: + md->openpgp = TRUE; + vid_useful = TRUE; + break; - /* - * Use most recent supported NAT-Traversal method and ignore the - * other ones (implementations will send all supported methods but - * only one will be used) - * - * Note: most recent == higher id in vendor.h - */ - case VID_NATT_IETF_00: - if (!nat_traversal_support_non_ike) + /* Remote side is a Windows 2000+ host */ + case VID_MS_NT5: + md->ms_nt5 = TRUE; + vid_useful = TRUE; break; - if ((nat_traversal_enabled) && (!md->nat_traversal_vid)) - { - md->nat_traversal_vid = vid->id; + + /* + * Use most recent supported NAT-Traversal method and ignore the + * other ones (implementations will send all supported methods but + * only one will be used) + * + * Note: most recent == higher id in vendor.h + */ + case VID_NATT_IETF_00: + if (!nat_traversal_support_non_ike) + break; + if ((nat_traversal_enabled) && (!md->nat_traversal_vid)) + { + md->nat_traversal_vid = vid->id; + vid_useful = TRUE; + } + break; + case VID_NATT_IETF_02: + case VID_NATT_IETF_02_N: + case VID_NATT_IETF_03: + case VID_NATT_RFC: + if (nat_traversal_support_port_floating + && md->nat_traversal_vid < vid->id) + { + md->nat_traversal_vid = vid->id; + vid_useful = TRUE; + } + break; + + /* Remote side would like to do DPD with us on this connection */ + case VID_MISC_DPD: + md->dpd = TRUE; vid_useful = TRUE; - } - break; - case VID_NATT_IETF_02: - case VID_NATT_IETF_02_N: - case VID_NATT_IETF_03: - case VID_NATT_RFC: - if (nat_traversal_support_port_floating - && md->nat_traversal_vid < vid->id) - { - md->nat_traversal_vid = vid->id; + break; + case VID_MISC_XAUTH: vid_useful = TRUE; - } - break; - - /* Remote side would like to do DPD with us on this connection */ - case VID_MISC_DPD: - md->dpd = TRUE; - vid_useful = TRUE; - break; - case VID_MISC_XAUTH: - vid_useful = TRUE; - break; - default: - break; + break; + default: + break; } if (vid->flags & VID_SUBSTRING_DUMPHEXA) diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h index 3df1a8196..ac6b0d420 100644 --- a/src/pluto/vendor.h +++ b/src/pluto/vendor.h @@ -53,56 +53,21 @@ enum known_vendorid { VID_VISTA_AUTHIP2 = 34, VID_VISTA_AUTHIP3 = 35, - VID_STRONGSWAN = 37, - VID_STRONGSWAN_2_2_0 = 38, - VID_STRONGSWAN_2_2_1 = 39, - VID_STRONGSWAN_2_2_2 = 40, - VID_STRONGSWAN_2_3_0 = 41, - VID_STRONGSWAN_2_3_1 = 42, - VID_STRONGSWAN_2_3_2 = 43, - VID_STRONGSWAN_2_4_0 = 44, - VID_STRONGSWAN_2_4_1 = 45, - VID_STRONGSWAN_2_4_2 = 46, - VID_STRONGSWAN_2_4_3 = 47, - VID_STRONGSWAN_2_4_4 = 48, - VID_STRONGSWAN_2_5_0 = 49, - VID_STRONGSWAN_2_5_1 = 50, - VID_STRONGSWAN_2_5_2 = 51, - VID_STRONGSWAN_2_5_3 = 52, - VID_STRONGSWAN_2_5_4 = 53, - VID_STRONGSWAN_2_5_5 = 54, - VID_STRONGSWAN_2_5_6 = 55, - VID_STRONGSWAN_2_5_7 = 56, - VID_STRONGSWAN_2_6_0 = 57, - VID_STRONGSWAN_2_6_1 = 58, - VID_STRONGSWAN_2_6_2 = 59, - VID_STRONGSWAN_2_6_3 = 60, - VID_STRONGSWAN_2_6_4 = 61, - VID_STRONGSWAN_2_7_0 = 62, - VID_STRONGSWAN_2_7_1 = 63, - VID_STRONGSWAN_2_7_2 = 64, - VID_STRONGSWAN_2_7_3 = 65, - VID_STRONGSWAN_2_8_0 = 66, - VID_STRONGSWAN_2_8_1 = 67, - VID_STRONGSWAN_2_8_2 = 68, - VID_STRONGSWAN_2_8_3 = 69, - VID_STRONGSWAN_2_8_4 = 70, - VID_STRONGSWAN_2_8_5 = 71, - VID_STRONGSWAN_2_8_6 = 72, - VID_STRONGSWAN_2_8_7 = 73, - VID_STRONGSWAN_2_8_8 = 74, - VID_STRONGSWAN_2_8_9 = 75, - VID_STRONGSWAN_2_8_10 = 76, - VID_STRONGSWAN_2_8_11 = 77, + VID_STRONGSWAN = 36, + + VID_STRONGSWAN_2_8_0 = 37, + VID_STRONGSWAN_2_8_1 = 38, + VID_STRONGSWAN_2_8_2 = 39, + VID_STRONGSWAN_2_8_3 = 40, + VID_STRONGSWAN_2_8_4 = 41, + VID_STRONGSWAN_2_8_5 = 42, + VID_STRONGSWAN_2_8_6 = 43, + VID_STRONGSWAN_2_8_7 = 44, + VID_STRONGSWAN_2_8_8 = 45, + VID_STRONGSWAN_2_8_9 = 46, + VID_STRONGSWAN_2_8_10 = 47, + VID_STRONGSWAN_2_8_11 = 48, - VID_STRONGSWAN_4_0_0 = 80, - VID_STRONGSWAN_4_0_1 = 81, - VID_STRONGSWAN_4_0_2 = 82, - VID_STRONGSWAN_4_0_3 = 83, - VID_STRONGSWAN_4_0_4 = 84, - VID_STRONGSWAN_4_0_5 = 85, - VID_STRONGSWAN_4_0_6 = 86, - VID_STRONGSWAN_4_0_7 = 87, VID_STRONGSWAN_4_1_0 = 88, VID_STRONGSWAN_4_1_1 = 89, VID_STRONGSWAN_4_1_2 = 90, @@ -115,7 +80,6 @@ enum known_vendorid { VID_STRONGSWAN_4_1_9 = 97, VID_STRONGSWAN_4_1_10 = 98, VID_STRONGSWAN_4_1_11 = 99, - VID_STRONGSWAN_4_2_0 =100, VID_STRONGSWAN_4_2_1 =101, VID_STRONGSWAN_4_2_2 =102, diff --git a/src/pluto/whack_attribute.c b/src/pluto/whack_attribute.c new file mode 100644 index 000000000..6a12f0c09 --- /dev/null +++ b/src/pluto/whack_attribute.c @@ -0,0 +1,365 @@ +/* + * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "whack_attribute.h" + +#include "log.h" + +/* these are defined as constants in constant.h but redefined as enum values in + * attributes/attributes.h */ +#undef INTERNAL_IP4_SERVER +#undef INTERNAL_IP6_SERVER + +#include <hydra.h> +#include <attributes/mem_pool.h> +#include <utils/linked_list.h> +#include <threading/rwlock.h> + +typedef struct private_whack_attribute_t private_whack_attribute_t; + +/** + * private data of whack_attribute + */ +struct private_whack_attribute_t { + + /** + * public functions + */ + whack_attribute_t public; + + /** + * list of pools, contains mem_pool_t + */ + linked_list_t *pools; + + /** + * rwlock to lock access to pools + */ + rwlock_t *lock; +}; + +/** + * global object + */ +whack_attribute_t *whack_attr; + +/** + * compare pools by name + */ +static bool pool_match(mem_pool_t *current, char *name) +{ + return name && streq(name, current->get_name(current)); +} + +/** + * find a pool by name + */ +static mem_pool_t *find_pool(private_whack_attribute_t *this, char *name) +{ + mem_pool_t *found; + if (this->pools->find_first(this->pools, (linked_list_match_t)pool_match, + (void**)&found, name) == SUCCESS) + { + return found; + } + return NULL; +} + +METHOD(attribute_provider_t, acquire_address, host_t*, + private_whack_attribute_t *this, char *name, identification_t *id, + host_t *requested) +{ + mem_pool_t *pool; + host_t *addr = NULL; + this->lock->read_lock(this->lock); + pool = find_pool(this, name); + if (pool) + { + addr = pool->acquire_address(pool, id, requested); + } + this->lock->unlock(this->lock); + return addr; +} + +METHOD(attribute_provider_t, release_address, bool, + private_whack_attribute_t *this, char *name, host_t *address, + identification_t *id) +{ + mem_pool_t *pool; + bool found = FALSE; + this->lock->read_lock(this->lock); + pool = find_pool(this, name); + if (pool) + { + found = pool->release_address(pool, address, id); + } + this->lock->unlock(this->lock); + return found; +} + +METHOD(whack_attribute_t, add_pool, bool, + private_whack_attribute_t *this, const char *name, + const whack_end_t *right) +{ + mem_pool_t *pool; + host_t *base = NULL; + u_int32_t bits = 0; + + /* named pool */ + if (right->sourceip_mask <= 0) + { + return FALSE; + } + + /* if %config, add an empty pool, otherwise */ + if (right->sourceip) + { + DBG(DBG_CONTROL, + DBG_log("adding virtual IP address pool '%s': %s/%d", + name, right->sourceip, right->sourceip_mask); + ); + base = host_create_from_string(right->sourceip, 0); + if (!base) + { + loglog(RC_LOG_SERIOUS, "virtual IP address invalid, discarded"); + return FALSE; + } + bits = right->sourceip_mask; + } + pool = mem_pool_create((char*)name, base, bits); + DESTROY_IF(base); + + this->lock->write_lock(this->lock); + this->pools->insert_last(this->pools, pool); + this->lock->unlock(this->lock); + return TRUE; +} + +METHOD(whack_attribute_t, del_pool, void, + private_whack_attribute_t *this, char *name) +{ + enumerator_t *enumerator; + mem_pool_t *pool; + + this->lock->write_lock(this->lock); + enumerator = this->pools->create_enumerator(this->pools); + while (enumerator->enumerate(enumerator, &pool)) + { + if (streq(name, pool->get_name(pool))) + { + DBG(DBG_CONTROL, + DBG_log("deleting virtual IP address pool '%s'", name) + ); + this->pools->remove_at(this->pools, enumerator); + pool->destroy(pool); + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); +} + +/** + * Pool enumerator filter function, converts pool_t to name, size, ... + */ +static bool pool_filter(void *lock, mem_pool_t **poolp, const char **name, + void *d1, u_int *size, void *d2, u_int *online, + void *d3, u_int *offline) +{ + mem_pool_t *pool = *poolp; + *name = pool->get_name(pool); + *size = pool->get_size(pool); + *online = pool->get_online(pool); + *offline = pool->get_offline(pool); + return TRUE; +} + +METHOD(whack_attribute_t, create_pool_enumerator, enumerator_t*, + private_whack_attribute_t *this) +{ + this->lock->read_lock(this->lock); + return enumerator_create_filter(this->pools->create_enumerator(this->pools), + (void*)pool_filter, + this->lock, (void*)this->lock->unlock); +} + +METHOD(whack_attribute_t, create_lease_enumerator, enumerator_t*, + private_whack_attribute_t *this, char *name) +{ + mem_pool_t *pool; + this->lock->read_lock(this->lock); + pool = find_pool(this, name); + if (!pool) + { + this->lock->unlock(this->lock); + return NULL; + } + return enumerator_create_cleaner(pool->create_lease_enumerator(pool), + (void*)this->lock->unlock, this->lock); +} + +/** + * see header file + */ +void whack_attribute_finalize() +{ + private_whack_attribute_t *this; + + if (whack_attr) + { + this = (private_whack_attribute_t*)whack_attr; + hydra->attributes->remove_provider(hydra->attributes, + &this->public.provider); + this->lock->destroy(this->lock); + this->pools->destroy_offset(this->pools, offsetof(mem_pool_t, destroy)); + free(this); + } +} + +/** + * see header file + */ +void whack_attribute_initialize() +{ + private_whack_attribute_t *this; + + INIT(this, + .public = { + .provider = { + .acquire_address = _acquire_address, + .release_address = _release_address, + .create_attribute_enumerator = enumerator_create_empty, + }, + .add_pool = _add_pool, + .del_pool = _del_pool, + .create_pool_enumerator = _create_pool_enumerator, + .create_lease_enumerator = _create_lease_enumerator, + }, + .pools = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); + + hydra->attributes->add_provider(hydra->attributes, &this->public.provider); + + whack_attr = &this->public; +} + +/** + * list leases of a single pool + */ +static void pool_leases(char *pool, host_t *address, + identification_t *identification, + u_int size, u_int online, u_int offline) +{ + + enumerator_t *enumerator; + identification_t *id; + host_t *lease; + bool on, found = FALSE; + + whack_log(RC_COMMENT, "Leases in pool '%s', usage: %lu/%lu, %lu online", + pool, online + offline, size, online); + enumerator = whack_attr->create_lease_enumerator(whack_attr, pool); + while (enumerator && enumerator->enumerate(enumerator, &id, &lease, &on)) + { + if ((!address && !identification) || + (address && address->ip_equals(address, lease)) || + (identification && identification->equals(identification, id))) + { + whack_log(RC_COMMENT, " %15H %s '%Y'", + lease, on ? "online" : "offline", id); + found = TRUE; + } + } + enumerator->destroy(enumerator); + if (!found) + { + whack_log(RC_COMMENT, " no matching leases found"); + } +} + +/** + * see header file + */ +void list_leases(char *name, char *addr, char *id) +{ + identification_t *identification = NULL; + host_t *address = NULL; + bool found = FALSE; + enumerator_t *enumerator; + u_int size, online, offline; + char *pool; + + if (addr) + { + address = host_create_from_string(addr, 0); + } + if (id) + { + identification = identification_create_from_string(id); + } + + enumerator = whack_attr->create_pool_enumerator(whack_attr); + while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) + { + if (!name || streq(name, pool)) + { + pool_leases(pool, address, identification, size, online, offline); + found = TRUE; + } + } + enumerator->destroy(enumerator); + if (!found) + { + if (name) + { + whack_log(RC_COMMENT, "pool '%s' not found", name); + } + else + { + whack_log(RC_COMMENT, "no pools found"); + } + } + DESTROY_IF(identification); + DESTROY_IF(address); +} + +/** + * see header file + */ +void show_pools(const char *name) +{ + enumerator_t *enumerator; + u_int size, online, offline; + char *pool; + bool first = TRUE; + + enumerator = whack_attr->create_pool_enumerator(whack_attr); + while (enumerator->enumerate(enumerator, &pool, &size, &online, &offline)) + { + if (name && !streq(name, pool)) + { + continue; + } + if (first) + { + first = FALSE; + whack_log(RC_COMMENT, "Virtual IP pools (size/online/offline):"); + } + whack_log(RC_COMMENT, "\"%s\": %u/%u/%u", pool, size, online, offline); + } + enumerator->destroy(enumerator); +} diff --git a/src/pluto/whack_attribute.h b/src/pluto/whack_attribute.h new file mode 100644 index 000000000..58441b973 --- /dev/null +++ b/src/pluto/whack_attribute.h @@ -0,0 +1,111 @@ +/* + * Copyright (C) 2010 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup whack_attribute + * @{ @ingroup pluto + */ + +#ifndef WHACK_ATTRIBUTE_H_ +#define WHACK_ATTRIBUTE_H_ + +#include <whack.h> +#include <attributes/attribute_provider.h> + +typedef struct whack_attribute_t whack_attribute_t; + +/** + * Whack attribute provider (basically an in-memory IP address pool) + */ +struct whack_attribute_t { + + /** + * Implements attribute provider interface + */ + attribute_provider_t provider; + + /** + * Add a virtual IP address pool. + * + * @param name name of the pool + * @param right "right" end of whack message + * @return TRUE, if the pool was successfully added + */ + bool (*add_pool)(whack_attribute_t *this, const char *name, + const whack_end_t *right); + + /** + * Remove a virtual IP address pool. + * + * @param name name of the pool + */ + void (*del_pool)(whack_attribute_t *this, char *name); + + /** + * Create an enumerator over installed pools. + * + * Enumerator enumerates over + * char *pool, u_int size, u_int offline, u_int online. + * + * @return enumerator + */ + enumerator_t* (*create_pool_enumerator)(whack_attribute_t *this); + + /** + * Create an enumerator over the leases of a pool. + * + * Enumerator enumerates over + * identification_t *id, host_t *address, bool online + * + * @param name name of the pool to enumerate + * @return enumerator, NULL if pool not found + */ + enumerator_t* (*create_lease_enumerator)(whack_attribute_t *this, + char *name); +}; + +/** + * Global object to manage pools. Set between calls to + * whack_attribute_initialize() and whack_attribute_finalize(). + */ +extern whack_attribute_t *whack_attr; + +/** + * Initialize the whack attribute provider + */ +void whack_attribute_initialize(); + +/** + * Finalize the whack attribute provider + */ +void whack_attribute_finalize(); + +/** + * List the leases matching the given parameters. + * + * @param name name of the pool, NULL for all pools + * @param addr ip address of the lease to list, NULL to ignore + * @param id id of the lease to list, NULL to ignore + */ +void list_leases(char *name, char *addr, char *id); + +/** + * List either all pools or the pool with a given name + * + * @param name name of the pool, NULL for all pools + */ +void show_pools(const char *name); + +#endif /** WHACK_ATTRIBUTE_H_ @}*/ diff --git a/src/pluto/x509.c b/src/pluto/x509.c index d8e887955..0a29830ea 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -419,11 +419,11 @@ void list_x509cert_chain(const char *caption, cert_t* cert, check_expiry(notAfter, CA_CERT_WARNING_INTERVAL, TRUE)); key = certificate->get_public_key(certificate); - if (key); + if (key) { whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", key_type_names, key->get_type(key), - key->get_keysize(key) * BITS_PER_BYTE, + key->get_keysize(key) * BITS_PER_BYTE, cert->smartcard ? ", on smartcard" : (has_private_key(cert)? ", has private key" : "")); diff --git a/src/scepclient/Makefile.am b/src/scepclient/Makefile.am index 3693b7532..dd4a4a63d 100644 --- a/src/scepclient/Makefile.am +++ b/src/scepclient/Makefile.am @@ -1,16 +1,20 @@ ipsec_PROGRAMS = scepclient scepclient_SOURCES = scepclient.c scep.c scep.h loglite.c +scepclient.o : $(top_builddir)/config.status + PLUTODIR=$(top_srcdir)/src/pluto OPENACDIR=$(top_srcdir)/src/openac WHACKDIR=$(top_srcdir)/src/whack LIBFREESWANDIR=$(top_srcdir)/src/libfreeswan LIBSTRONGSWANDIR=$(top_srcdir)/src/libstrongswan +LIBHYDRADIR=$(top_srcdir)/src/libhydra LIBCRYPTODIR=$(top_srcdir)/src/libcrypto INCLUDES = \ -I$(LIBFREESWANDIR) \ -I$(LIBSTRONGSWANDIR) \ +-I$(LIBHYDRADIR) \ -I$(PLUTODIR) \ -I$(LIBCRYPTODIR) \ -I$(WHACKDIR) diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 8438b81f9..db930756a 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -228,6 +228,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -268,10 +269,12 @@ OPENACDIR = $(top_srcdir)/src/openac WHACKDIR = $(top_srcdir)/src/whack LIBFREESWANDIR = $(top_srcdir)/src/libfreeswan LIBSTRONGSWANDIR = $(top_srcdir)/src/libstrongswan +LIBHYDRADIR = $(top_srcdir)/src/libhydra LIBCRYPTODIR = $(top_srcdir)/src/libcrypto INCLUDES = \ -I$(LIBFREESWANDIR) \ -I$(LIBSTRONGSWANDIR) \ +-I$(LIBHYDRADIR) \ -I$(PLUTODIR) \ -I$(LIBCRYPTODIR) \ -I$(WHACKDIR) @@ -659,6 +662,8 @@ uninstall-man: uninstall-man8 uninstall-man uninstall-man8 +scepclient.o : $(top_builddir)/config.status + constants.o : $(PLUTODIR)/constants.c $(PLUTODIR)/constants.h $(COMPILE) $(INCLUDES) -c -o $@ $< diff --git a/src/scepclient/loglite.c b/src/scepclient/loglite.c index 539bb5f72..96dc54390 100644 --- a/src/scepclient/loglite.c +++ b/src/scepclient/loglite.c @@ -41,7 +41,7 @@ bool /** * @brief scepclient dbg function */ -static void scepclient_dbg(int level, char *fmt, ...) +static void scepclient_dbg(debug_t group, level_t level, char *fmt, ...) { int priority = LOG_INFO; int debug_level; diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 576ce1dc5..385f6f328 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -289,7 +289,7 @@ static void print_plugins() len += snprintf(&buf[len], BUF_LEN-len, "%s ", plugin); } enumerator->destroy(enumerator); - DBG1(" loaded plugins: %s", buf); + DBG1(DBG_LIB, " loaded plugins: %s", buf); } /** diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 7524b5f26..a235013f2 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -38,7 +38,7 @@ if USE_CHARON AM_CFLAGS += -DSTART_CHARON endif -lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h +lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h $(LEX) $(srcdir)/parser.l y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 79ea9de32..11449f465 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -232,6 +232,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ @@ -718,7 +719,7 @@ uninstall-man: uninstall-man5 uninstall-man8 uninstall-man8 -lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h +lex.yy.c: $(srcdir)/parser.l $(srcdir)/parser.y $(srcdir)/parser.h y.tab.h $(LEX) $(srcdir)/parser.l y.tab.c: $(srcdir)/parser.y $(srcdir)/parser.l $(srcdir)/parser.h diff --git a/src/starter/args.c b/src/starter/args.c index ebbd42cc8..512f2f46f 100644 --- a/src/starter/args.c +++ b/src/starter/args.c @@ -248,11 +248,12 @@ static const token_info_t token_info[] = /* end keywords */ { ARG_MISC, 0, NULL /* KW_HOST */ }, + { ARG_UINT, offsetof(starter_end_t, ikeport), NULL }, { ARG_MISC, 0, NULL /* KW_NEXTHOP */ }, { ARG_STR, offsetof(starter_end_t, subnet), NULL }, { ARG_MISC, 0, NULL /* KW_SUBNETWITHIN */ }, { ARG_MISC, 0, NULL /* KW_PROTOPORT */ }, - { ARG_MISC, 0, NULL /* KW_SOURCEIP */ }, + { ARG_STR, offsetof(starter_end_t, sourceip), NULL }, { ARG_MISC, 0, NULL /* KW_NATIP */ }, { ARG_ENUM, offsetof(starter_end_t, firewall), LST_bool }, { ARG_ENUM, offsetof(starter_end_t, hostaccess), LST_bool }, diff --git a/src/starter/cmp.c b/src/starter/cmp.c index 8462a4819..33a057b44 100644 --- a/src/starter/cmp.c +++ b/src/starter/cmp.c @@ -43,6 +43,7 @@ starter_cmp_end(starter_end_t *c1, starter_end_t *c2) { ADDCMP(addr); } + VARCMP(ikeport); ADDCMP(nexthop); VARCMP(has_client); VARCMP(has_client_wildcard); diff --git a/src/starter/confread.c b/src/starter/confread.c index 07cc11503..e9b9028d5 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -96,6 +96,8 @@ static void default_values(starter_config_t *cfg) anyaddr(AF_INET, &cfg->conn_default.left.nexthop); anyaddr(AF_INET, &cfg->conn_default.right.addr); anyaddr(AF_INET, &cfg->conn_default.right.nexthop); + cfg->conn_default.left.ikeport = 500; + cfg->conn_default.right.ikeport = 500; cfg->ca_default.seen = LEMPTY; } @@ -105,8 +107,7 @@ static void default_values(starter_config_t *cfg) else if (streq(kw->value, sn)) { conn->policy &= ~fl; } \ else { plog("# bad policy value: %s=%s", kw->entry->name, kw->value); cfg->err++; } -static void -load_setup(starter_config_t *cfg, config_parsed_t *cfgp) +static void load_setup(starter_config_t *cfg, config_parsed_t *cfgp) { kw_list_t *kw; @@ -193,11 +194,13 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, streq(value, "%config") || streq(value, "%cfg")) { /* request ip via config payload */ + free(end->sourceip); end->sourceip = NULL; end->sourceip_mask = 1; } else { /* %poolname, strip %, serve ip requests */ + free(end->sourceip); end->sourceip = clone_str(value+1); end->sourceip_mask = 0; } @@ -221,6 +224,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, goto err; } *pos = '\0'; + free(end->sourceip); end->sourceip = clone_str(value); end->sourceip_mask = atoi(pos + 1); } @@ -232,7 +236,6 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, plog("# bad addr: %s=%s [%s]", name, value, ugh); goto err; } - end->sourceip = clone_str(value); end->sourceip_mask = (conn->tunnel_addr_family == AF_INET) ? 32 : 128; } @@ -419,8 +422,8 @@ err: /* * handles left|right=<FQDN> DNS resolution failure */ -static void -handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg) +static void handle_dns_failure(const char *label, starter_end_t *end, + starter_config_t *cfg) { if (end->dns_failed) { @@ -440,8 +443,8 @@ handle_dns_failure( const char *label, starter_end_t *end, starter_config_t *cfg /* * handles left|rightfirewall and left|rightupdown parameters */ -static void -handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg) +static void handle_firewall(const char *label, starter_end_t *end, + starter_config_t *cfg) { if (end->firewall && (end->seen & LELEM(KW_FIREWALL - KW_END_FIRST))) { @@ -461,8 +464,7 @@ handle_firewall( const char *label, starter_end_t *end, starter_config_t *cfg) /* * parse a conn section */ -static void -load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) +static void load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) { char *conn_name = (conn->name == NULL)? "%default":conn->name; @@ -718,8 +720,7 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg) /* * initialize a conn object with the default conn */ -static void -conn_default(char *name, starter_conn_t *conn, starter_conn_t *def) +static void conn_default(char *name, starter_conn_t *conn, starter_conn_t *def) { memcpy(conn, def, sizeof(starter_conn_t)); conn->name = clone_str(name); @@ -732,8 +733,7 @@ conn_default(char *name, starter_conn_t *conn, starter_conn_t *def) /* * parse a ca section */ -static void -load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg) +static void load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg) { char *ca_name = (ca->name == NULL)? "%default":ca->name; @@ -786,8 +786,7 @@ load_ca(starter_ca_t *ca, kw_list_t *kw, starter_config_t *cfg) /* * initialize a ca object with the default ca */ -static void -ca_default(char *name, starter_ca_t *ca, starter_ca_t *def) +static void ca_default(char *name, starter_ca_t *ca, starter_ca_t *def) { memcpy(ca, def, sizeof(starter_ca_t)); ca->name = clone_str(name); @@ -795,11 +794,11 @@ ca_default(char *name, starter_ca_t *ca, starter_ca_t *def) clone_args(KW_CA_FIRST, KW_CA_LAST, (char *)ca, (char *)def); } -static kw_list_t* -find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg); +static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn, + starter_config_t *cfg); -static void -load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg) +static void load_also_conns(starter_conn_t *conn, also_t *also, + starter_config_t *cfg) { while (also != NULL) { @@ -825,8 +824,8 @@ load_also_conns(starter_conn_t *conn, also_t *also, starter_config_t *cfg) /* * find a conn included by also */ -static kw_list_t* -find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg) +static kw_list_t* find_also_conn(const char* name, starter_conn_t *conn, + starter_config_t *cfg) { starter_conn_t *c = cfg->conn_first; @@ -852,11 +851,10 @@ find_also_conn(const char* name, starter_conn_t *conn, starter_config_t *cfg) return NULL; } -static kw_list_t* -find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg); +static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca, + starter_config_t *cfg); -static void -load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg) +static void load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg) { while (also != NULL) { @@ -882,8 +880,8 @@ load_also_cas(starter_ca_t *ca, also_t *also, starter_config_t *cfg) /* * find a ca included by also */ -static kw_list_t* -find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg) +static kw_list_t* find_also_ca(const char* name, starter_ca_t *ca, + starter_config_t *cfg) { starter_ca_t *c = cfg->ca_first; @@ -912,8 +910,7 @@ find_also_ca(const char* name, starter_ca_t *ca, starter_config_t *cfg) /* * free the memory used by also_t objects */ -static void -free_also(also_t *head) +static void free_also(also_t *head) { while (head != NULL) { @@ -928,8 +925,7 @@ free_also(also_t *head) /* * free the memory used by a starter_conn_t object */ -static void -confread_free_conn(starter_conn_t *conn) +static void confread_free_conn(starter_conn_t *conn) { free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->left); free_args(KW_END_FIRST, KW_END_LAST, (char *)&conn->right); @@ -950,8 +946,7 @@ confread_free_ca(starter_ca_t *ca) /* * free the memory used by a starter_config_t object */ -void -confread_free(starter_config_t *cfg) +void confread_free(starter_config_t *cfg) { starter_conn_t *conn = cfg->conn_first; starter_ca_t *ca = cfg->ca_first; @@ -986,8 +981,7 @@ confread_free(starter_config_t *cfg) /* * load and parse an IPsec configuration file */ -starter_config_t * -confread_load(const char *file) +starter_config_t* confread_load(const char *file) { starter_config_t *cfg = NULL; config_parsed_t *cfgp; diff --git a/src/starter/confread.h b/src/starter/confread.h index 7f3211628..199fab642 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -66,6 +66,7 @@ struct starter_end { char *groups; char *iface; ip_address addr; + u_int ikeport; ip_address nexthop; char *subnet; bool has_client; diff --git a/src/starter/ipsec.conf.5 b/src/starter/ipsec.conf.5 index d4dd7238f..4cb1cb0fc 100644 --- a/src/starter/ipsec.conf.5 +++ b/src/starter/ipsec.conf.5 @@ -604,6 +604,13 @@ identity to use for a second authentication for the left participant (IKEv2 only); defaults to .BR leftid . .TP +.B leftikeport +UDP port the left participant uses for IKE communication. Currently supported in +IKEv2 connections only. If unspecified, port 500 is used with port floating to +4500 if NAT is detected or MOBIKE enabled. Specifying a local IKE port +different from the default additionally requires a socket implementation that +listens to this port. +.TP .B leftnexthop this parameter is not needed any more because the NETKEY IPsec stack does not require explicit routing entries for the traffic to be tunneled. diff --git a/src/starter/keywords.c b/src/starter/keywords.c index e379f78e9..df39f0dc7 100644 --- a/src/starter/keywords.c +++ b/src/starter/keywords.c @@ -54,12 +54,12 @@ struct kw_entry { kw_token_t token; }; -#define TOTAL_KEYWORDS 119 +#define TOTAL_KEYWORDS 121 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 17 -#define MAX_HASH_VALUE 215 -/* maximum key range = 199, duplicates = 0 */ +#define MIN_HASH_VALUE 11 +#define MAX_HASH_VALUE 230 +/* maximum key range = 220, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -75,32 +75,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 12, - 78, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 4, 216, 20, 216, 45, - 55, 4, 77, 14, 78, 4, 216, 119, 4, 89, - 46, 34, 29, 216, 6, 12, 5, 56, 34, 216, - 4, 20, 5, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216 + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 26, + 75, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 2, 231, 25, 231, 40, + 61, 2, 114, 24, 3, 2, 231, 101, 2, 96, + 48, 35, 23, 231, 4, 10, 3, 69, 25, 231, + 2, 18, 16, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231, 231, 231, 231, 231, + 231, 231, 231, 231, 231, 231 }; register int hval = len; @@ -128,119 +128,121 @@ static const struct kw_entry wordlist[] = {"right", KW_RIGHT}, {"lifetime", KW_KEYLIFE}, {"leftcert", KW_LEFTCERT,}, + {"reauth", KW_REAUTH}, {"leftfirewall", KW_LEFTFIREWALL}, {"leftsendcert", KW_LEFTSENDCERT}, + {"rightikeport", KW_RIGHTIKEPORT}, {"leftprotoport", KW_LEFTPROTOPORT}, {"type", KW_TYPE}, - {"rekey", KW_REKEY}, {"leftgroups", KW_LEFTGROUPS}, + {"rekey", KW_REKEY}, {"rightsubnet", KW_RIGHTSUBNET}, {"rightsendcert", KW_RIGHTSENDCERT}, + {"righthostaccess", KW_RIGHTHOSTACCESS}, + {"xauth", KW_XAUTH}, {"leftallowany", KW_LEFTALLOWANY}, - {"rightgroups", KW_RIGHTGROUPS}, {"esp", KW_ESP}, + {"leftnexthop", KW_LEFTNEXTHOP}, {"lifebytes", KW_LIFEBYTES}, {"rightrsasigkey", KW_RIGHTRSASIGKEY}, - {"lifepackets", KW_LIFEPACKETS}, - {"leftnexthop", KW_LEFTNEXTHOP}, + {"rightauth", KW_RIGHTAUTH}, {"leftrsasigkey", KW_LEFTRSASIGKEY}, - {"leftca", KW_LEFTCA}, - {"eap", KW_EAP}, - {"strictcrlpolicy", KW_STRICTCRLPOLICY}, {"rightprotoport", KW_RIGHTPROTOPORT}, {"plutostart", KW_PLUTOSTART}, - {"also", KW_ALSO}, - {"rightallowany", KW_RIGHTALLOWANY}, + {"strictcrlpolicy", KW_STRICTCRLPOLICY}, + {"lifepackets", KW_LIFEPACKETS}, + {"rightgroups", KW_RIGHTGROUPS}, {"rightsourceip", KW_RIGHTSOURCEIP}, + {"eap", KW_EAP}, {"crluri", KW_CRLURI}, - {"leftnatip", KW_LEFTNATIP}, - {"lefthostaccess", KW_LEFTHOSTACCESS}, + {"hidetos", KW_HIDETOS}, {"rightcert", KW_RIGHTCERT}, {"certuribase", KW_CERTURIBASE}, + {"leftca", KW_LEFTCA}, + {"leftnatip", KW_LEFTNATIP}, + {"rightallowany", KW_RIGHTALLOWANY}, + {"lefthostaccess", KW_LEFTHOSTACCESS}, + {"crlcheckinterval", KW_CRLCHECKINTERVAL}, + {"also", KW_ALSO}, {"packetdefault", KW_PACKETDEFAULT}, + {"virtual_private", KW_VIRTUAL_PRIVATE}, {"plutostderrlog", KW_PLUTOSTDERRLOG}, - {"crluri1", KW_CRLURI}, - {"crlcheckinterval", KW_CRLCHECKINTERVAL}, + {"leftsourceip", KW_LEFTSOURCEIP}, {"rightid", KW_RIGHTID}, - {"virtual_private", KW_VIRTUAL_PRIVATE}, - {"leftsubnet", KW_LEFTSUBNET}, {"cacert", KW_CACERT}, {"rightca", KW_RIGHTCA}, - {"leftsourceip", KW_LEFTSOURCEIP}, + {"crluri1", KW_CRLURI}, {"inactivity", KW_INACTIVITY}, {"rightsubnetwithin", KW_RIGHTSUBNETWITHIN}, {"installpolicy", KW_INSTALLPOLICY}, - {"nat_traversal", KW_NAT_TRAVERSAL}, - {"ldapbase", KW_LDAPBASE}, + {"leftauth", KW_LEFTAUTH}, {"leftupdown", KW_LEFTUPDOWN}, + {"leftsubnet", KW_LEFTSUBNET}, {"rightnatip", KW_RIGHTNATIP}, {"ocspuri", KW_OCSPURI}, {"rightnexthop", KW_RIGHTNEXTHOP}, {"leftcert2", KW_LEFTCERT2,}, {"rightid2", KW_RIGHTID2}, - {"rekeyfuzz", KW_REKEYFUZZ}, + {"nat_traversal", KW_NAT_TRAVERSAL}, {"compress", KW_COMPRESS}, - {"rightfirewall", KW_RIGHTFIREWALL}, - {"ocspuri1", KW_OCSPURI}, - {"ldaphost", KW_LDAPHOST}, - {"xauth", KW_XAUTH}, + {"ldapbase", KW_LDAPBASE}, + {"auth", KW_AUTH}, {"postpluto", KW_POSTPLUTO}, - {"eap_identity", KW_EAP_IDENTITY}, - {"plutodebug", KW_PLUTODEBUG}, + {"charonstart", KW_CHARONSTART}, + {"ike", KW_IKE}, + {"ldaphost", KW_LDAPHOST}, {"leftca2", KW_LEFTCA2}, - {"auto", KW_AUTO}, - {"righthostaccess", KW_RIGHTHOSTACCESS}, {"dpddelay", KW_DPDDELAY}, - {"rightauth", KW_RIGHTAUTH}, + {"ocspuri1", KW_OCSPURI}, {"rightauth2", KW_RIGHTAUTH2}, - {"pfs", KW_PFS}, - {"authby", KW_AUTHBY}, - {"rightupdown", KW_RIGHTUPDOWN}, + {"eap_identity", KW_EAP_IDENTITY}, + {"leftikeport", KW_LEFTIKEPORT}, + {"plutodebug", KW_PLUTODEBUG}, + {"cachecrls", KW_CACHECRLS}, + {"charondebug", KW_CHARONDEBUG}, + {"crluri2", KW_CRLURI2}, + {"rightca2", KW_RIGHTCA2}, + {"mediated_by", KW_MEDIATED_BY}, + {"rightcert2", KW_RIGHTCERT2}, {"leftid", KW_LEFTID}, + {"auto", KW_AUTO}, + {"rightupdown", KW_RIGHTUPDOWN}, + {"rightfirewall", KW_RIGHTFIREWALL}, + {"authby", KW_AUTHBY}, {"leftsubnetwithin", KW_LEFTSUBNETWITHIN}, {"uniqueids", KW_UNIQUEIDS}, - {"dumpdir", KW_DUMPDIR}, - {"mediated_by", KW_MEDIATED_BY}, - {"ike", KW_IKE}, - {"cachecrls", KW_CACHECRLS}, {"prepluto", KW_PREPLUTO}, - {"force_keepalive", KW_FORCE_KEEPALIVE}, - {"hidetos", KW_HIDETOS}, + {"keep_alive", KW_KEEP_ALIVE}, {"mobike", KW_MOBIKE}, - {"forceencaps", KW_FORCEENCAPS}, {"overridemtu", KW_OVERRIDEMTU}, - {"crluri2", KW_CRLURI2}, - {"rightca2", KW_RIGHTCA2}, - {"rightcert2", KW_RIGHTCERT2}, + {"dumpdir", KW_DUMPDIR}, {"dpdaction", KW_DPDACTION}, - {"nocrsend", KW_NOCRSEND}, + {"rekeyfuzz", KW_REKEYFUZZ}, {"leftid2", KW_LEFTID2}, - {"interfaces", KW_INTERFACES}, - {"leftauth", KW_LEFTAUTH}, + {"keyingtries", KW_KEYINGTRIES}, + {"pfs", KW_PFS}, + {"nocrsend", KW_NOCRSEND}, + {"keyexchange", KW_KEYEXCHANGE}, {"leftauth2", KW_LEFTAUTH2}, {"mediation", KW_MEDIATION}, {"rekeymargin", KW_REKEYMARGIN}, - {"keep_alive", KW_KEEP_ALIVE}, - {"auth", KW_AUTH}, - {"keyingtries", KW_KEYINGTRIES}, - {"me_peerid", KW_ME_PEERID}, - {"fragicmp", KW_FRAGICMP}, - {"margintime", KW_REKEYMARGIN}, {"ocspuri2", KW_OCSPURI2}, - {"reauth", KW_REAUTH}, {"pkcs11module", KW_PKCS11MODULE}, - {"pfsgroup", KW_PFSGROUP}, - {"marginbytes", KW_MARGINBYTES}, {"pkcs11keepstate", KW_PKCS11KEEPSTATE}, - {"marginpackets", KW_MARGINPACKETS}, - {"modeconfig", KW_MODECONFIG}, - {"keyexchange", KW_KEYEXCHANGE}, - {"charonstart", KW_CHARONSTART}, + {"force_keepalive", KW_FORCE_KEEPALIVE}, + {"me_peerid", KW_ME_PEERID}, + {"forceencaps", KW_FORCEENCAPS}, {"pkcs11initargs", KW_PKCS11INITARGS}, - {"dpdtimeout", KW_DPDTIMEOUT}, {"pkcs11proxy", KW_PKCS11PROXY}, - {"charondebug", KW_CHARONDEBUG}, + {"margintime", KW_REKEYMARGIN}, + {"interfaces", KW_INTERFACES}, + {"fragicmp", KW_FRAGICMP}, + {"marginbytes", KW_MARGINBYTES}, + {"marginpackets", KW_MARGINPACKETS}, + {"dpdtimeout", KW_DPDTIMEOUT}, {"klipsdebug", KW_KLIPSDEBUG}, + {"modeconfig", KW_MODECONFIG}, + {"pfsgroup", KW_PFSGROUP}, {"keylife", KW_KEYLIFE}, {"ikelifetime", KW_IKELIFETIME} }; @@ -248,27 +250,29 @@ static const struct kw_entry wordlist[] = static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 0, -1, -1, - 1, -1, -1, -1, 2, 3, -1, -1, 4, 5, - -1, -1, 6, 7, -1, 8, 9, -1, 10, -1, - 11, -1, -1, -1, 12, -1, -1, 13, 14, 15, - 16, 17, 18, 19, 20, -1, 21, 22, 23, -1, - 24, -1, 25, 26, 27, 28, 29, -1, 30, 31, - 32, -1, 33, 34, 35, 36, 37, 38, -1, 39, - -1, 40, 41, 42, 43, 44, -1, 45, -1, 46, - -1, 47, -1, 48, -1, 49, 50, 51, -1, 52, - 53, 54, -1, 55, 56, 57, 58, 59, -1, -1, - 60, 61, 62, 63, 64, 65, 66, 67, 68, -1, - -1, 69, 70, 71, 72, -1, 73, 74, 75, 76, - 77, 78, -1, 79, 80, 81, -1, 82, 83, 84, - 85, 86, -1, 87, 88, -1, -1, 89, 90, 91, - 92, 93, -1, 94, -1, -1, 95, 96, 97, -1, - 98, 99, -1, -1, -1, 100, -1, -1, -1, 101, - -1, 102, 103, -1, -1, -1, 104, 105, 106, 107, - 108, 109, -1, 110, -1, 111, 112, -1, 113, -1, - -1, 114, -1, -1, 115, -1, -1, -1, -1, -1, - -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, - -1, 117, -1, -1, -1, 118 + -1, 0, -1, -1, 1, -1, 2, 3, 4, -1, + 5, 6, -1, 7, 8, -1, -1, 9, 10, 11, + 12, -1, 13, -1, 14, 15, 16, -1, 17, -1, + 18, 19, 20, 21, -1, 22, 23, -1, 24, 25, + 26, 27, 28, 29, 30, -1, -1, 31, 32, 33, + 34, 35, 36, 37, 38, -1, 39, 40, -1, 41, + -1, -1, -1, 42, 43, -1, 44, 45, 46, 47, + 48, 49, -1, 50, 51, 52, 53, 54, 55, 56, + 57, 58, 59, -1, -1, 60, -1, -1, 61, -1, + -1, 62, -1, -1, 63, 64, -1, -1, 65, 66, + -1, 67, 68, 69, -1, -1, 70, -1, 71, 72, + 73, -1, -1, -1, 74, -1, 75, -1, 76, 77, + 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, + 88, 89, 90, 91, 92, 93, -1, 94, 95, -1, + 96, -1, -1, -1, 97, -1, 98, 99, 100, -1, + -1, 101, 102, -1, 103, -1, -1, 104, 105, -1, + 106, -1, 107, -1, 108, -1, -1, -1, -1, 109, + -1, 110, -1, -1, 111, -1, -1, -1, -1, 112, + 113, -1, 114, 115, -1, -1, -1, -1, 116, -1, + 117, -1, -1, 118, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 119, -1, -1, -1, + 120 }; #ifdef __GNUC__ diff --git a/src/starter/keywords.h b/src/starter/keywords.h index 8be31d148..6c3907a6a 100644 --- a/src/starter/keywords.h +++ b/src/starter/keywords.h @@ -118,6 +118,7 @@ typedef enum { /* end keywords */ KW_HOST, KW_NEXTHOP, + KW_IKEPORT, KW_SUBNET, KW_SUBNETWITHIN, KW_PROTOPORT, @@ -145,6 +146,7 @@ typedef enum { /* left end keywords */ KW_LEFT, + KW_LEFTIKEPORT, KW_LEFTNEXTHOP, KW_LEFTSUBNET, KW_LEFTSUBNETWITHIN, @@ -172,6 +174,7 @@ typedef enum { /* right end keywords */ KW_RIGHT, + KW_RIGHTIKEPORT, KW_RIGHTNEXTHOP, KW_RIGHTSUBNET, KW_RIGHTSUBNETWITHIN, diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt index adf3069bf..12037a685 100644 --- a/src/starter/keywords.txt +++ b/src/starter/keywords.txt @@ -98,6 +98,7 @@ ocspuri1, KW_OCSPURI ocspuri2, KW_OCSPURI2 certuribase, KW_CERTURIBASE left, KW_LEFT +leftikeport, KW_LEFTIKEPORT leftnexthop, KW_LEFTNEXTHOP leftsubnet, KW_LEFTSUBNET leftsubnetwithin, KW_LEFTSUBNETWITHIN @@ -120,6 +121,7 @@ leftca, KW_LEFTCA leftca2, KW_LEFTCA2 leftgroups, KW_LEFTGROUPS right, KW_RIGHT +rightikeport, KW_RIGHTIKEPORT rightnexthop, KW_RIGHTNEXTHOP rightsubnet, KW_RIGHTSUBNET rightsubnetwithin, KW_RIGHTSUBNETWITHIN diff --git a/src/starter/lex.yy.c b/src/starter/lex.yy.c index 4596c0cc3..13bf87f0b 100644 --- a/src/starter/lex.yy.c +++ b/src/starter/lex.yy.c @@ -513,7 +513,8 @@ char *yytext; #define MAX_INCLUDE_DEPTH 20 extern void yyerror(const char *); -extern int yylex (void); +extern int yylex(void); +extern int yylex_destroy(void); static struct { int stack_ptr; @@ -557,6 +558,7 @@ void _parser_y_fini (void) fclose(__parser_y_private.file[i]); } memset(&__parser_y_private, 0, sizeof(__parser_y_private)); + yylex_destroy(); } int _parser_y_include (const char *filename) @@ -617,7 +619,7 @@ int _parser_y_include (const char *filename) return 0; } -#line 621 "lex.yy.c" +#line 623 "lex.yy.c" #define INITIAL 0 @@ -805,10 +807,10 @@ YY_DECL register char *yy_cp, *yy_bp; register int yy_act; -#line 133 "./parser.l" +#line 135 "./parser.l" -#line 812 "lex.yy.c" +#line 814 "lex.yy.c" if ( !(yy_init) ) { @@ -893,7 +895,7 @@ do_action: /* This label is used only to access EOF actions. */ goto yy_find_action; case YY_STATE_EOF(INITIAL): -#line 135 "./parser.l" +#line 137 "./parser.l" { if (__parser_y_private.filename[__parser_y_private.stack_ptr]) { free(__parser_y_private.filename[__parser_y_private.stack_ptr]); @@ -913,23 +915,23 @@ case YY_STATE_EOF(INITIAL): YY_BREAK case 1: YY_RULE_SETUP -#line 152 "./parser.l" +#line 154 "./parser.l" return FIRST_SPACES; YY_BREAK case 2: YY_RULE_SETUP -#line 154 "./parser.l" +#line 156 "./parser.l" /* ignore spaces in line */ ; YY_BREAK case 3: YY_RULE_SETUP -#line 156 "./parser.l" +#line 158 "./parser.l" return EQUAL; YY_BREAK case 4: /* rule 4 can match eol */ YY_RULE_SETUP -#line 158 "./parser.l" +#line 160 "./parser.l" { __parser_y_private.line[__parser_y_private.stack_ptr]++; return EOL; @@ -937,37 +939,37 @@ YY_RULE_SETUP YY_BREAK case 5: YY_RULE_SETUP -#line 163 "./parser.l" +#line 165 "./parser.l" return CONFIG; YY_BREAK case 6: YY_RULE_SETUP -#line 164 "./parser.l" +#line 166 "./parser.l" return SETUP; YY_BREAK case 7: YY_RULE_SETUP -#line 165 "./parser.l" +#line 167 "./parser.l" return CONN; YY_BREAK case 8: YY_RULE_SETUP -#line 166 "./parser.l" +#line 168 "./parser.l" return CA; YY_BREAK case 9: YY_RULE_SETUP -#line 167 "./parser.l" +#line 169 "./parser.l" return INCLUDE; YY_BREAK case 10: YY_RULE_SETUP -#line 168 "./parser.l" +#line 170 "./parser.l" return FILE_VERSION; YY_BREAK case 11: YY_RULE_SETUP -#line 170 "./parser.l" +#line 172 "./parser.l" { yylval.s = strdup(yytext); return STRING; @@ -975,7 +977,7 @@ YY_RULE_SETUP YY_BREAK case 12: YY_RULE_SETUP -#line 175 "./parser.l" +#line 177 "./parser.l" { yylval.s = strdup(yytext+1); if (yylval.s) yylval.s[strlen(yylval.s)-1]='\0'; @@ -984,15 +986,15 @@ YY_RULE_SETUP YY_BREAK case 13: YY_RULE_SETUP -#line 181 "./parser.l" +#line 183 "./parser.l" yyerror(yytext); YY_BREAK case 14: YY_RULE_SETUP -#line 183 "./parser.l" +#line 185 "./parser.l" ECHO; YY_BREAK -#line 996 "lex.yy.c" +#line 998 "lex.yy.c" case YY_END_OF_BUFFER: { @@ -1954,7 +1956,7 @@ void yyfree (void * ptr ) #define YYTABLES_NAME "yytables" -#line 183 "./parser.l" +#line 185 "./parser.l" diff --git a/src/starter/parser.l b/src/starter/parser.l index 5857c0815..c45847c5c 100644 --- a/src/starter/parser.l +++ b/src/starter/parser.l @@ -24,7 +24,8 @@ #define MAX_INCLUDE_DEPTH 20 extern void yyerror(const char *); -extern int yylex (void); +extern int yylex(void); +extern int yylex_destroy(void); static struct { int stack_ptr; @@ -68,6 +69,7 @@ void _parser_y_fini (void) fclose(__parser_y_private.file[i]); } memset(&__parser_y_private, 0, sizeof(__parser_y_private)); + yylex_destroy(); } int _parser_y_include (const char *filename) diff --git a/src/starter/parser.y b/src/starter/parser.y index 4533228c2..b0b1f6f21 100644 --- a/src/starter/parser.y +++ b/src/starter/parser.y @@ -156,21 +156,20 @@ statement_kw: %% -void -yyerror(const char *s) +void yyerror(const char *s) { if (_save_errors_) _parser_y_error(parser_errstring, ERRSTRING_LEN, s); } -config_parsed_t * -parser_load_conf(const char *file) +config_parsed_t *parser_load_conf(const char *file) { config_parsed_t *cfg = NULL; int err = 0; FILE *f; - extern void _parser_y_init (const char *f); + extern void _parser_y_init(const char *f); + extern void _parser_y_fini(void); extern FILE *yyin; memset(parser_errstring, 0, ERRSTRING_LEN+1); @@ -231,11 +230,11 @@ parser_load_conf(const char *file) cfg = NULL; } + _parser_y_fini(); return cfg; } -static void -parser_free_kwlist(kw_list_t *list) +static void parser_free_kwlist(kw_list_t *list) { kw_list_t *elt; @@ -248,8 +247,7 @@ parser_free_kwlist(kw_list_t *list) } } -void -parser_free_conf(config_parsed_t *cfg) +void parser_free_conf(config_parsed_t *cfg) { section_list_t *sec; if (cfg) diff --git a/src/starter/starter.c b/src/starter/starter.c index 0aab76d43..50ef9c07b 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -28,6 +28,7 @@ #include <grp.h> #include <freeswan.h> +#include <library.h> #include "../pluto/constants.h" #include "../pluto/defs.h" @@ -245,6 +246,9 @@ int main (int argc, char **argv) log_to_stderr = TRUE; base_debugging = DBG_NONE; + library_init(NULL); + atexit(library_deinit); + /* parse command line */ for (i = 1; i < argc; i++) { @@ -358,6 +362,7 @@ int main (int argc, char **argv) if (stat(STARTER_PID_FILE, &stb) == 0) { plog("starter is already running (%s exists) -- no fork done", STARTER_PID_FILE); + confread_free(cfg); exit(LSB_RC_SUCCESS); } @@ -388,6 +393,7 @@ int main (int argc, char **argv) plog("can't fork: %s", strerror(errno)); break; default: + confread_free(cfg); exit(LSB_RC_SUCCESS); } } @@ -422,11 +428,8 @@ int main (int argc, char **argv) confread_free(cfg); unlink(STARTER_PID_FILE); unlink(INFO_FILE); -#ifdef LEAK_DETECTIVE - report_leaks(); -#endif /* LEAK_DETECTIVE */ - close_log(); plog("ipsec starter stopped"); + close_log(); exit(LSB_RC_SUCCESS); } diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c index 665350c00..d877661ec 100644 --- a/src/starter/starterstroke.c +++ b/src/starter/starterstroke.c @@ -186,6 +186,7 @@ static void starter_stroke_add_end(stroke_msg_t *msg, stroke_end_t *msg_end, sta msg_end->updown = push_string(msg, conn_end->updown); ip_address2string(&conn_end->addr, buffer, sizeof(buffer)); msg_end->address = push_string(msg, buffer); + msg_end->ikeport = conn_end->ikeport; msg_end->subnets = push_string(msg, conn_end->subnet); msg_end->sourceip = push_string(msg, conn_end->sourceip); msg_end->sourceip_mask = conn_end->sourceip_mask; diff --git a/src/starter/starterwhack.c b/src/starter/starterwhack.c index 67916395f..527142a4e 100644 --- a/src/starter/starterwhack.c +++ b/src/starter/starterwhack.c @@ -91,6 +91,8 @@ static int send_whack_msg (whack_message_t *msg) || !pack_str(&msg->ike, &str_next, &str_roof) || !pack_str(&msg->esp, &str_next, &str_roof) || !pack_str(&msg->sc_data, &str_next, &str_roof) + || !pack_str(&msg->whack_lease_ip, &str_next, &str_roof) + || !pack_str(&msg->whack_lease_id, &str_next, &str_roof) || (str_roof - str_next < msg->keyval.len)) { plog("send_wack_msg(): can't pack strings"); @@ -138,14 +140,12 @@ static void init_whack_msg(whack_message_t *msg) msg->magic = WHACK_MAGIC; } -static char *connection_name(starter_conn_t *conn) +static char *connection_name(starter_conn_t *conn, char *buf, size_t size) { /* if connection name is '%auto', create a new name like conn_xxxxx */ - static char buf[32]; - if (streq(conn->name, "%auto")) { - sprintf(buf, "conn_%ld", conn->id); + snprintf(buf, size, "conn_%ld", conn->id); return buf; } return conn->name; @@ -161,7 +161,7 @@ static void set_whack_end(whack_end_t *w, starter_end_t *end, sa_family_t family w->has_client = end->has_client; w->sourceip = end->sourceip; w->sourceip_mask = end->sourceip_mask; - + if (end->sourceip && end->sourceip_mask > 0) { ttoaddr(end->sourceip, 0, ip_version(end->sourceip), &w->host_srcip); @@ -226,10 +226,11 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end { const char *err; static char keyspace[1024 + 4]; - char buf[ADDRTOT_BUF]; + char buf[ADDRTOT_BUF], name[32]; whack_message_t msg; init_whack_msg(&msg); + connection_name(conn, name, sizeof(name)); msg.whack_key = TRUE; msg.pubkey_alg = PUBKEY_ALG_RSA; @@ -246,7 +247,7 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end err = atobytes(end->rsakey, 0, keyspace, sizeof(keyspace), &msg.keyval.len); if (err) { - plog("conn %s/%s: rsakey malformed [%s]", connection_name(conn), lr, err); + plog("conn %s/%s: rsakey malformed [%s]", name, lr, err); return 1; } if (end->id) @@ -266,13 +267,14 @@ starter_whack_add_pubkey (starter_conn_t *conn, starter_end_t *end int starter_whack_add_conn(starter_conn_t *conn) { + char esp_buf[256], name[32]; whack_message_t msg; int r; init_whack_msg(&msg); msg.whack_connection = TRUE; - msg.name = connection_name(conn); + msg.name = connection_name(conn, name, sizeof(name)); msg.ikev1 = conn->keyexchange != KEY_EXCHANGE_IKEV2; msg.addr_family = conn->addr_family; @@ -302,8 +304,6 @@ int starter_whack_add_conn(starter_conn_t *conn) /* taken from pluto/whack.c */ if (msg.pfsgroup) { - char esp_buf[256]; - snprintf(esp_buf, sizeof (esp_buf), "%s;%s" , msg.esp ? msg.esp : "" , msg.pfsgroup ? msg.pfsgroup : ""); @@ -331,32 +331,35 @@ int starter_whack_add_conn(starter_conn_t *conn) int starter_whack_del_conn(starter_conn_t *conn) { + char name[32]; whack_message_t msg; init_whack_msg(&msg); msg.whack_delete = TRUE; - msg.name = connection_name(conn); + msg.name = connection_name(conn, name, sizeof(name)); return send_whack_msg(&msg); } int starter_whack_route_conn(starter_conn_t *conn) { + char name[32]; whack_message_t msg; init_whack_msg(&msg); msg.whack_route = TRUE; - msg.name = connection_name(conn); + msg.name = connection_name(conn, name, sizeof(name)); return send_whack_msg(&msg); } int starter_whack_initiate_conn(starter_conn_t *conn) { + char name[32]; whack_message_t msg; init_whack_msg(&msg); msg.whack_initiate = TRUE; msg.whack_async = TRUE; - msg.name = connection_name(conn); + msg.name = connection_name(conn, name, sizeof(name)); return send_whack_msg(&msg); } diff --git a/src/starter/y.tab.c b/src/starter/y.tab.c index b78c1b1f9..504b5589e 100644 --- a/src/starter/y.tab.c +++ b/src/starter/y.tab.c @@ -1,24 +1,23 @@ -/* A Bison parser, made by GNU Bison 2.3. */ -/* Skeleton implementation for Bison's Yacc-like parsers in C +/* A Bison parser, made by GNU Bison 2.4.1. */ - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +/* Skeleton implementation for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work @@ -29,7 +28,7 @@ special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. - + This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ @@ -47,7 +46,7 @@ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "2.3" +#define YYBISON_VERSION "2.4.1" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -55,45 +54,20 @@ /* Pure parsers. */ #define YYPURE 0 -/* Using locations. */ -#define YYLSP_NEEDED 0 - +/* Push parsers. */ +#define YYPUSH 0 +/* Pull parsers. */ +#define YYPULL 1 -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - EQUAL = 258, - FIRST_SPACES = 259, - EOL = 260, - CONFIG = 261, - SETUP = 262, - CONN = 263, - CA = 264, - INCLUDE = 265, - FILE_VERSION = 266, - STRING = 267 - }; -#endif -/* Tokens. */ -#define EQUAL 258 -#define FIRST_SPACES 259 -#define EOL 260 -#define CONFIG 261 -#define SETUP 262 -#define CONN 263 -#define CA 264 -#define INCLUDE 265 -#define FILE_VERSION 266 -#define STRING 267 - +/* Using locations. */ +#define YYLSP_NEEDED 0 /* Copy the first part of user declarations. */ + +/* Line 189 of yacc.c */ #line 1 "./parser.y" /* strongSwan config file parser (parser.y) @@ -148,6 +122,9 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len); +/* Line 189 of yacc.c */ +#line 127 "y.tab.c" + /* Enabling traces. */ #ifndef YYDEBUG # define YYDEBUG 0 @@ -166,25 +143,63 @@ extern kw_entry_t *in_word_set (char *str, unsigned int len); # define YYTOKEN_TABLE 0 #endif + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + EQUAL = 258, + FIRST_SPACES = 259, + EOL = 260, + CONFIG = 261, + SETUP = 262, + CONN = 263, + CA = 264, + INCLUDE = 265, + FILE_VERSION = 266, + STRING = 267 + }; +#endif +/* Tokens. */ +#define EQUAL 258 +#define FIRST_SPACES 259 +#define EOL 260 +#define CONFIG 261 +#define SETUP 262 +#define CONN 263 +#define CA 264 +#define INCLUDE 265 +#define FILE_VERSION 266 +#define STRING 267 + + + + #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE +{ + +/* Line 214 of yacc.c */ #line 54 "./parser.y" -{ char *s; } -/* Line 187 of yacc.c. */ -#line 175 "y.tab.c" - YYSTYPE; + char *s; + + +/* Line 214 of yacc.c */ +#line 191 "y.tab.c" +} YYSTYPE; +# define YYSTYPE_IS_TRIVIAL 1 # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 -# define YYSTYPE_IS_TRIVIAL 1 #endif - /* Copy the second part of user declarations. */ -/* Line 216 of yacc.c. */ -#line 188 "y.tab.c" +/* Line 264 of yacc.c */ +#line 203 "y.tab.c" #ifdef short # undef short @@ -259,14 +274,14 @@ typedef short int yytype_int16; #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static int -YYID (int i) +YYID (int yyi) #else static int -YYID (i) - int i; +YYID (yyi) + int yyi; #endif { - return i; + return yyi; } #endif @@ -347,9 +362,9 @@ void free (void *); /* INFRINGES ON USER NAME SPACE */ /* A type that is properly aligned for any stack member. */ union yyalloc { - yytype_int16 yyss; - YYSTYPE yyvs; - }; + yytype_int16 yyss_alloc; + YYSTYPE yyvs_alloc; +}; /* The size of the maximum gap between one aligned stack and the next. */ # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) @@ -383,12 +398,12 @@ union yyalloc elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ -# define YYSTACK_RELOCATE(Stack) \ +# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ do \ { \ YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack, Stack, yysize); \ - Stack = &yyptr->Stack; \ + YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ + Stack = &yyptr->Stack_alloc; \ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / sizeof (*yyptr); \ } \ @@ -484,7 +499,7 @@ static const char *const yytname[] = { "$end", "error", "$undefined", "EQUAL", "FIRST_SPACES", "EOL", "CONFIG", "SETUP", "CONN", "CA", "INCLUDE", "FILE_VERSION", "STRING", "$accept", - "config_file", "section_or_include", "@1", "@2", "@3", "@4", + "config_file", "section_or_include", "$@1", "$@2", "$@3", "$@4", "kw_section", "statement_kw", 0 }; #endif @@ -758,17 +773,20 @@ yy_symbol_print (yyoutput, yytype, yyvaluep) #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void -yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) +yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) #else static void -yy_stack_print (bottom, top) - yytype_int16 *bottom; - yytype_int16 *top; +yy_stack_print (yybottom, yytop) + yytype_int16 *yybottom; + yytype_int16 *yytop; #endif { YYFPRINTF (stderr, "Stack now"); - for (; bottom <= top; ++bottom) - YYFPRINTF (stderr, " %d", *bottom); + for (; yybottom <= yytop; yybottom++) + { + int yybot = *yybottom; + YYFPRINTF (stderr, " %d", yybot); + } YYFPRINTF (stderr, "\n"); } @@ -802,11 +820,11 @@ yy_reduce_print (yyvsp, yyrule) /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { - fprintf (stderr, " $%d = ", yyi + 1); + YYFPRINTF (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], &(yyvsp[(yyi + 1) - (yynrhs)]) ); - fprintf (stderr, "\n"); + YYFPRINTF (stderr, "\n"); } } @@ -1086,10 +1104,8 @@ yydestruct (yymsg, yytype, yyvaluep) break; } } - /* Prevent warnings from -Wmissing-prototypes. */ - #ifdef YYPARSE_PARAM #if defined __STDC__ || defined __cplusplus int yyparse (void *YYPARSE_PARAM); @@ -1105,11 +1121,10 @@ int yyparse (); #endif /* ! YYPARSE_PARAM */ - -/* The look-ahead symbol. */ +/* The lookahead symbol. */ int yychar; -/* The semantic value of the look-ahead symbol. */ +/* The semantic value of the lookahead symbol. */ YYSTYPE yylval; /* Number of syntax errors so far. */ @@ -1117,9 +1132,9 @@ int yynerrs; -/*----------. -| yyparse. | -`----------*/ +/*-------------------------. +| yyparse or yypush_parse. | +`-------------------------*/ #ifdef YYPARSE_PARAM #if (defined __STDC__ || defined __C99__FUNC__ \ @@ -1143,66 +1158,68 @@ yyparse () #endif #endif { - - int yystate; - int yyn; - int yyresult; - /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; - /* Look-ahead token as an internal (translated) token number. */ - int yytoken = 0; -#if YYERROR_VERBOSE - /* Buffer for error messages, and its allocated size. */ - char yymsgbuf[128]; - char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif - /* Three stacks and their tools: - `yyss': related to states, - `yyvs': related to semantic values, - `yyls': related to locations. - Refer to the stacks thru separate pointers, to allow yyoverflow - to reallocate them elsewhere. */ + int yystate; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus; - /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss = yyssa; - yytype_int16 *yyssp; + /* The stacks and their tools: + `yyss': related to states. + `yyvs': related to semantic values. - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs = yyvsa; - YYSTYPE *yyvsp; + Refer to the stacks thru separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + /* The state stack. */ + yytype_int16 yyssa[YYINITDEPTH]; + yytype_int16 *yyss; + yytype_int16 *yyssp; + /* The semantic value stack. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs; + YYSTYPE *yyvsp; -#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) - - YYSIZE_T yystacksize = YYINITDEPTH; + YYSIZE_T yystacksize; + int yyn; + int yyresult; + /* Lookahead token as an internal (translated) token number. */ + int yytoken; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; +#if YYERROR_VERBOSE + /* Buffer for error messages, and its allocated size. */ + char yymsgbuf[128]; + char *yymsg = yymsgbuf; + YYSIZE_T yymsg_alloc = sizeof yymsgbuf; +#endif + +#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) /* The number of symbols on the RHS of the reduced rule. Keep to zero when no symbol should be popped. */ int yylen = 0; + yytoken = 0; + yyss = yyssa; + yyvs = yyvsa; + yystacksize = YYINITDEPTH; + YYDPRINTF ((stderr, "Starting parse\n")); yystate = 0; yyerrstatus = 0; yynerrs = 0; - yychar = YYEMPTY; /* Cause a token to be read. */ + yychar = YYEMPTY; /* Cause a token to be read. */ /* Initialize stack pointers. Waste one element of value and location stack so that they stay on the same level as the state stack. The wasted elements are never initialized. */ - yyssp = yyss; yyvsp = yyvs; @@ -1232,7 +1249,6 @@ yyparse () YYSTYPE *yyvs1 = yyvs; yytype_int16 *yyss1 = yyss; - /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might @@ -1240,7 +1256,6 @@ yyparse () yyoverflow (YY_("memory exhausted"), &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), - &yystacksize); yyss = yyss1; @@ -1263,9 +1278,8 @@ yyparse () (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) goto yyexhaustedlab; - YYSTACK_RELOCATE (yyss); - YYSTACK_RELOCATE (yyvs); - + YYSTACK_RELOCATE (yyss_alloc, yyss); + YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); @@ -1276,7 +1290,6 @@ yyparse () yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; - YYDPRINTF ((stderr, "Stack size increased to %lu\n", (unsigned long int) yystacksize)); @@ -1286,6 +1299,9 @@ yyparse () YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + if (yystate == YYFINAL) + YYACCEPT; + goto yybackup; /*-----------. @@ -1294,16 +1310,16 @@ yyparse () yybackup: /* Do appropriate processing given the current state. Read a - look-ahead token if we need one and don't already have one. */ + lookahead token if we need one and don't already have one. */ - /* First try to decide what to do without reference to look-ahead token. */ + /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; - /* Not known => get a look-ahead token if don't already have one. */ + /* Not known => get a lookahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ + /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token: ")); @@ -1335,20 +1351,16 @@ yybackup: goto yyreduce; } - if (yyn == YYFINAL) - YYACCEPT; - /* Count tokens shifted since error; after three, turn off error status. */ if (yyerrstatus) yyerrstatus--; - /* Shift the look-ahead token. */ + /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - /* Discard the shifted token unless it is eof. */ - if (yychar != YYEOF) - yychar = YYEMPTY; + /* Discard the shifted token. */ + yychar = YYEMPTY; yystate = yyn; *++yyvsp = yylval; @@ -1388,6 +1400,8 @@ yyreduce: switch (yyn) { case 4: + +/* Line 1455 of yacc.c */ #line 71 "./parser.y" { free((yyvsp[(2) - (3)].s)); @@ -1395,6 +1409,8 @@ yyreduce: break; case 5: + +/* Line 1455 of yacc.c */ #line 75 "./parser.y" { _parser_kw = &(_parser_cfg->config_setup); @@ -1403,6 +1419,8 @@ yyreduce: break; case 7: + +/* Line 1455 of yacc.c */ #line 80 "./parser.y" { section_list_t *section = malloc_thing(section_list_t); @@ -1422,6 +1440,8 @@ yyreduce: break; case 9: + +/* Line 1455 of yacc.c */ #line 96 "./parser.y" { section_list_t *section = malloc_thing(section_list_t); @@ -1440,6 +1460,8 @@ yyreduce: break; case 11: + +/* Line 1455 of yacc.c */ #line 111 "./parser.y" { extern void _parser_y_include (const char *f); @@ -1449,6 +1471,8 @@ yyreduce: break; case 16: + +/* Line 1455 of yacc.c */ #line 126 "./parser.y" { kw_list_t *new; @@ -1477,6 +1501,8 @@ yyreduce: break; case 17: + +/* Line 1455 of yacc.c */ #line 151 "./parser.y" { free((yyvsp[(1) - (2)].s)); @@ -1484,8 +1510,9 @@ yyreduce: break; -/* Line 1267 of yacc.c. */ -#line 1489 "y.tab.c" + +/* Line 1455 of yacc.c */ +#line 1516 "y.tab.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); @@ -1496,7 +1523,6 @@ yyreduce: *++yyvsp = yyval; - /* Now `shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ @@ -1561,7 +1587,7 @@ yyerrlab: if (yyerrstatus == 3) { - /* If just tried and failed to reuse look-ahead token after an + /* If just tried and failed to reuse lookahead token after an error, discard it. */ if (yychar <= YYEOF) @@ -1578,7 +1604,7 @@ yyerrlab: } } - /* Else will try to reuse look-ahead token after shifting the error + /* Else will try to reuse lookahead token after shifting the error token. */ goto yyerrlab1; @@ -1635,9 +1661,6 @@ yyerrlab1: YY_STACK_PRINT (yyss, yyssp); } - if (yyn == YYFINAL) - YYACCEPT; - *++yyvsp = yylval; @@ -1662,7 +1685,7 @@ yyabortlab: yyresult = 1; goto yyreturn; -#ifndef yyoverflow +#if !defined(yyoverflow) || YYERROR_VERBOSE /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ @@ -1673,7 +1696,7 @@ yyexhaustedlab: #endif yyreturn: - if (yychar != YYEOF && yychar != YYEMPTY) + if (yychar != YYEMPTY) yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval); /* Do not reclaim the symbols of the rule which action triggered @@ -1699,24 +1722,25 @@ yyreturn: } + +/* Line 1675 of yacc.c */ #line 157 "./parser.y" -void -yyerror(const char *s) +void yyerror(const char *s) { if (_save_errors_) _parser_y_error(parser_errstring, ERRSTRING_LEN, s); } -config_parsed_t * -parser_load_conf(const char *file) +config_parsed_t *parser_load_conf(const char *file) { config_parsed_t *cfg = NULL; int err = 0; FILE *f; - extern void _parser_y_init (const char *f); + extern void _parser_y_init(const char *f); + extern void _parser_y_fini(void); extern FILE *yyin; memset(parser_errstring, 0, ERRSTRING_LEN+1); @@ -1777,11 +1801,11 @@ parser_load_conf(const char *file) cfg = NULL; } + _parser_y_fini(); return cfg; } -static void -parser_free_kwlist(kw_list_t *list) +static void parser_free_kwlist(kw_list_t *list) { kw_list_t *elt; @@ -1794,8 +1818,7 @@ parser_free_kwlist(kw_list_t *list) } } -void -parser_free_conf(config_parsed_t *cfg) +void parser_free_conf(config_parsed_t *cfg) { section_list_t *sec; if (cfg) diff --git a/src/starter/y.tab.h b/src/starter/y.tab.h index 871de1e97..caf6ea172 100644 --- a/src/starter/y.tab.h +++ b/src/starter/y.tab.h @@ -1,24 +1,23 @@ -/* A Bison parser, made by GNU Bison 2.3. */ -/* Skeleton interface for Bison's Yacc-like parsers in C +/* A Bison parser, made by GNU Bison 2.4.1. */ - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +/* Skeleton interface for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, - Boston, MA 02110-1301, USA. */ + along with this program. If not, see <http://www.gnu.org/licenses/>. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work @@ -29,10 +28,11 @@ special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. - + This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ + /* Tokens. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE @@ -68,15 +68,21 @@ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE +{ + +/* Line 1676 of yacc.c */ #line 54 "./parser.y" -{ char *s; } -/* Line 1489 of yacc.c. */ -#line 75 "y.tab.h" - YYSTYPE; + char *s; + + +/* Line 1676 of yacc.c */ +#line 80 "y.tab.h" +} YYSTYPE; +# define YYSTYPE_IS_TRIVIAL 1 # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 -# define YYSTYPE_IS_TRIVIAL 1 #endif extern YYSTYPE yylval; + diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index 82f2be13d..4353928b5 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -197,6 +197,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index 955e49535..4fa0f76a8 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -27,6 +27,8 @@ #include <stddef.h> #include <string.h> +#include <library.h> + #include "stroke_msg.h" #include "stroke_keywords.h" @@ -96,7 +98,7 @@ static int send_stroke_msg (stroke_msg_t *msg) { if (fgets(buffer, sizeof(buffer), stdin)) { - if (write(sock, buffer, strlen(buffer))); + ignore_result(write(sock, buffer, strlen(buffer))); } } } @@ -129,11 +131,13 @@ static int add_connection(char *name, msg.add_conn.me.id = push_string(&msg, my_id); msg.add_conn.me.address = push_string(&msg, my_addr); + msg.add_conn.me.ikeport = 500; msg.add_conn.me.subnets = push_string(&msg, my_nets); msg.add_conn.me.sendcert = 1; msg.add_conn.other.id = push_string(&msg, other_id); msg.add_conn.other.address = push_string(&msg, other_addr); + msg.add_conn.other.ikeport = 500; msg.add_conn.other.subnets = push_string(&msg, other_nets); msg.add_conn.other.sendcert = 1; @@ -355,6 +359,9 @@ int main(int argc, char *argv[]) const stroke_token_t *token; int res = 0; + library_init(NULL); + atexit(library_deinit); + if (argc < 2) { exit_usage(NULL); diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 56a7a158f..ffc67039e 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -137,6 +137,7 @@ struct stroke_end_t { char *groups; char *updown; char *address; + u_int16_t ikeport; char *sourceip; int sourceip_mask; char *subnets; diff --git a/src/whack/Makefile.in b/src/whack/Makefile.in index eb6238d80..098e5110e 100644 --- a/src/whack/Makefile.in +++ b/src/whack/Makefile.in @@ -196,6 +196,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/src/whack/whack.c b/src/whack/whack.c index c458d6760..5f986108b 100644 --- a/src/whack/whack.c +++ b/src/whack/whack.c @@ -185,6 +185,10 @@ static void help(void) " [--debug-private]" "\n\n" #endif + "leases: whack --leases" + " [--name <connection_name>]" + " [--lease-addr <ip-address> | --lease-id <identity>]" + "\n\n" "listen: whack" " (--listen | --unlisten)" "\n\n" @@ -322,6 +326,10 @@ enum { OPT_LISTEN, OPT_UNLISTEN, + OPT_LEASES, + OPT_LEASEADDR, + OPT_LEASEID, + OPT_PURGEOCSP, OPT_REREADSECRETS, @@ -519,6 +527,10 @@ static const struct option long_opts[] = { { "listen", no_argument, NULL, OPT_LISTEN + OO }, { "unlisten", no_argument, NULL, OPT_UNLISTEN + OO }, + { "leases", no_argument, NULL, OPT_LEASES + OO }, + { "lease-addr", required_argument, NULL, OPT_LEASEADDR + OO }, + { "lease-id", required_argument, NULL, OPT_LEASEID + OO }, + { "purgeocsp", no_argument, NULL, OPT_PURGEOCSP + OO }, { "rereadsecrets", no_argument, NULL, OPT_REREADSECRETS + OO }, @@ -1103,6 +1115,18 @@ int main(int argc, char **argv) diagq("0.0.0.0 or 0::0 isn't a valid client address", optarg); continue; + case OPT_LEASES: /* --leases */ + msg.whack_leases = TRUE; + continue; + + case OPT_LEASEADDR: /* --lease-addr <ip-address> */ + msg.whack_lease_ip = optarg; /* decoded by Pluto */ + continue; + + case OPT_LEASEID: /* --lease-id <identity> */ + msg.whack_lease_id = optarg; /* decoded by Pluto */ + continue; + case OPT_LISTEN: /* --listen */ msg.whack_listen = TRUE; continue; @@ -1618,6 +1642,12 @@ int main(int argc, char **argv) break; } + /* check leases */ + if (LHAS(opts_seen, OPT_LEASEADDR) && LHAS(opts_seen, OPT_LEASEID)) + { + diag("--lease-addr and --lease-id cannot be used together"); + } + /* check connection description */ if (LHAS(opts_seen, OPT_CD)) { @@ -1682,7 +1712,7 @@ int main(int argc, char **argv) if (!LHAS(opts_seen, OPT_NAME) && !msg.whack_ca) diag("missing --name <connection_name>"); } - else if (!msg.whack_options && !msg.whack_status) + else if (!msg.whack_options && !msg.whack_status && !msg.whack_leases) { if (LHAS(opts_seen, OPT_NAME)) diag("no reason for --name"); @@ -1698,9 +1728,10 @@ int main(int argc, char **argv) || msg.whack_delete || msg.whack_deletestate || msg.whack_initiate || msg.whack_oppo_initiate || msg.whack_terminate || msg.whack_route || msg.whack_unroute || msg.whack_listen - || msg.whack_unlisten || msg.whack_list || msg.whack_purgeocsp || msg.whack_reread - || msg.whack_ca || msg.whack_status || msg.whack_options || msg.whack_shutdown - || msg.whack_sc_op)) + || msg.whack_unlisten || msg.whack_list || msg.whack_purgeocsp + || msg.whack_reread || msg.whack_ca || msg.whack_status + || msg.whack_options || msg.whack_shutdown || msg.whack_sc_op + || msg.whack_leases)) { diag("no action specified; try --help for hints"); } @@ -1771,6 +1802,8 @@ int main(int argc, char **argv) || !pack_str(&msg.ike) /* string 24 */ || !pack_str(&msg.esp) /* string 25 */ || !pack_str(&msg.sc_data) /* string 26 */ + || !pack_str(&msg.whack_lease_ip) /* string 27 */ + || !pack_str(&msg.whack_lease_id) /* string 28 */ || str_roof - next_str < (ptrdiff_t)msg.keyval.len) diag("too many bytes of strings to fit in message to pluto"); diff --git a/src/whack/whack.h b/src/whack/whack.h index 3f66a7b4f..b495d3489 100644 --- a/src/whack/whack.h +++ b/src/whack/whack.h @@ -65,7 +65,7 @@ struct whack_end { int sourceip_mask; ip_address host_addr; ip_address host_nexthop; - ip_address host_srcip; + ip_address host_srcip; ip_subnet client; bool key_from_DNS_on_demand; bool has_client; @@ -177,6 +177,10 @@ struct whack_message { bool whack_deletestate; so_serial_t whack_deletestateno; + /* for WHACK_LEASES: */ + bool whack_leases; + char *whack_lease_ip, *whack_lease_id; + /* for WHACK_LISTEN: */ bool whack_listen, whack_unlisten; diff --git a/testing/Makefile.in b/testing/Makefile.in index 6a5fd31f2..c60f9b2ea 100644 --- a/testing/Makefile.in +++ b/testing/Makefile.in @@ -175,6 +175,7 @@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ +libhydra_plugins = @libhydra_plugins@ libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ diff --git a/testing/do-tests.in b/testing/do-tests.in index 7dbb5487a..2a869515d 100755 --- a/testing/do-tests.in +++ b/testing/do-tests.in @@ -348,7 +348,7 @@ do do host=`echo $host_iface | awk -F ":" '{print $1}'` iface=`echo $host_iface | awk -F ":" '{if ($2 != "") { print $2 } else { printf("eth0") }}'` - tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain and not arp > /tmp/tcpdump.log 2>&1 &" + tcpdump_cmd="tcpdump -i $iface not port ssh and not port domain > /tmp/tcpdump.log 2>&1 &" echo "${host}# $tcpdump_cmd" >> $CONSOLE_LOG ssh root@`eval echo \\\$ipv4_$host '$tcpdump_cmd'` eval TDUP_${host}="true" diff --git a/testing/hosts/default/etc/hosts b/testing/hosts/default/etc/hosts index 7d343d857..fb07a2f6e 100644 --- a/testing/hosts/default/etc/hosts +++ b/testing/hosts/default/etc/hosts @@ -14,6 +14,10 @@ 10.1.0.10 alice.strongswan.org alice 10.1.0.20 venus.strongswan.org venus +10.1.0.30 carol2.strongswan.org carol2 +10.1.0.40 dave2.strongswan.org dave2 +10.1.0.50 carol3.strongswan.org carol3 +10.1.0.51 dave3.strongswan.org dave3 10.1.0.1 moon1.strongswan.org moon1 192.168.0.1 moon.strongswan.org moon 192.168.0.50 alice1.strongswan.org alice1 diff --git a/testing/hosts/default/etc/ipsec.d/tables.sql b/testing/hosts/default/etc/ipsec.d/tables.sql index a7c5f1d81..0e880826d 100644 --- a/testing/hosts/default/etc/ipsec.d/tables.sql +++ b/testing/hosts/default/etc/ipsec.d/tables.sql @@ -197,9 +197,9 @@ CREATE TABLE ike_sas ( id INTEGER NOT NULL, initiator INTEGER NOT NULL, local_id_type INTEGER NOT NULL, - local_id_data BLOB NOT NULL, + local_id_data BLOB DEFAULT NULL, remote_id_type INTEGER NOT NULL, - remote_id_data BLOB NOT NULL, + remote_id_data BLOB DEFAULT NULL, host_family INTEGER NOT NULL, local_host_data BLOB NOT NULL, remote_host_data BLOB NOT NULL, diff --git a/testing/hosts/winnetou/etc/openssl/index.txt b/testing/hosts/winnetou/etc/openssl/index.txt index abdbb857b..58a88a3cb 100644 --- a/testing/hosts/winnetou/etc/openssl/index.txt +++ b/testing/hosts/winnetou/etc/openssl/index.txt @@ -8,11 +8,11 @@ R 090909112548Z 041226135423Z,keyCompromise 07 unknown /C=CH/O=Linux strongSwan/ R 090909112651Z 090827094754Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org R 091118162928Z 091124124946Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org R 091231214318Z 090827113123Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org -V 100216084430Z 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org +R 100216084430Z 100227205840Z,superseded 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org R 140321062536Z 050621195214Z,CACompromise 0C unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA -V 140321062916Z 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA +R 140321062916Z 100406094423Z,superseded 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA R 100607191714Z 070427213122Z,superseded 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org -V 100620195806Z 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA +R 100620195806Z 100406093001Z,superseded 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 111007105811Z 10 unknown /C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org V 111007121250Z 11 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org V 111007122112Z 12 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org @@ -28,3 +28,6 @@ R 140826103106Z 090827103405Z,keyCompromise 1B unknown /C=CH/O=Linux strongSwan/ V 140826103739Z 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org V 140826104451Z 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org V 141123125153Z 1E unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org +V 150226210530Z 1F unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org +V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA +V 190404095433Z 21 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA diff --git a/testing/hosts/winnetou/etc/openssl/index.txt.old b/testing/hosts/winnetou/etc/openssl/index.txt.old index 67a737e0e..5fd137735 100644 --- a/testing/hosts/winnetou/etc/openssl/index.txt.old +++ b/testing/hosts/winnetou/etc/openssl/index.txt.old @@ -8,11 +8,11 @@ R 090909112548Z 041226135423Z,keyCompromise 07 unknown /C=CH/O=Linux strongSwan/ R 090909112651Z 090827094754Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org R 091118162928Z 091124124946Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org R 091231214318Z 090827113123Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org -V 100216084430Z 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org +R 100216084430Z 100227205840Z,superseded 0B unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org R 140321062536Z 050621195214Z,CACompromise 0C unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA -V 140321062916Z 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA +R 140321062916Z 100406094423Z,superseded 0D unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA R 100607191714Z 070427213122Z,superseded 0E unknown /C=CH/O=Linux strongSwan/CN=winnetou.strongswan.org -V 100620195806Z 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA +R 100620195806Z 100406093001Z,superseded 0F unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 111007105811Z 10 unknown /C=CH/O=Linux strongSwan/OU=SHA-256/CN=moon.strongswan.org V 111007121250Z 11 unknown /C=CH/O=Linux strongSwan/OU=SHA-384/CN=carol@strongswan.org V 111007122112Z 12 unknown /C=CH/O=Linux strongSwan/OU=SHA-512/CN=dave@strongswan.org @@ -27,3 +27,6 @@ V 140826100818Z 1A unknown /C=CH/O=Linux strongSwan/OU=Research/CN=bob@strongsw R 140826103106Z 090827103405Z,keyCompromise 1B unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org V 140826103739Z 1C unknown /C=CH/O=Linux strongSwan/OU=Accounting/CN=dave@strongswan.org V 140826104451Z 1D unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +V 141123125153Z 1E unknown /C=CH/O=Linux strongSwan/OU=OCSP Signing Authority/CN=ocsp.strongswan.org +V 150226210530Z 1F unknown /C=CH/O=Linux strongSwan/OU=Authorization Authority/CN=aa@strongswan.org +V 190404095350Z 20 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem b/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem new file mode 100644 index 000000000..61d1c34e2 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/1F.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv +cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS +dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx +p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn +d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K +SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm +s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC +AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO +LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq +Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh +bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh +QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry +b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K +atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3 +u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/ +aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL +wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov +G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5 +8mcNXcKmqcyP2Tlnvbo= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/20.pem b/testing/hosts/winnetou/etc/openssl/newcerts/20.pem new file mode 100644 index 000000000..d51918e89 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/20.pem @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 32 (0x20) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA + Validity + Not Before: Apr 6 09:53:50 2010 GMT + Not After : Apr 4 09:53:50 2019 GMT + Subject: C=CH, O=Linux strongSwan, OU=Research, CN=Research CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:b6:39:b2:3a:a6:e0:07:5b:58:a7:3f:4f:b2:5a: + 85:6a:72:f7:1b:5d:3d:b1:e7:80:13:7a:95:b9:e9: + 61:a1:df:af:19:c6:b2:f9:83:14:21:59:1c:27:7b: + 7a:04:6a:43:f0:2e:24:71:dc:12:fd:c3:51:d7:c9: + 59:60:32:a5:59:d4:bd:d9:5c:a7:9f:21:06:3a:71: + 7d:33:d7:3f:d2:03:07:1c:d0:69:0c:94:ce:c1:31: + 20:65:8e:55:46:36:7b:bc:49:e4:12:81:9d:75:64: + a2:4d:e1:b5:8e:07:af:51:9d:a8:d8:7e:dc:b1:26: + 6d:e8:09:06:78:13:45:24:71:e0:f2:89:e7:81:4e: + fd:be:fc:2d:4c:c1:fa:b3:31:af:3c:70:fe:59:c8: + f2:31:26:02:d2:a5:ba:04:3b:73:d6:ae:31:e1:42: + cf:e3:66:95:27:e7:4a:85:a1:1c:de:6a:9b:ed:22: + 34:ac:b4:0b:ed:b9:22:e1:3c:36:af:a2:de:3b:41: + 88:8f:01:c0:1a:87:63:7b:b6:22:e7:e5:52:1f:4d: + 73:d7:7f:47:ab:c6:b1:13:cc:1e:cd:f4:5f:51:da: + fe:6d:14:83:8f:78:fb:0c:2a:c1:f1:01:65:18:f3: + c4:c9:8c:17:fd:52:1b:82:35:13:74:c3:38:9d:ec: + ae:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + E7:75:F0:A0:F2:AD:20:CD:CD:60:23:CC:C7:C8:0F:29:F3:DD:54:20 + X509v3 Authority Key Identifier: + keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF + DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA + serial:00 + + Signature Algorithm: sha256WithRSAEncryption + 8d:6d:a1:6d:1b:2d:cc:81:5c:0a:32:15:e2:ca:1b:2e:12:89: + b7:0d:05:9b:3f:ae:80:a1:73:05:1a:bf:47:e8:c8:b7:42:60: + c6:05:28:47:87:38:bb:c8:b1:32:23:89:fa:58:e0:c3:f2:dd: + 20:60:43:95:e9:72:ce:6f:38:5c:16:f7:b8:cc:e9:87:c1:ca: + a8:f1:e3:ee:ea:4c:1a:8e:68:b3:17:05:b7:89:dc:b2:30:43: + 22:62:ae:9a:87:67:39:6c:3a:c7:1c:87:10:a3:70:c0:0c:3c: + e0:46:99:68:e9:74:ea:94:2e:82:e5:c1:7f:44:16:10:40:da: + b1:19:07:58:9a:9a:06:d4:27:93:39:79:13:44:b9:b9:bc:c5: + 1e:81:6b:0f:f4:39:1c:ff:b6:df:ad:c4:2f:63:c5:c8:c7:a0: + 99:ce:15:5d:2c:b3:b5:ec:dd:dd:f6:3e:a8:6f:28:68:01:c6: + 35:4b:67:2a:b7:cc:3f:eb:30:6d:b1:5d:5c:8a:3d:4e:3a:cd: + e9:4c:08:fd:54:76:c3:3a:da:d2:f5:73:00:22:e2:ca:24:6b: + 4d:86:42:b3:ff:af:00:61:1e:dd:b6:6c:93:0d:e2:03:6c:e4: + d4:af:85:37:63:8e:0c:15:63:32:ee:eb:72:05:60:1b:d6:f2: + c1:66:89:92 +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh +cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD +FCFZHCd7egRqQ/AuJHHcEv3DUdfJWWAypVnUvdlcp58hBjpxfTPXP9IDBxzQaQyU +zsExIGWOVUY2e7xJ5BKBnXVkok3htY4Hr1GdqNh+3LEmbegJBngTRSRx4PKJ54FO +/b78LUzB+rMxrzxw/lnI8jEmAtKlugQ7c9auMeFCz+NmlSfnSoWhHN5qm+0iNKy0 +C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 ++wwqwfEBZRjzxMmMF/1SG4I1E3TDOJ3srjkCAwEAAaOBrzCBrDAPBgNVHRMBAf8E +BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd +VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV +BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/newcerts/21.pem b/testing/hosts/winnetou/etc/openssl/newcerts/21.pem new file mode 100644 index 000000000..965543286 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/newcerts/21.pem @@ -0,0 +1,83 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 33 (0x21) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CH, O=Linux strongSwan, CN=strongSwan Root CA + Validity + Not Before: Apr 6 09:54:33 2010 GMT + Not After : Apr 4 09:54:33 2019 GMT + Subject: C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c2:4e:4d:26:99:8c:37:b9:51:1f:a1:25:ba:1d: + 70:4e:34:58:1c:56:9b:ea:f4:16:20:fe:14:b7:36: + 73:48:47:fd:07:16:9b:55:df:aa:77:3d:a9:a3:cf: + 1a:8c:4e:d8:17:f0:5e:01:44:1d:f3:9d:43:31:c6: + ba:d8:61:b2:f7:4c:3e:49:96:3f:56:77:b8:3a:f0: + b1:ca:ab:98:bc:aa:e0:92:3c:ed:ec:52:7a:7d:60: + 82:60:95:12:26:f9:e5:3e:1f:37:1a:d3:20:62:5a: + a1:ee:89:9f:db:fd:67:01:b6:07:e5:2b:de:71:40: + ff:07:5c:91:27:6a:27:17:3a:5c:bf:43:29:c4:64: + dd:3c:59:b6:ff:52:b8:37:ed:13:d1:bb:f3:b3:ba: + 3c:94:b2:7f:25:18:86:57:73:d4:46:5e:e4:f4:ec: + 52:80:1b:04:9d:03:0d:72:71:df:9e:b6:90:3b:5f: + 41:dc:1e:cd:ab:74:2c:0c:8e:b1:56:9b:62:af:f4: + 1b:f7:c1:67:02:cb:7a:be:2a:18:5d:be:dc:2b:2f: + 3f:b8:cd:5e:78:51:61:e4:af:db:ee:22:da:60:23: + 81:b0:51:23:50:37:8a:aa:14:dc:da:b5:bc:f0:2a: + ce:b7:a4:38:8f:d1:57:d1:eb:7b:d2:f5:af:c5:f5: + 74:81 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 5F:9B:13:46:F9:20:72:C8:00:D5:88:B5:A7:4C:2E:97:EA:0B:93:28 + X509v3 Authority Key Identifier: + keyid:5D:A7:DD:70:06:51:32:7E:E7:B6:6D:B3:B5:E5:E0:60:EA:2E:4D:EF + DirName:/C=CH/O=Linux strongSwan/CN=strongSwan Root CA + serial:00 + + Signature Algorithm: sha256WithRSAEncryption + 24:65:4e:a5:cc:8c:7c:bb:af:ba:d6:9e:af:f4:f7:21:67:4d: + de:9d:fb:2e:8a:90:78:fd:92:f6:12:03:9a:bb:c5:87:66:3f: + 72:38:f9:83:f6:aa:93:e7:62:34:9e:c9:f3:02:97:86:48:c8: + c5:e7:7d:46:f3:e4:eb:ee:5e:9e:12:09:2d:20:21:42:7a:98: + ae:be:e5:fd:5a:dd:44:9d:07:80:9e:d0:e7:78:9a:45:08:42: + 62:f3:28:50:91:4a:a7:61:5a:85:73:34:9a:e5:f8:14:f5:6b: + 97:7d:f9:a2:d6:00:be:52:da:9a:94:a1:03:e0:1b:ae:0c:3e: + 08:72:dd:2c:94:6f:8a:81:7a:99:64:dc:97:51:ff:a3:a0:03: + 92:d0:78:db:4b:88:8e:d8:fd:d6:cc:33:64:6f:9f:6f:38:44: + 82:31:a7:64:ea:37:61:ee:a7:a0:4d:2c:7b:fa:7c:b8:b1:74: + 9a:4c:fa:71:bb:66:31:98:7f:ee:dd:9e:e6:3a:64:38:6f:22: + dd:7c:ce:bf:f6:9f:51:0b:05:03:e1:33:94:a3:62:11:90:21: + 95:66:37:33:43:ac:a1:95:00:ab:5a:e4:b1:bc:07:00:46:8b: + 4b:97:73:d7:c1:5d:64:5c:7d:f2:37:37:5f:c8:66:3f:e8:6f: + 9b:77:58:28 +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE +BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz +MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP +GoxO2BfwXgFEHfOdQzHGuthhsvdMPkmWP1Z3uDrwscqrmLyq4JI87exSen1ggmCV +Eib55T4fNxrTIGJaoe6Jn9v9ZwG2B+Ur3nFA/wdckSdqJxc6XL9DKcRk3TxZtv9S +uDftE9G787O6PJSyfyUYhldz1EZe5PTsUoAbBJ0DDXJx3562kDtfQdwezat0LAyO +sVabYq/0G/fBZwLLer4qGF2+3CsvP7jNXnhRYeSv2+4i2mAjgbBRI1A3iqoU3Nq1 +vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ +MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD +VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI +MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt b/testing/hosts/winnetou/etc/openssl/research/index.txt index 75e87f2c9..98aa9e3e4 100644 --- a/testing/hosts/winnetou/etc/openssl/research/index.txt +++ b/testing/hosts/winnetou/etc/openssl/research/index.txt @@ -1,5 +1,6 @@ -V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +R 100322070423Z 100407091025Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org V 151103161503Z 05 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA +V 150406092057Z 06 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/research/index.txt.old b/testing/hosts/winnetou/etc/openssl/research/index.txt.old index 26e68d4f3..2a68119f8 100644 --- a/testing/hosts/winnetou/etc/openssl/research/index.txt.old +++ b/testing/hosts/winnetou/etc/openssl/research/index.txt.old @@ -1,4 +1,5 @@ -V 100322070423Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org +R 100322070423Z 100407091025Z 01 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=carol@strongswan.org V 100615195710Z 02 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=Sales CA V 120323210330Z 03 unknown /C=CH/O=Linux strongSwan/OU=Research OCSP Signing Authority/CN=ocsp.research.strongswan.org V 140323203747Z 04 unknown /C=CH/O=Linux strongSwan/OU=Research no CDP/CN=carol@strongswan.org +V 151103161503Z 05 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Duck Research CA diff --git a/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem b/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem new file mode 100644 index 000000000..69e5c05e3 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/research/newcerts/06.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj +YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf index 693af7c28..23f120b29 100644 --- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf @@ -42,7 +42,7 @@ crl_extensions = crl_ext # The extentions to add to the CRL default_days = 1825 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = sha1 # which md to use. +default_md = sha256 # which md to use. preserve = no # keep passed DN ordering email_in_dn = no # allow/forbid EMail in DN @@ -74,7 +74,7 @@ emailAddress = optional #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes diff --git a/testing/hosts/winnetou/etc/openssl/research/researchCert.der b/testing/hosts/winnetou/etc/openssl/research/researchCert.der Binary files differindex 2a52f620d..0cbb57b99 100644 --- a/testing/hosts/winnetou/etc/openssl/research/researchCert.der +++ b/testing/hosts/winnetou/etc/openssl/research/researchCert.der diff --git a/testing/hosts/winnetou/etc/openssl/research/researchCert.pem b/testing/hosts/winnetou/etc/openssl/research/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/hosts/winnetou/etc/openssl/research/researchCert.pem +++ b/testing/hosts/winnetou/etc/openssl/research/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/research/serial b/testing/hosts/winnetou/etc/openssl/research/serial index cd672a533..2c7456e3e 100644 --- a/testing/hosts/winnetou/etc/openssl/research/serial +++ b/testing/hosts/winnetou/etc/openssl/research/serial @@ -1 +1 @@ -06 +07 diff --git a/testing/hosts/winnetou/etc/openssl/research/serial.old b/testing/hosts/winnetou/etc/openssl/research/serial.old index eeee65ec4..cd672a533 100644 --- a/testing/hosts/winnetou/etc/openssl/research/serial.old +++ b/testing/hosts/winnetou/etc/openssl/research/serial.old @@ -1 +1 @@ -05 +06 diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt b/testing/hosts/winnetou/etc/openssl/sales/index.txt index 3e39e973b..c4e05f253 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/index.txt +++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt @@ -1,4 +1,5 @@ -V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org +R 100322071017Z 100407093948Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 120323211811Z 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org V 140323211053Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org +V 150406094241Z 05 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old b/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old new file mode 100644 index 000000000..8f7e63a34 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old index ab3c06416..f377c3588 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/index.txt.old +++ b/testing/hosts/winnetou/etc/openssl/sales/index.txt.old @@ -1,3 +1,4 @@ -V 100322071017Z 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org +R 100322071017Z 100407093948Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=Sales/CN=dave@strongswan.org V 100615195536Z 02 unknown /C=CH/O=Linux strongSwan/OU=Research/CN=Research CA V 120323211811Z 03 unknown /C=CH/O=Linux strongSwan/OU=Sales OCSP Signing Authority/CN=ocsp.sales.strongswan.org +V 140323211053Z 04 unknown /C=CH/O=Linux strongSwan/OU=Sales no CDP/CN=dave@strongswan.org diff --git a/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem b/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem new file mode 100644 index 000000000..91df37a81 --- /dev/null +++ b/testing/hosts/winnetou/etc/openssl/sales/newcerts/05.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ +MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL +MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT +BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ +-----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf index 75816c432..547b2edbc 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf @@ -42,7 +42,7 @@ crl_extensions = crl_ext # The extentions to add to the CRL default_days = 1825 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = sha1 # which md to use. +default_md = sha256 # which md to use. preserve = no # keep passed DN ordering email_in_dn = no # allow/forbid EMail in DN @@ -74,7 +74,7 @@ emailAddress = optional #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes diff --git a/testing/hosts/winnetou/etc/openssl/sales/salesCert.der b/testing/hosts/winnetou/etc/openssl/sales/salesCert.der Binary files differindex 529fd2d45..dafc9ed48 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/salesCert.der +++ b/testing/hosts/winnetou/etc/openssl/sales/salesCert.der diff --git a/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem b/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem +++ b/testing/hosts/winnetou/etc/openssl/sales/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial b/testing/hosts/winnetou/etc/openssl/sales/serial index eeee65ec4..cd672a533 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/serial +++ b/testing/hosts/winnetou/etc/openssl/sales/serial @@ -1 +1 @@ -05 +06 diff --git a/testing/hosts/winnetou/etc/openssl/sales/serial.old b/testing/hosts/winnetou/etc/openssl/sales/serial.old index 64969239d..eeee65ec4 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/serial.old +++ b/testing/hosts/winnetou/etc/openssl/sales/serial.old @@ -1 +1 @@ -04 +05 diff --git a/testing/hosts/winnetou/etc/openssl/serial b/testing/hosts/winnetou/etc/openssl/serial index 33c1ce6c7..2bd5a0a98 100644 --- a/testing/hosts/winnetou/etc/openssl/serial +++ b/testing/hosts/winnetou/etc/openssl/serial @@ -1 +1 @@ -1F +22 diff --git a/testing/hosts/winnetou/etc/openssl/serial.old b/testing/hosts/winnetou/etc/openssl/serial.old index e28e17eb7..aabe6ec39 100644 --- a/testing/hosts/winnetou/etc/openssl/serial.old +++ b/testing/hosts/winnetou/etc/openssl/serial.old @@ -1 +1 @@ -1E +21 diff --git a/testing/scripts/build-umlrootfs b/testing/scripts/build-umlrootfs index 4a561b857..16dd843b9 100755 --- a/testing/scripts/build-umlrootfs +++ b/testing/scripts/build-umlrootfs @@ -206,9 +206,9 @@ then echo -n " --enable-leak-detective" >> $INSTALLSHELL fi -if [ "$USE_LOAD_TESTS" = "yes" ] +if [ "$USE_LOAD_TESTER" = "yes" ] then - echo -n " --enable-load-tests" >> $INSTALLSHELL + echo -n " --enable-load-tester" >> $INSTALLSHELL fi if [ "$USE_TEST_VECTORS" = "yes" ] @@ -221,6 +221,26 @@ then echo -n " --enable-gcrypt" >> $INSTALLSHELL fi +if [ "$USE_SOCKET_DEFAULT" = "yes" ] +then + echo -n " --enable-socket-default" >> $INSTALLSHELL +fi + +if [ "$USE_SOCKET_DYNAMIC" = "yes" ] +then + echo -n " --enable-socket-dynamic" >> $INSTALLSHELL +fi + +if [ "$USE_DHCP" = "yes" ] +then + echo -n " --enable-dhcp" >> $INSTALLSHELL +fi + +if [ "$USE_FARP" = "yes" ] +then + echo -n " --enable-farp" >> $INSTALLSHELL +fi + echo "" >> $INSTALLSHELL echo "make" >> $INSTALLSHELL echo "make install" >> $INSTALLSHELL diff --git a/testing/testing.conf b/testing/testing.conf index e86f60ae2..c7852d28f 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -19,19 +19,19 @@ UMLTESTDIR=~/strongswan-testing # Bzipped kernel sources # (file extension .tar.bz2 required) -KERNEL=$UMLTESTDIR/linux-2.6.31.5.tar.bz2 +KERNEL=$UMLTESTDIR/linux-2.6.33.3.tar.bz2 # Extract kernel version KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'` # Kernel configuration file -KERNELCONFIG=$UMLTESTDIR/.config-2.6.31 +KERNELCONFIG=$UMLTESTDIR/.config-2.6.33 # Bzipped uml patch for kernel -#UMLPATCH=$UMLTESTDIR/aead_init.patch.bz2 +UMLPATCH=$UMLTESTDIR/aes_gmac.patch.bz2 # Bzipped source of strongSwan -STRONGSWAN=$UMLTESTDIR/strongswan-4.3.6.tar.bz2 +STRONGSWAN=$UMLTESTDIR/strongswan-4.4.0.tar.bz2 # strongSwan compile options (use "yes" or "no") USE_LIBCURL="yes" @@ -49,15 +49,19 @@ USE_BLOWFISH="yes" USE_KERNEL_PFKEY="yes" USE_INTEGRITY_TEST="yes" USE_LEAK_DETECTIVE="yes" -USE_LOAD_TESTS="yes" +USE_LOAD_TESTER="yes" USE_TEST_VECTORS="yes" USE_GCRYPT="yes" +USE_SOCKET_DEFAULT="yes" +USE_SOCKET_DYNAMIC="yes" +USE_DHCP="yes" +USE_FARP="yes" # Gentoo linux root filesystem ROOTFS=$UMLTESTDIR/gentoo-fs-20090615.tar.bz2 # Size of the finished root filesystem in MB -ROOTFSSIZE=600 +ROOTFSSIZE=700 # Amount of Memory to use per UML [MB]. # If "auto" is stated 1/12 of total host ram will be used. diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf index 586a3dc5e..48b36cec7 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown + load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf index 586a3dc5e..48b36cec7 100644 --- a/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink updown + load = curl pem pkcs1 gcrypt x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf index b15a55fa5..0113aa780 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown + load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf index ab6f08e2d..6fcefc56a 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf index b15a55fa5..0113aa780 100644 --- a/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink updown + load = curl test-vectors pem pkcs1 gcrypt x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf index 6f4ec2510..774042329 100644 --- a/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } libstrongswan { diff --git a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf index ff3faf993..1f442a7dd 100644 --- a/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink socket-raw } pluto { diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf index cf4893014..831790f1e 100644 --- a/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random hmac x509 xcbc stroke kernel-netlink socket-raw } pluto { diff --git a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ike2/description.txt b/testing/tests/ike2/description.txt new file mode 100644 index 000000000..31d24cda6 --- /dev/null +++ b/testing/tests/ike2/description.txt @@ -0,0 +1,6 @@ +The router <b>moon</b> sets up a connection to gateway <b>sun</b> in order +to reach the subnet hidden behind <b>sun</b>. The gateway <b>sun</b> assigns a +virtual IP address to router <b>moon</b>. A special updown script on <b>moon</b> +specified by <b>leftupdown=/etc/nat_updown</b> dynamically inserts a source NAT rule +which maps the IP address of client <b>alice</b> to the virtual IP of <b>moon</b>. +This allows <b>alice</b> to access client <b>bob</b> via the established IPsec tunnel. diff --git a/testing/tests/ike2/evaltest.dat b/testing/tests/ike2/evaltest.dat new file mode 100644 index 000000000..75d5ffbd3 --- /dev/null +++ b/testing/tests/ike2/evaltest.dat @@ -0,0 +1,8 @@ +moon::ipsec statusall::net-net.*ESTABLISHED::YES +sun::ipsec statusall::net-net.*ESTABLISHED::YES +moon::cat /var/log/daemon.log::inserted NAT rule mapping PH_IP_ALICE to virtual IP::YES +alice::ping -c 1 PH_IP_BOB::64 bytes from PH_IP_BOB: icmp_seq=1::YES +sun::tcpdump::IP moon.strongswan.org > sun.strongswan.org: ESP::YES +sun::tcpdump::IP sun.strongswan.org > moon.strongswan.org: ESP::YES +bob::tcpdump::IP alice2.strongswan.org > bob.strongswan.org: ICMP::YES +bob::tcpdump::IP bob.strongswan.org > alice2.strongswan.org: ICMP::YES diff --git a/testing/tests/ike2/hosts/bob/etc/hosts b/testing/tests/ike2/hosts/bob/etc/hosts new file mode 100644 index 000000000..ee854da09 --- /dev/null +++ b/testing/tests/ike2/hosts/bob/etc/hosts @@ -0,0 +1,70 @@ +# /etc/hosts: This file describes a number of hostname-to-address +# mappings for the TCP/IP subsystem. It is mostly +# used at boot time, when no name servers are running. +# On small systems, this file can be used instead of a +# "named" name server. Just add the names, addresses +# and any aliases to this file... +# + +127.0.0.1 localhost + +192.168.0.254 uml0.strongswan.org uml0 +10.1.0.254 uml1.strongswan.org uml1 +10.2.0.254 uml1.strongswan.org uml2 + +10.1.0.10 alice.strongswan.org alice +10.1.0.20 venus.strongswan.org venus +10.1.0.1 moon1.strongswan.org moon1 +192.168.0.1 moon.strongswan.org moon +192.168.0.50 alice1.strongswan.org alice1 +192.168.0.100 carol.strongswan.org carol +10.3.0.1 carol1.strongswan.org carol1 +192.168.0.150 winnetou.strongswan.org winnetou crl.strongswan.org ocsp.strongswan.org ldap.strongswan.org +192.168.0.200 dave.strongswan.org dave +10.3.0.2 dave1.strongswan.org dave1 +192.168.0.2 sun.strongswan.org sun +10.2.0.1 sun1.strongswan.org sun1 +10.2.0.10 bob.strongswan.org bob +10.4.0.1 alice2.strongswan.org alice2 + +# IPv6 versions of localhost and co +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + +# IPv6 solicited-node multicast addresses +ff02::1:ff00:1 ip6-mcast-1 +ff02::1:ff00:2 ip6-mcast-2 +ff02::1:ff00:10 ip6-mcast-10 +ff02::1:ff00:15 ip6-mcast-15 +ff02::1:ff00:20 ip6-mcast-20 + +# IPv6 site-local addresses +fec0::5 ip6-alice1.strongswan.org ip6-alice1 +fec1::10 ip6-alice.strongswan.org ip6-alice +fec1::20 ip6-venus.strongswan.org ip6-venus +fec1::1 ip6-moon1.strongswan.org ip6-moon1 +fec0::1 ip6-moon.strongswan.org ip6-moon +fec0::10 ip6-carol.strongswan.org ip6-carol +fec3::1 ip6-carol1.strongswan.org ip6-carol1 +fec0::15 ip6-winnetou.strongswan.org ip6-winnetou +fec0::20 ip6-dave.strongswan.org ip6-dave +fec3::2 ip6-dave1.strongswan.org ip6-dave1 +fec0::2 ip6-sun.strongswan.org ip6-sun +fec2::1 ip6-sun1.strongswan.org ip6-sun1 +fec2::10 ip6-bob.strongswan.org ip6-bob + +# IPv6 link-local HW derived addresses +fe80::fcfd:0aff:fe01:14 ip6-hw-venus.strongswan.org ip6-hw-venus +fe80::fcfd:0aff:fe01:0a ip6-hw-alice.strongswan.org ip6-hw-alice +fe80::fcfd:0aff:fe01:01 ip6-hw-moon1.strongswan.org ip6-hw-moon1 +fe80::fcfd:c0ff:fea8:01 ip6-hw-moon.strongswan.org ip6-hw-moon +fe80::fcfd:c0ff:fea8:64 ip6-hw-carol.strongswan.org ip6-hw-carol +fe80::fcfd:c0ff:fea8:96 ip6-hw-winnetou.strongswan.org ip6-hw-winnetou +fe80::fcfd:c0ff:fea8:c8 ip6-hw-dave.strongswan.org ip6-hw-dave +fe80::fcfd:c0ff:fea8:02 ip6-hw-sun.strongswan.org ip6-hw-sun +fe80::fcfd:0aff:fe02:01 ip6-hw-sun1.strongswan.org ip6-hw-sun1 +fe80::fcfd:0aff:fe02:0a ip6-hw-bob.strongswan.org ip6-hw-bob diff --git a/testing/tests/ike2/hosts/moon/etc/ipsec.conf b/testing/tests/ike2/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..e43e0d785 --- /dev/null +++ b/testing/tests/ike2/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsourceip=%config + leftupdown=/etc/nat_updown + right=PH_IP_SUN + rightid=@sun.strongswan.org + rightsubnet=10.2.0.0/16 + auto=add diff --git a/testing/tests/ike2/hosts/moon/etc/nat_updown b/testing/tests/ike2/hosts/moon/etc/nat_updown new file mode 100755 index 000000000..aab1df687 --- /dev/null +++ b/testing/tests/ike2/hosts/moon/etc/nat_updown @@ -0,0 +1,152 @@ +#! /bin/sh +# NAT updown script +# +# Copyright (C) 2010 Andreas Steffen <andreas.steffen@strongswan.org> +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. + +# things that this script gets (from ipsec_pluto(8) man page) +# +# PLUTO_VERSION +# indicates what version of this interface is being +# used. This document describes version 1.1. This +# is upwardly compatible with version 1.0. +# +# PLUTO_VERB +# specifies the name of the operation to be performed +# (prepare-host, prepare-client, up-host, up-client, +# down-host, or down-client). If the address family +# for security gateway to security gateway communica- +# tions is IPv6, then a suffix of -v6 is added to the +# verb. +# +# PLUTO_CONNECTION +# is the name of the connection for which we are +# routing. +# +# PLUTO_NEXT_HOP +# is the next hop to which packets bound for the peer +# must be sent. +# +# PLUTO_INTERFACE +# is the name of the ipsec interface to be used. +# +# PLUTO_REQID +# is the requid of the ESP policy +# +# PLUTO_ME +# is the IP address of our host. +# +# PLUTO_MY_ID +# is the ID of our host. +# +# PLUTO_MY_CLIENT +# is the IP address / count of our client subnet. If +# the client is just the host, this will be the +# host's own IP address / max (where max is 32 for +# IPv4 and 128 for IPv6). +# +# PLUTO_MY_CLIENT_NET +# is the IP address of our client net. If the client +# is just the host, this will be the host's own IP +# address. +# +# PLUTO_MY_CLIENT_MASK +# is the mask for our client net. If the client is +# just the host, this will be 255.255.255.255. +# +# PLUTO_MY_SOURCEIP +# if non-empty, then the source address for the route will be +# set to this IP address. +# +# PLUTO_MY_PROTOCOL +# is the IP protocol that will be transported. +# +# PLUTO_MY_PORT +# is the UDP/TCP port to which the IPsec SA is +# restricted on our side. +# +# PLUTO_PEER +# is the IP address of our peer. +# +# PLUTO_PEER_ID +# is the ID of our peer. +# +# PLUTO_PEER_CA +# is the CA which issued the cert of our peer. +# +# PLUTO_PEER_CLIENT +# is the IP address / count of the peer's client sub- +# net. If the client is just the peer, this will be +# the peer's own IP address / max (where max is 32 +# for IPv4 and 128 for IPv6). +# +# PLUTO_PEER_CLIENT_NET +# is the IP address of the peer's client net. If the +# client is just the peer, this will be the peer's +# own IP address. +# +# PLUTO_PEER_CLIENT_MASK +# is the mask for the peer's client net. If the +# client is just the peer, this will be +# 255.255.255.255. +# +# PLUTO_PEER_PROTOCOL +# is the IP protocol that will be transported. +# +# PLUTO_PEER_PORT +# is the UDP/TCP port to which the IPsec SA is +# restricted on the peer side. +# + +# define a minimum PATH environment in case it is not set +PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin" +export PATH + +# resolve octal escape sequences +PLUTO_MY_ID=`printf "$PLUTO_MY_ID"` +PLUTO_PEER_ID=`printf "$PLUTO_PEER_ID"` + +case "$PLUTO_VERB:$1" in +up-host:) + # connection to me coming up + # If you are doing a custom version, firewall commands go here. + ;; +down-host:) + # connection to me going down + # If you are doing a custom version, firewall commands go here. + ;; +up-client:) + # connection to my client subnet coming up + # If you are doing a custom version, firewall commands go here. + iptables -A FORWARD -i eth1 -o $PLUTO_INTERFACE -s PH_IP_ALICE \ + -d $PLUTO_PEER_CLIENT -j ACCEPT + iptables -A FORWARD -o eth1 -i $PLUTO_INTERFACE -d PH_IP_ALICE \ + -s $PLUTO_PEER_CLIENT -j ACCEPT + iptables -t nat -A POSTROUTING -o $PLUTO_INTERFACE -s PH_IP_ALICE \ + -d $PLUTO_PEER_CLIENT -j SNAT --to-source $PLUTO_MY_SOURCEIP + echo "inserted NAT rule mapping PH_IP_ALICE to virtual IP $PLUTO_MY_SOURCEIP" >&2 + ;; +down-client:) + # connection to my client subnet going down + # If you are doing a custom version, firewall commands go here. + iptables -D FORWARD -i eth1 -o $PLUTO_INTERFACE -s PH_IP_ALICE \ + -d $PLUTO_PEER_CLIENT -j ACCEPT + iptables -D FORWARD -o eth1 -i $PLUTO_INTERFACE -d PH_IP_ALICE \ + -s $PLUTO_PEER_CLIENT -j ACCEPT + iptables -t nat -D POSTROUTING -o $PLUTO_INTERFACE -s PH_IP_ALICE \ + -d $PLUTO_PEER_CLIENT -j SNAT --to-source $PLUTO_MY_SOURCEIP + echo "deleted NAT rule mapping PH_IP_ALICE to virtual IP $PLUTO_MY_SOURCEIP" >&2 + ;; +*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 + exit 1 + ;; +esac diff --git a/testing/tests/ike2/hosts/moon/etc/strongswan.conf b/testing/tests/ike2/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..161934454 --- /dev/null +++ b/testing/tests/ike2/hosts/moon/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-raw updown + multiple_authentication = no +} diff --git a/testing/tests/ike2/hosts/sun/etc/ipsec.conf b/testing/tests/ike2/hosts/sun/etc/ipsec.conf new file mode 100755 index 000000000..9cede8d56 --- /dev/null +++ b/testing/tests/ike2/hosts/sun/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + mobike=no + +conn net-net + left=PH_IP_SUN + leftcert=sunCert.pem + leftid=@sun.strongswan.org + leftsubnet=10.2.0.0/16 + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsourceip=10.4.0.0/24 + auto=add diff --git a/testing/tests/ike2/hosts/sun/etc/strongswan.conf b/testing/tests/ike2/hosts/sun/etc/strongswan.conf new file mode 100644 index 000000000..161934454 --- /dev/null +++ b/testing/tests/ike2/hosts/sun/etc/strongswan.conf @@ -0,0 +1,6 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-raw updown + multiple_authentication = no +} diff --git a/testing/tests/ike2/posttest.dat b/testing/tests/ike2/posttest.dat new file mode 100644 index 000000000..b121de27d --- /dev/null +++ b/testing/tests/ike2/posttest.dat @@ -0,0 +1,5 @@ +moon::ipsec stop +sun::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +sun::/etc/init.d/iptables stop 2> /dev/null +moon::conntrack -F diff --git a/testing/tests/ike2/pretest.dat b/testing/tests/ike2/pretest.dat new file mode 100644 index 000000000..abbca90d7 --- /dev/null +++ b/testing/tests/ike2/pretest.dat @@ -0,0 +1,9 @@ +moon::/etc/init.d/iptables start 2> /dev/null +sun::/etc/init.d/iptables start 2> /dev/null +moon::conntrack -F +moon::echo 1 > /proc/sys/net/ipv4/ip_forward +moon::ipsec start +sun::ipsec start +moon::sleep 1 +moon::ipsec up net-net +moon::sleep 1 diff --git a/testing/tests/ike2/test.conf b/testing/tests/ike2/test.conf new file mode 100644 index 000000000..1971a33ab --- /dev/null +++ b/testing/tests/ike2/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon winnetou sun bob" + +# Corresponding block diagram +# +DIAGRAM="a-m-w-s-b.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="sun bob" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon sun" diff --git a/testing/tests/ikev1/alg-modp-subgroup/description.txt b/testing/tests/ikev1/alg-modp-subgroup/description.txt new file mode 100644 index 000000000..cb7d11720 --- /dev/null +++ b/testing/tests/ikev1/alg-modp-subgroup/description.txt @@ -0,0 +1,14 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b> +with <b>Prime Order Subgroups</b>. +<p/> +<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas +<b>dave</b> proposes MODP_2048_224 and MODP_2048_256. +Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to +MODP_1024_160 and MODP_2048_256, respectively. +<p/> +Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping +the client <b>alice</b> behind the gateway <b>moon</b>. + diff --git a/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat new file mode 100644 index 000000000..0f71ba5f5 --- /dev/null +++ b/testing/tests/ikev1/alg-modp-subgroup/evaltest.dat @@ -0,0 +1,13 @@ +moon::cat /var/log/auth.log::MODP_2048_224.*refused due to strict flag::YES +moon::ipsec statusall::IPsec SA established::YES +carol::ipsec statusall::IPsec SA established::YES +carol::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA1/MODP_1024_160::YES +dave::ipsec statusall::IPsec SA established::YES +dave::ipsec statusall::IKE proposal: AES_CBC_128/HMAC_SHA2_256/MODP_2048_256::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES + diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..944524020 --- /dev/null +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes128-sha1-modp2048s224,aes128-sha1-modp1024s160! + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..a9de84e91 --- /dev/null +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/dave/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes128-sha256-modp2048s224,aes128-sha256-modp2048s256! + +conn home + left=PH_IP_DAVE + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..424f78bb4 --- /dev/null +++ b/testing/tests/ikev1/alg-modp-subgroup/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes128-sha256-modp2048s256,aes128-sha1-modp1024s160! + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=%any + auto=add diff --git a/testing/tests/ikev1/alg-modp-subgroup/posttest.dat b/testing/tests/ikev1/alg-modp-subgroup/posttest.dat new file mode 100644 index 000000000..7cebd7f25 --- /dev/null +++ b/testing/tests/ikev1/alg-modp-subgroup/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/alg-modp-subgroup/pretest.dat b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat new file mode 100644 index 000000000..42e9d7c24 --- /dev/null +++ b/testing/tests/ikev1/alg-modp-subgroup/pretest.dat @@ -0,0 +1,9 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home diff --git a/testing/tests/ikev1/alg-modp-subgroup/test.conf b/testing/tests/ikev1/alg-modp-subgroup/test.conf new file mode 100644 index 000000000..70416826e --- /dev/null +++ b/testing/tests/ikev1/alg-modp-subgroup/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem index 3c5c5d91d..61d1c34e2 100644 --- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem +++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/ipsec.d/aacerts/aaCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIBCzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIEKjCCAxKgAwIBAgIBHzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDIxNzA4NDQzMFoXDTEwMDIxNjA4NDQzMFowZjELMAkGA1UE +b290IENBMB4XDTEwMDIyNzIxMDUzMFoXDTE1MDIyNjIxMDUzMFowZjELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAsTF0F1dGhv cml6YXRpb24gQXV0aG9yaXR5MRowGAYDVQQDFBFhYUBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL2Czo4Mds6Jz15DWop6ExWI -wWt9zU8Xu//ow1F0Kf9a4DLjo8qO+km3gybByNQQv1LrZ1eq+82Gy4RYXU1FnhC6 -dc8aobDmUQkY/8uYXtUmevKF5QcbYciDLp01W1q0DONAlc/9wmvJWhvjs9itWOBC -fAUcH3eUNvMgkc7hlQTqreZTH4zyJ6M54JibkTsyfVg/1yOT41zUU3b+vI/r9kNB -CYcp2DrdhdxX6mEiSTyDA/OMlgvCa7kPinUL4FJtQOFBozCsGcD28ONLc8Abkggf -NABXCclPVAXOTawJF3dRWcMhIlNLWxWMVRvEt5OkAEdy/mXGBvtVArmGnmA+8zcC -AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFA+6 -5KwThPKc9Vxn0048uRThft1tMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKw0NWg8FpkrWoItNzexEiaS +dESF+blw2+2y51vVmbDk9edfJcjkzBNIEvY/0GXODmcthjExiTNgmNuCdQwapCHx +p39HaD902rzmvflI40dZTmlFcn0Pp41wNbvjVaOpn7f6Mov68YmsoLQr47+OU6sn +d3c8rx+BXO4g6YyRB0xpwB2kfO34FZh7FwOe4sVAJu5E7urK0hij2W1+adZNFg7K +SP2i7llfooxWpS+6Vi6ZjuJ/dcGyvXpXnr0H2x58sZeaB5n8Ay+mhPDX72xXfwEm +s7fztkhqmmix2TVEH96dR99ouCENF1Cm8OCbR1kkhWReL6P0tCbirbwFbZxKtOUC +AwEAAaOCAQIwgf8wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFEvO +LmT1B7kU0IJsJtK+0nZMwxXgMG0GA1UdIwRmMGSAFF2n3XAGUTJ+57Zts7Xl4GDq Lk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dh bjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290IENBggEAMBwGA1UdEQQVMBOBEWFh QHN0cm9uZ3N3YW4ub3JnMDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ry -b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQEEBQADggEBAIeg -CjgR2yIGSuyrFolvEM/qoT3j+LpQREDZbx9BKr3kGmbqF75clwfpysJ4FlXZZ2CR -aH2GoPOZGXwsYc3poqGeeWSxo+fpt4XIGUc1eREXm1rKVMd+qb0u0PXuhq2+u1aY -ZJDY0yqUU2/7AInXjzG7lI120W+K6tuTM/5UVI5EPpAFwUVlCxnMh4Sl4VkgZ2Hw -YnO3/8SEHmHR03/GhOd5d8hD8a0AGHtdOPpZnUOR9PH5FszpQ/alUdn+NTdQ7O2v -Q8jqPCeQSAAkJbBBRvGA4bD6KXt1k74fXXUofiKWpQUozlO1Cc978Kfl5/do5bov -wTLSA/z7c8nVCVoZI9Y= +b25nc3dhbi5vcmcvc3Ryb25nc3dhbi5jcmwwDQYJKoZIhvcNAQELBQADggEBAI2K +atqWeSWcxmcylrBJXkXDOsZtFZAE/kGWD5+T/lDFzE5D0GeDWfHehojtooWGpnL3 +u7xo3h3+qVliYcCFy1zKtPE0lwkBWKFPSw4UNfOmaF4De6Tp1V6FSQE9JPNpcTL/ +aPWFkX69Py8elR8OIsXPlFtOfTbtjZxoGuLNn7BX1XjctG5iIhKs/3TVMdzcyjVL +wKiDE1xq8/Es2pPTgvF8jk7VcNyIGhrlj1IYq35h0RKTSXTCRlczf+lzoPo6Duov +G0r/8VLpI4bBmKN4cIvaRCa4zew8SWpJzg/06zm2QT8eEJVVB499usVf9OVS3Qa5 +8mcNXcKmqcyP2Tlnvbo= -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem index 209b48f3a..250441ad0 100644 --- a/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem +++ b/testing/tests/ikev1/attr-cert/hosts/moon/etc/openac/aaKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvYLOjgx2zonPXkNainoTFYjBa33NTxe7/+jDUXQp/1rgMuOj -yo76SbeDJsHI1BC/UutnV6r7zYbLhFhdTUWeELp1zxqhsOZRCRj/y5he1SZ68oXl -BxthyIMunTVbWrQM40CVz/3Ca8laG+Oz2K1Y4EJ8BRwfd5Q28yCRzuGVBOqt5lMf -jPInozngmJuROzJ9WD/XI5PjXNRTdv68j+v2Q0EJhynYOt2F3FfqYSJJPIMD84yW -C8JruQ+KdQvgUm1A4UGjMKwZwPbw40tzwBuSCB80AFcJyU9UBc5NrAkXd1FZwyEi -U0tbFYxVG8S3k6QAR3L+ZcYG+1UCuYaeYD7zNwIDAQABAoIBAQCCGgsz+dqWcIWs -cRD3gFcZsYkYAoWwhtrKFUIB6X3rkLfaN+16Yi3x7cpcES2OaPDwPCv2Q6warS+K -7B8hrWmWkmvOgrn+eB+p3z+8xh5UttYxKTrSZjn7LhQSWU8eNf2jBfPTlqKi3Ni/ -zNLrLhaV3w7Fc0knDtmqj/GJ1dQ4SrUpME3sREpWbGSzjJ2UsR7iqQiDsYwWHzK2 -nWWwzrSmpObhDR3jiyOwBy/DEjXRC7h0fUL8eBghJvLWgFgifI5Z36FXa0FasxQr -zKZnQdwuJHqQz7+sVjAmKtNd7x7RE5Ii0oQYiWDFr0OAwKD5UfMNydpcOVC/bV2n -SKWmguoBAoGBAO73MTPP9ne4cfC7t4k2+F9hkb7mAjAbk9GbTyZyEKSDKH2bL02W -G4kXdlkvZVgKhIDg8PCouRSQKv2IxubDrarFURb5KMJlyfBV1Q8JSxpVtxK69clq -yIu/AtiiBE/n11MdmdoJLr6l2nNStJummj2jw5OyN8sdJarf83rCy+ITAoGBAMsF -IfivZ+Tueavy0tGRb1qqKalIhwzLBRmWCna39bB9rK4eTNio5Oes95mC7t8mslmO -18enKUTO87svWLzo8NVYIKSqg5B+kIN44hROErlV6HHPVd5vJzZFjH7SSfy5y8Ka -wmsA1xiG6NEgEndc6F6uQ2YdaZAHWFO6CiTNpq7NAoGADXglb9QzAkCFO5p5F+Tf -TxEC1A3G5ctII7JrXbFkOsGh0KKkoezqFGocI57GSZYeLd1/9zCrbftKUQwamftB -mLSSg4b7wylVnpRX9AcEErHuJcIgBIBeWXIkyO0o7RAWVPsAJwgJeHmEvKdWwsc7 -PmoypeqPtoUoEF+bK7o7H70CgYAYlYaHlrX+AuK4766XsgTJ9dEVrrKr2enEL2cU -+THHLXC7pO+pTMprQ4a4ECLc4tK2BZYblyJoMqdRA2q7dXm0W/eX+Q31cV4OjZTS -4KFj0ANVxMWhKdSVvdZFhTFwaQ9DgXoJexCQ58VJjZiu25FH5dJDi0w9JKaNfPm9 -eym0AQKBgHhfqD9EXxazoP27NyZAFUSA3r4u06qFjbAEjbuJVAJNSuEu6Sht2uIg -lCHpTPssDLHVSY0faQwY4vPqJZVg0k/rAu2VlvbJxYrdzXr8eTfPRJrhv/s/Tbro -n1rmisBKov1P2Cu2e03a8+GDO3lpSZr9YNG/e7wggSbfAvqCoUDF +MIIEowIBAAKCAQEArDQ1aDwWmStagi03N7ESJpJ0RIX5uXDb7bLnW9WZsOT1518l +yOTME0gS9j/QZc4OZy2GMTGJM2CY24J1DBqkIfGnf0doP3TavOa9+UjjR1lOaUVy +fQ+njXA1u+NVo6mft/oyi/rxiaygtCvjv45Tqyd3dzyvH4Fc7iDpjJEHTGnAHaR8 +7fgVmHsXA57ixUAm7kTu6srSGKPZbX5p1k0WDspI/aLuWV+ijFalL7pWLpmO4n91 +wbK9eleevQfbHnyxl5oHmfwDL6aE8NfvbFd/ASazt/O2SGqaaLHZNUQf3p1H32i4 +IQ0XUKbw4JtHWSSFZF4vo/S0JuKtvAVtnEq05QIDAQABAoIBAQCbfhUPhtp8+imi +zANFFW2nSK0VxsgEi4T7MIU6Zjh+A3CLuF2c9gPUEUuV8W9SzeoxfmjieLFDpCDC +bR0VjeTRBazR//+A9RoiYlP+CbO4FEr6QYwsovsPetf6TT9iJeMjtBb6UODTCP6f +UdY3fOPN8zgrga87yorINw3MMJSfiI21zSzCkueOQloktBgih5Wueu8FDFUB2fVa +uLTUa+wOhXUBPyF5OXLox5TxE6gBPkiUsnNXP8X/kHLPk2iBQmdxz+uwG/Pz6pS2 +JsmX2WzFJ0+Rj4cJpoa4Ev5uAx79kcXnQT3d5/HIwuh7ZEMKorb1m8w8lhAW4ARU +ddjhLkWhAoGBAOCpDGfLwQHWVejOcjEwfWts0hHLdlNfZEgsLSex2k/U6Mk1TjCo +tAHQOvmqxZDxypJEem3RPaWZh+gttTpHvGkS9fsvTpyARcDp0FXI40hwARPsnMbI +0fDmpVfOOLZdQKMDg42TrZC/mipU68gFP/rYC7xalJs0pe0LL3ffsSC5AoGBAMQ5 +3V6nuucpL87I0fKg56z0/3lcRxI46KuIXhHSAjxNb76cQuxiK8s5TPCot3Unq6GQ +R7Y+dYd1FVEh2i3Q7/Yh/BSeYiDcDf5aELCwY32O/OnSSoNTbgGR5FT+/SHJK5bg +j/O5S7+dajqtC2JZJl8smOeB5c187bc4FU72+6eNAoGAZUiRSTI434Ur0ftQzBBa +WtYClvctb0TwRwFzkhPCon8QO7YGfDVygebIz8pHq6L2ep7Yuy28Jy5icTA6Jf41 +WQGtWALp4/CIggJnZGVe4kdslPj1bUEYNQ0mucFFHCJKg7OP2YIcm8dlz3PdoJ2N +TJ+eGtqTaK2BqK6ERfzZNDECgYBbVTOcYyWzgpAmB4LxE8PB1Sc0LadG7AYgERD3 +6m/v8XsZlVHxBKCtrrYJLf52IUjZonY+dUPvEKgjY0ZSHPYT8i2Ky02RTduVkAZE +t1UXk/5UNvVHuwVw5Z8JkMXxe9k2GL/oCU8gmPxg4zpxRF1/3xosZ2G3C3b52LjS +UFNB4QKBgDX2UmLgRHAXDsmksNZaMUSNk+xws0B1M/EDd9h7e79ilENkOPDLo5+E +z22WPNrgzKEUz44FZZOsislfPE7ffgQcRTxtNWqoElwxuHLuy46jaReL7zJSDtpv +wtn4YoOpH0DnC994nziTQif33FBF/2o8hWoq4vcXKNSMGTwGzi/a -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/description.txt b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt new file mode 100644 index 000000000..bc9b7c760 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gmac/description.txt @@ -0,0 +1,4 @@ +Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only +ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac!</b> +in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks +the established tunnel. diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat new file mode 100644 index 000000000..3ec271cf1 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gmac/evaltest.dat @@ -0,0 +1,7 @@ +moon::ipsec statusall::rw.*IPsec SA established::YES +carol::ipsec statusall::home.*IPsec SA established::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::ipsec statusall::ESP proposal: AES_GMAC_256::YES +carol::ipsec statusall::ESP proposal: AES_GMAC_256::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..69ef8d49d --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -0,0 +1,26 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes256-sha384-modp2048! + esp=aes256gmac! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..41a583763 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + ike=aes256-sha384-modp2048! + esp=aes256gmac! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gmac/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gmac/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev1/esp-alg-aes-gmac/test.conf b/testing/tests/ikev1/esp-alg-aes-gmac/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/ikev1/esp-alg-aes-gmac/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf index 5a444f19c..90eb30a9b 100644 --- a/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool-db-push/hosts/moon/etc/strongswan.conf @@ -4,7 +4,7 @@ pluto { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf index 5a444f19c..90eb30a9b 100644 --- a/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -4,7 +4,7 @@ pluto { load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/ikev1/ip-pool/description.txt b/testing/tests/ikev1/ip-pool/description.txt new file mode 100644 index 000000000..b3f584c57 --- /dev/null +++ b/testing/tests/ikev1/ip-pool/description.txt @@ -0,0 +1,10 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b>. +Both <b>carol</b> and <b>dave</b> request a <b>virtual IP</b> via the IKEv1 Mode Config payload +by using the <b>leftsourceip=%config</b> parameter. The gateway <b>moon</b> assigns virtual +IP addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> in a monotonously +increasing order. +<p> +<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that let pass +the tunneled traffic. In order to test the tunnels, <b>carol</b> and <b>dave</b> then ping +the client <b>alice</b> behind the gateway <b>moon</b>. The source IP addresses of the two +pings will be the virtual IPs <b>carol1</b> and <b>dave1</b>, respectively. diff --git a/testing/tests/ikev1/ip-pool/evaltest.dat b/testing/tests/ikev1/ip-pool/evaltest.dat new file mode 100644 index 000000000..f67ab321b --- /dev/null +++ b/testing/tests/ikev1/ip-pool/evaltest.dat @@ -0,0 +1,26 @@ +carol::cat /var/log/auth.log::setting virtual IP source address to PH_IP_CAROL1::YES +carol::ip addr list dev eth0::PH_IP_CAROL1::YES +carol::ip route list table 220::10.1.0.0/16.*src PH_IP_CAROL1::YES +carol::ipsec status::home.*IPsec SA established::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::cat /var/log/auth.log::setting virtual IP source address to PH_IP_DAVE1::YES +dave::ip addr list dev eth0::PH_IP_DAVE1::YES +dave::ip route list table 220::10.1.0.0/16.*src PH_IP_DAVE1::YES +dave::ipsec status::home.*IPsec SA established::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::cat /var/log/auth.log::adding virtual IP address pool::YES +moon::cat /var/log/auth.log::peer requested virtual IP %any::YES +moon::cat /var/log/auth.log::assigning virtual IP::YES +moon::ipsec leases rw::2/15, 2 online::YES +moon::ipsec leases rw 10.3.0.1::carol@strongswan.org::YES +moon::ipsec leases rw 10.3.0.2::dave@strongswan.org::YES +moon::ipsec statusall::rw.*carol@strongswan.org.*erouted::YES +moon::ipsec statusall::rw.*dave@strongswan.org.*erouted::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::IP carol1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol1.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave1.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave1.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..0c770de9f --- /dev/null +++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..ba5dbdd1d --- /dev/null +++ b/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..163c19516 --- /dev/null +++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..ba5dbdd1d --- /dev/null +++ b/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..ddedd7e7b --- /dev/null +++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn rw + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + right=%any + rightsourceip=10.3.0.0/28 + auto=add diff --git a/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..ba5dbdd1d --- /dev/null +++ b/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/ip-pool/posttest.dat b/testing/tests/ikev1/ip-pool/posttest.dat new file mode 100644 index 000000000..a68e84cbd --- /dev/null +++ b/testing/tests/ikev1/ip-pool/posttest.dat @@ -0,0 +1,8 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +carol::ip addr del 10.3.0.1/32 dev eth0 +dave::ip addr del 10.3.0.2/32 dev eth0 diff --git a/testing/tests/ikev1/ip-pool/pretest.dat b/testing/tests/ikev1/ip-pool/pretest.dat new file mode 100644 index 000000000..014e80517 --- /dev/null +++ b/testing/tests/ikev1/ip-pool/pretest.dat @@ -0,0 +1,10 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +carol::ipsec start +dave::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home +dave::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev1/ip-pool/test.conf b/testing/tests/ikev1/ip-pool/test.conf new file mode 100644 index 000000000..1a8f2a4e0 --- /dev/null +++ b/testing/tests/ikev1/ip-pool/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev1/ip-two-pools-mixed/description.txt b/testing/tests/ikev1/ip-two-pools-mixed/description.txt new file mode 100644 index 000000000..3869ced0a --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/description.txt @@ -0,0 +1,9 @@ +The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>. +Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the +<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP +addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting +to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from an SQLite-based pool +named <b>intpool</b> [10.4.0.1..10.4.1.244] to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface. +<p> +Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and +both ping the gateway <b>moon</b>. diff --git a/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat new file mode 100644 index 000000000..f237ce53f --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/evaltest.dat @@ -0,0 +1,17 @@ +carol::ipsec status::home.*IPsec SA established::YES +alice::ipsec status::home.*IPsec SA established::YES +moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES +moon::ipsec status::int.*alice@strongswan.org.*erouted::YES +moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES +moon::ipsec leases ext::1/15, 1 online::YES +moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES +moon::ipsec pool --status 2> /dev/null::intpool.*10.4.0.1.*10.4.1.244.*static.*1::YES +moon::ipsec pool --leases --filter pool=intpool,addr=10.4.0.1,id=alice@strongswan.org 2> /dev/null::online::YES +carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES +alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES +alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables new file mode 100755 index 000000000..97b773645 --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/init.d/iptables @@ -0,0 +1,78 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow ESP + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MOBIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf new file mode 100755 index 000000000..e8077b22a --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn home + left=%defaultroute + leftsourceip=%config + leftcert=aliceCert.pem + leftid=alice@strongswan.org + leftfirewall=yes + right=PH_IP_MOON1 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..ba5dbdd1d --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..99a8c60ff --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..ba5dbdd1d --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..bb9d03acd --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/init.d/iptables @@ -0,0 +1,91 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + iptables -A INPUT -i eth1 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + iptables -A INPUT -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + iptables -A INPUT -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # masquerade crl fetches to winnetou + iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..e844ba989 --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/ipsec.conf @@ -0,0 +1,28 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + right=%any + +conn int + left=PH_IP_MOON1 + rightsourceip=%intpool + auto=add + +conn ext + left=PH_IP_MOON + rightsourceip=10.3.0.0/28 + auto=add diff --git a/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..90eb30a9b --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf @@ -0,0 +1,17 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl sqlite attr-sql +} + +libhydra { + plugins { + attr-sql { + database = sqlite:///etc/ipsec.d/ipsec.db + } + } +} + +pool { + load = sqlite +} diff --git a/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat new file mode 100644 index 000000000..74e3cf2c0 --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/posttest.dat @@ -0,0 +1,13 @@ +carol::ipsec stop +alice::ipsec stop +moon::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +alice::/etc/init.d/iptables stop 2> /dev/null +carol::ip addr del 10.3.0.1/32 dev eth0 +alice::ip addr del 10.4.0.1/32 dev eth0 +moon::ip route del 10.3.0.0/16 via PH_IP_MOON +moon::ip route del 10.4.0.0/16 via PH_IP_MOON1 +moon::conntrack -F +moon::ipsec pool --del intpool 2> /dev/null +moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat new file mode 100644 index 000000000..21e28ce0c --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/pretest.dat @@ -0,0 +1,15 @@ +moon::cat /etc/ipsec.d/tables.sql > /etc/ipsec.d/ipsec.sql +moon::cat /etc/ipsec.d/ipsec.sql | sqlite3 /etc/ipsec.d/ipsec.db +moon::ipsec pool --add intpool --start 10.4.0.1 --end 10.4.1.244 --timeout 0 2> /dev/null +moon::ip route add 10.3.0.0/16 via PH_IP_MOON +moon::ip route add 10.4.0.0/16 via PH_IP_MOON1 +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +alice::/etc/init.d/iptables start 2> /dev/null +carol::ipsec start +moon::ipsec start +alice::ipsec start +carol::sleep 2 +carol::ipsec up home +alice::ipsec up home +alice::sleep 1 diff --git a/testing/tests/ikev1/ip-two-pools-mixed/test.conf b/testing/tests/ikev1/ip-two-pools-mixed/test.conf new file mode 100644 index 000000000..329774c0a --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools-mixed/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="alice carol" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="alice moon carol" diff --git a/testing/tests/ikev1/ip-two-pools/description.txt b/testing/tests/ikev1/ip-two-pools/description.txt new file mode 100644 index 000000000..33a5187c5 --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/description.txt @@ -0,0 +1,9 @@ +The hosts <b>alice</b> and <b>carol</b> set up a tunnel connection each to gateway <b>moon</b>. +Both hosts request a <b>virtual IP</b> via the IKEv1 Mode Config payload by using the +<b>leftsourceip=%config</b> parameter. Gateway <b>moon</b> assigns virtual IP +addresses from a simple pool defined by <b>rightsourceip=10.3.0.0/28</b> to hosts connecting +to the <b>eth0</b> (PH_IP_MOON) interface and virtual IP addresses from a simple pool defined +by <b>rightsourceip=10.4.0.0/28</b> to hosts connecting to the <b>eth1</b> (PH_IP_MOON1) interface. +<p> +Thus <b>carol</b> is assigned <b>PH_IP_CAROL1</b> whereas <b>alice</b> gets <b>10.4.0.1</b> and +both ping the gateway <b>moon</b>. diff --git a/testing/tests/ikev1/ip-two-pools/evaltest.dat b/testing/tests/ikev1/ip-two-pools/evaltest.dat new file mode 100644 index 000000000..2f19a77ba --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/evaltest.dat @@ -0,0 +1,18 @@ +carol::ipsec status::home.*IPsec SA established::YES +alice::ipsec status::home.*IPsec SA established::YES +moon::ipsec status::ext.*carol@strongswan.org.*erouted::YES +moon::ipsec status::int.*alice@strongswan.org.*erouted::YES +moon::cat /var/log/auth.log::adding virtual IP address pool.*int.*10.4.0.0/28::YES +moon::cat /var/log/auth.log::adding virtual IP address pool.*ext.*10.3.0.0/28::YES +moon::ipsec leases ext::1/15, 1 online::YES +moon::ipsec leases int::1/15, 1 online::YES +moon::ipsec leases ext 10.3.0.1::carol@strongswan.org::YES +moon::ipsec leases int 10.4.0.1::alice@strongswan.org::YES +carol::cat /var/log/auth.log::setting virtual IP source address to 10.3.0.1::YES +alice::cat /var/log/auth.log::setting virtual IP source address to 10.4.0.1::YES +carol::ping -c 1 PH_IP_MOON::64 bytes from PH_IP_MOON: icmp_seq=1::YES +alice::ping -c 1 PH_IP_MOON1::64 bytes from PH_IP_MOON1: icmp_seq=1::YES +carol::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +carol::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +alice::tcpdump::IP alice.strongswan.org > moon1.strongswan.org: ESP::YES +alice::tcpdump::IP moon1.strongswan.org > alice.strongswan.org: ESP::YES diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables new file mode 100755 index 000000000..97b773645 --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/init.d/iptables @@ -0,0 +1,78 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow ESP + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MOBIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf new file mode 100755 index 000000000..e8077b22a --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn home + left=%defaultroute + leftsourceip=%config + leftcert=aliceCert.pem + leftid=alice@strongswan.org + leftfirewall=yes + right=PH_IP_MOON1 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf new file mode 100644 index 000000000..ba5dbdd1d --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/hosts/alice/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..99a8c60ff --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..ba5dbdd1d --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/hosts/carol/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..bb9d03acd --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/init.d/iptables @@ -0,0 +1,91 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + iptables -A INPUT -i eth1 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth1 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + iptables -A INPUT -i eth1 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + iptables -A INPUT -i eth1 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth1 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A FORWARD -o eth0 -i eth1 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # masquerade crl fetches to winnetou + iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/16 -d PH_IP_WINNETOU -j MASQUERADE + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..4771e26d6 --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/ipsec.conf @@ -0,0 +1,28 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + charonstart=no + plutodebug=control + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev1 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + right=%any + +conn int + left=PH_IP_MOON1 + rightsourceip=10.4.0.0/28 + auto=add + +conn ext + left=PH_IP_MOON + rightsourceip=10.3.0.0/28 + auto=add diff --git a/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..ba5dbdd1d --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +pluto { + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl +} + +# pluto uses optimized DH exponent sizes (RFC 3526) + +libstrongswan { + dh_exponent_ansi_x9_42 = no +} diff --git a/testing/tests/ikev1/ip-two-pools/posttest.dat b/testing/tests/ikev1/ip-two-pools/posttest.dat new file mode 100644 index 000000000..4474e5ade --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/posttest.dat @@ -0,0 +1,12 @@ +alice::ipsec stop +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +alice::/etc/init.d/iptables stop 2> /dev/null +carol::ip addr del 10.3.0.1/32 dev eth0 +alice::ip addr del 10.4.0.1/32 dev eth0 +moon::ip route del 10.3.0.0/16 via 192.168.0.1 +moon::ip route del 10.4.0.0/16 via 10.1.0.1 +moon::conntrack -F +moon::rm /etc/ipsec.d/ipsec.* diff --git a/testing/tests/ikev1/ip-two-pools/pretest.dat b/testing/tests/ikev1/ip-two-pools/pretest.dat new file mode 100644 index 000000000..8091a6ed2 --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/pretest.dat @@ -0,0 +1,12 @@ +moon::ip route add 10.3.0.0/16 via 192.168.0.1 +moon::ip route add 10.4.0.0/16 via 10.1.0.1 +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +alice::/etc/init.d/iptables start 2> /dev/null +carol::ipsec start +moon::ipsec start +alice::ipsec start +carol::sleep 2 +carol::ipsec up home +alice::ipsec up home +alice::sleep 1 diff --git a/testing/tests/ikev1/ip-two-pools/test.conf b/testing/tests/ikev1/ip-two-pools/test.conf new file mode 100644 index 000000000..329774c0a --- /dev/null +++ b/testing/tests/ikev1/ip-two-pools/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="alice carol" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="alice moon carol" diff --git a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf index 83cdb0d28..21493adc3 100644 --- a/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/mode-config-multiple/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr dns1 = PH_IP_WINNETOU dns2 = PH_IP6_VENUS } diff --git a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf index 83cdb0d28..21493adc3 100644 --- a/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev1/mode-config/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file pluto { - load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl + load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl attr dns1 = PH_IP_WINNETOU dns2 = PH_IP6_VENUS } diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev1/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev1/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev1/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev1/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev1/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev1/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev1/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev1/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev1/protoport-route/pretest.dat b/testing/tests/ikev1/protoport-route/pretest.dat index b1fc81827..d52aeaeb8 100644 --- a/testing/tests/ikev1/protoport-route/pretest.dat +++ b/testing/tests/ikev1/protoport-route/pretest.dat @@ -2,7 +2,7 @@ moon::/etc/init.d/iptables start 2> /dev/null carol::/etc/init.d/iptables start 2> /dev/null moon::ipsec start carol::ipsec start -carol::sleep 1 +carol::sleep 3 carol::ssh -o ConnectTimeout=5 PH_IP_ALICE hostname -carol::ping -c 1 PH_IP_ALICE > /dev/null -carol::sleep 2 +carol::ping -c 1 PH_IP_MOON1 > /dev/null +carol::sleep 2 diff --git a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-3des-md5/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf index 95ec73753..336227af7 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown + load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf index 95ec73753..336227af7 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown + load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf index 95ec73753..336227af7 100644 --- a/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { dh_exponent_ansi_x9_42 = no - load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink updown + load = aes des blowfish md5 sha1 sha2 pem pkcs1 gmp curl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-modp-subgroup/description.txt b/testing/tests/ikev2/alg-modp-subgroup/description.txt new file mode 100644 index 000000000..cb7d11720 --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/description.txt @@ -0,0 +1,14 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each +to gateway <b>moon</b> using the <b>MODP Diffie-Hellman Groups 22, 23, and 24</b> +with <b>Prime Order Subgroups</b>. +<p/> +<b>carol</b> proposes the DH groups MODP_2048_224 and MODP_1024_160 whereas +<b>dave</b> proposes MODP_2048_224 and MODP_2048_256. +Since <b>moon</b> does not support MODP_2048_224 the roadwarriors fall back to +MODP_1024_160 and MODP_2048_256, respectively. +<p/> +Upon the successful establishment of the IPsec tunnels, <b>leftfirewall=yes</b> +automatically inserts iptables-based firewall rules that let pass the tunneled traffic. +In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping +the client <b>alice</b> behind the gateway <b>moon</b>. + diff --git a/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat new file mode 100644 index 000000000..80df206bf --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/evaltest.dat @@ -0,0 +1,15 @@ +carol::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_1024_160::YES +dave::cat /var/log/daemon.log::DH group MODP_2048_224.*MODP_2048_256::YES +moon::ipsec statusall::rw.*ESTABLISHED.*carol@strongswan.org::YES +moon::ipsec statusall::rw.*ESTABLISHED.*dave@strongswan.org::YES +carol::ipsec statusall::home.*ESTABLISHED::YES +carol::ipsec statusall::home.*AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_160::YES +dave::ipsec statusall::home.*ESTABLISHED::YES +dave::ipsec statusall::home.*AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES + diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..257923d02 --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha1-modp2048s224,aes128-sha1-modp1024s160! + +conn home + left=PH_IP_CAROL + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..de9ae45cc --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..9b5247973 --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha256-modp2048s224,aes128-sha256-modp2048s256! + +conn home + left=PH_IP_DAVE + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightid=@moon.strongswan.org + rightsubnet=10.1.0.0/16 + auto=add diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..de9ae45cc --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..2b66e3400 --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes128-sha256-modp2048s256,aes128-sha1-modp1024s160! + +conn rw + left=PH_IP_MOON + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + leftfirewall=yes + right=%any + auto=add diff --git a/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..de9ae45cc --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/ikev2/alg-modp-subgroup/posttest.dat b/testing/tests/ikev2/alg-modp-subgroup/posttest.dat new file mode 100644 index 000000000..7cebd7f25 --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/alg-modp-subgroup/pretest.dat b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat new file mode 100644 index 000000000..42e9d7c24 --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/pretest.dat @@ -0,0 +1,9 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +dave::ipsec start +carol::sleep 1 +carol::ipsec up home +dave::ipsec up home diff --git a/testing/tests/ikev2/alg-modp-subgroup/test.conf b/testing/tests/ikev2/alg-modp-subgroup/test.conf new file mode 100644 index 000000000..70416826e --- /dev/null +++ b/testing/tests/ikev2/alg-modp-subgroup/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf index 4ae78cec5..06304115b 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf index 4ae78cec5..06304115b 100644 --- a/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256-96/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha256/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha384/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/alg-sha512/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf index 86a0257ad..3fbdad4f9 100644 --- a/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/alice/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf index 86a0257ad..3fbdad4f9 100644 --- a/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/bob/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf index 86a0257ad..3fbdad4f9 100644 --- a/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf index 86a0257ad..3fbdad4f9 100644 --- a/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/any-interface/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default multiple_authentication = no } diff --git a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload-swapped/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf index ff38e227b..5af37dc90 100644 --- a/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf index ff38e227b..5af37dc90 100644 --- a/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf index 51810734d..223ed67a3 100644 --- a/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown attr + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr dns1 = PH_IP_WINNETOU dns2 = PH_IP_VENUS } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf index c9e6722ae..bb4af2c75 100644 --- a/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf index c9e6722ae..bb4af2c75 100644 --- a/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf index c466dc8cf..4890be7cc 100644 --- a/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/default-keys/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } scepclient { diff --git a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf index c466dc8cf..4890be7cc 100644 --- a/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/default-keys/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } scepclient { diff --git a/testing/tests/ikev2/dhcp-dynamic/description.txt b/testing/tests/ikev2/dhcp-dynamic/description.txt new file mode 100644 index 000000000..b29a1de78 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/description.txt @@ -0,0 +1,8 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> +and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b> +parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS server +information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned dynamically +by <b>venus</b> from the pool 10.1.0.50..10.1.0.60 so that <b>carol</b> and <b>dave</b> become full members +of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to the <b>farp</b> plugin +through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b> who wants to ping +<b>carol</b> and <b>dave</b>. diff --git a/testing/tests/ikev2/dhcp-dynamic/evaltest.dat b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat new file mode 100644 index 000000000..b3814084f --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/evaltest.dat @@ -0,0 +1,22 @@ +carol::ipsec status::home.*INSTALLED::YES +alice::ping -c 1 10.1.0.50::64 bytes from 10.1.0.50: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ipsec status::home.*INSTALLED::YES +alice::ping -c 1 10.1.0.51::64 bytes from 10.1.0.51: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.50/32::YES +moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.51/32::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::arp reply carol3.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP carol3.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol3.strongswan.org: ICMP echo reply::YES +alice::tcpdump::arp reply dave3.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave3.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave3.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..a19f6cfae --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..5af37dc90 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve +} diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..1a89f4e5d --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..5af37dc90 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve +} diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf new file mode 100644 index 000000000..0340d5669 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/dhcpd.conf @@ -0,0 +1,9 @@ +subnet 10.1.0.0 netmask 255.255.0.0 { + option routers 10.1.0.1; + option broadcast-address 10.1.255.255; + option domain-name servers PH_IP_WINNETOU PH_IP_VENUS + option netbios-name-servers PH_IP_VENUS; + + # dynamic address pool for visitors + range 10.1.0.30 10.1.0.50; +} diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..058bebb2d --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/init.d/iptables @@ -0,0 +1,91 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow bootpc and bootps + iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT + iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT + + # allow broadcasts from eth1 + iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + iptables -A INPUT -j LOG --log-prefix " IN: " + iptables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..3868a7a38 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + +conn rw + right=%any + rightsourceip=%dhcp + auto=add diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..146c81f48 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf @@ -0,0 +1,10 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + plugins { + dhcp { + server = 10.1.255.255 + } + } +} diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf new file mode 100644 index 000000000..2176af702 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dhcpd.conf @@ -0,0 +1,14 @@ +# dhcpd configuration file + +ddns-update-style none; + +subnet 10.1.0.0 netmask 255.255.0.0 { + option domain-name "strongswan.org"; + option domain-name-servers 10.1.0.20; + option netbios-name-servers 10.1.0.10; + option routers 10.1.0.1; + option broadcast-address 10.1.255.255; + next-server 10.1.0.20; + + range 10.1.0.50 10.1.0.60; +} diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf new file mode 100644 index 000000000..2d35dfd64 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/dnsmasq.conf @@ -0,0 +1,7 @@ +interface=eth0 +dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255 +dhcp-option=option:router,10.1.0.1 +dhcp-option=option:dns-server,10.1.0.20 +dhcp-option=option:netbios-ns,10.1.0.10 +dhcp-option=option:domain-name,strongswan.org +log-dhcp diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd new file mode 100755 index 000000000..4044dcc35 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/hosts/venus/etc/init.d/dhcpd @@ -0,0 +1,24 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop" + +depend() { + need net + need logger +} + +start() { + ebegin "Starting DHCP server" + start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd + eend $? +} + +stop() { + ebegin "Stopping DHCP server" + start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid + rm -f /var/state/dhcp/dhcpd.leases + touch /var/state/dhcp/dhcpd.leases + eend $? +} diff --git a/testing/tests/ikev2/dhcp-dynamic/posttest.dat b/testing/tests/ikev2/dhcp-dynamic/posttest.dat new file mode 100644 index 000000000..1f5487596 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/posttest.dat @@ -0,0 +1,10 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +venus::cat /var/state/dhcp/dhcpd.leases +venus::/etc/init.d/dhcpd stop 2> /dev/null +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +alice::arp -d 10.1.0.50 +alice::arp -d 10.1.0.51 diff --git a/testing/tests/ikev2/dhcp-dynamic/pretest.dat b/testing/tests/ikev2/dhcp-dynamic/pretest.dat new file mode 100644 index 000000000..bd36b4fe3 --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/pretest.dat @@ -0,0 +1,12 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +venus::cat /etc/dhcpd.conf +venus::/etc/init.d/dhcpd start 2> /dev/null +carol::ipsec start +dave::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home +dave::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/dhcp-dynamic/test.conf b/testing/tests/ikev2/dhcp-dynamic/test.conf new file mode 100644 index 000000000..a2ad7b25f --- /dev/null +++ b/testing/tests/ikev2/dhcp-dynamic/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev2/dhcp-static-client-id/description.txt b/testing/tests/ikev2/dhcp-static-client-id/description.txt new file mode 100644 index 000000000..d253a8865 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/description.txt @@ -0,0 +1,11 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> +and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b> +parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server +information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically +by <b>venus</b> based on the IKEv2 peer identities <b>carol@strongswan.org</b> and <b>dave@strongswan.org</b>, +respectively, included by the dhcp plugin as a <b>dhcp-client-identity</b> option in the DHCP request. +<p/> +With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b> +become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to +the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b> +who wants to ping <b>carol</b> and <b>dave</b>. diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat new file mode 100644 index 000000000..8abd2416a --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat @@ -0,0 +1,22 @@ +carol::ipsec status::home.*INSTALLED::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ipsec status::home.*INSTALLED::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES +moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES +alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..a19f6cfae --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..5af37dc90 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve +} diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..1a89f4e5d --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..5af37dc90 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve +} diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf new file mode 100644 index 000000000..0340d5669 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/dhcpd.conf @@ -0,0 +1,9 @@ +subnet 10.1.0.0 netmask 255.255.0.0 { + option routers 10.1.0.1; + option broadcast-address 10.1.255.255; + option domain-name servers PH_IP_WINNETOU PH_IP_VENUS + option netbios-name-servers PH_IP_VENUS; + + # dynamic address pool for visitors + range 10.1.0.30 10.1.0.50; +} diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..058bebb2d --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/init.d/iptables @@ -0,0 +1,91 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow bootpc and bootps + iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT + iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT + + # allow broadcasts from eth1 + iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + iptables -A INPUT -j LOG --log-prefix " IN: " + iptables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..3868a7a38 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + +conn rw + right=%any + rightsourceip=%dhcp + auto=add diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..146c81f48 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf @@ -0,0 +1,10 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + plugins { + dhcp { + server = 10.1.255.255 + } + } +} diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf new file mode 100644 index 000000000..44ee681b6 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dhcpd.conf @@ -0,0 +1,25 @@ +# dhcpd configuration file + +ddns-update-style none; + +subnet 10.1.0.0 netmask 255.255.0.0 { + option domain-name "strongswan.org"; + option domain-name-servers 10.1.0.20; + option netbios-name-servers 10.1.0.10; + option routers 10.1.0.1; + option broadcast-address 10.1.255.255; + next-server 10.1.0.20; + + range 10.1.0.50 10.1.0.60; +} + +host carol { + option dhcp-client-identifier "carol@strongswan.org"; + fixed-address 10.1.0.30; +} + +host dave { + option dhcp-client-identifier "dave@strongswan.org"; + fixed-address 10.1.0.40; +} + diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf new file mode 100644 index 000000000..5672236a0 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/dnsmasq.conf @@ -0,0 +1,9 @@ +interface=eth0 +dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255 +dhcp-host=id:carol@strongswan.org,10.1.0.30 +dhcp-host=id:dave@strongswan.org,10.1.0.40 +dhcp-option=option:router,10.1.0.1 +dhcp-option=option:dns-server,10.1.0.20 +dhcp-option=option:netbios-ns,10.1.0.10 +dhcp-option=option:domain-name,strongswan.org +log-dhcp diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd new file mode 100755 index 000000000..4044dcc35 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/venus/etc/init.d/dhcpd @@ -0,0 +1,24 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop" + +depend() { + need net + need logger +} + +start() { + ebegin "Starting DHCP server" + start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd + eend $? +} + +stop() { + ebegin "Stopping DHCP server" + start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid + rm -f /var/state/dhcp/dhcpd.leases + touch /var/state/dhcp/dhcpd.leases + eend $? +} diff --git a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat new file mode 100644 index 000000000..e1aadc618 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat @@ -0,0 +1,9 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +venus::/etc/init.d/dhcpd stop 2> /dev/null +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +alice::arp -d 10.1.0.30 +alice::arp -d 10.1.0.40 diff --git a/testing/tests/ikev2/dhcp-static-client-id/pretest.dat b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat new file mode 100644 index 000000000..bd36b4fe3 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/pretest.dat @@ -0,0 +1,12 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +venus::cat /etc/dhcpd.conf +venus::/etc/init.d/dhcpd start 2> /dev/null +carol::ipsec start +dave::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home +dave::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/dhcp-static-client-id/test.conf b/testing/tests/ikev2/dhcp-static-client-id/test.conf new file mode 100644 index 000000000..a2ad7b25f --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-client-id/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev2/dhcp-static-mac/description.txt b/testing/tests/ikev2/dhcp-static-mac/description.txt new file mode 100644 index 000000000..ed7525c87 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/description.txt @@ -0,0 +1,12 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> +and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b> +parameter. The <b>dhcp</b> plugin on gateway <b>moon</b> then requests an IP address and DNS/WINS server +information from DHCP server <b>venus</b> using the DHCP protocol. The IP addresses are assigned statically +by <b>venus</b> based on the user-defined MAC address derived by the <b>dhcp</b> plugin from a hash over +the client identity. This deterministic MAC generation is activated with the strongswan.conf setting +<b>charon.plugins.dhcp.identity_lease = yes</b>. +<p/> +With the static assignment of 10.1.0.30 and 10.1.0.40, respectively, <b>carol</b> and <b>dave</b> +become full members of the subnet 10.1.0.0/16 hidden behind gateway <b>moon</b>. And this thanks to +the <b>farp</b> plugin through which <b>moon</b> acts as a proxy for ARP requests e.g. from <b>alice</b> +who wants to ping <b>carol</b> and <b>dave</b>. diff --git a/testing/tests/ikev2/dhcp-static-mac/evaltest.dat b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat new file mode 100644 index 000000000..8abd2416a --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/evaltest.dat @@ -0,0 +1,22 @@ +carol::ipsec status::home.*INSTALLED::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ipsec status::home.*INSTALLED::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.30/32::YES +moon::ipsec status::rw{.*10.1.0.0/16 === 10.1.0.40/32::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES +alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..a19f6cfae --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..5af37dc90 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve +} diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..1a89f4e5d --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..5af37dc90 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve +} diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf new file mode 100644 index 000000000..0340d5669 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/dhcpd.conf @@ -0,0 +1,9 @@ +subnet 10.1.0.0 netmask 255.255.0.0 { + option routers 10.1.0.1; + option broadcast-address 10.1.255.255; + option domain-name servers PH_IP_WINNETOU PH_IP_VENUS + option netbios-name-servers PH_IP_VENUS; + + # dynamic address pool for visitors + range 10.1.0.30 10.1.0.50; +} diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables new file mode 100755 index 000000000..058bebb2d --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/init.d/iptables @@ -0,0 +1,91 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop reload" + +depend() { + before net + need logger +} + +start() { + ebegin "Starting firewall" + + # enable IP forwarding + echo 1 > /proc/sys/net/ipv4/ip_forward + + # default policy is DROP + /sbin/iptables -P INPUT DROP + /sbin/iptables -P OUTPUT DROP + /sbin/iptables -P FORWARD DROP + + # allow bootpc and bootps + iptables -A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT + iptables -A INPUT -p udp --sport bootps --dport bootps -j ACCEPT + + # allow broadcasts from eth1 + iptables -A INPUT -i eth1 -d 10.1.255.255 -j ACCEPT + + # allow esp + iptables -A INPUT -i eth0 -p 50 -j ACCEPT + iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT + + # allow IKE + iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT + + # allow MobIKE + iptables -A INPUT -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT + iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT + + # allow crl fetch from winnetou + iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT + iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT + + # allow ssh + iptables -A INPUT -p tcp --dport 22 -j ACCEPT + iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT + + # log dropped packets + iptables -A INPUT -j LOG --log-prefix " IN: " + iptables -A OUTPUT -j LOG --log-prefix " OUT: " + + eend $? +} + +stop() { + ebegin "Stopping firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + + if [ $a == nat ]; then + /sbin/iptables -t nat -P PREROUTING ACCEPT + /sbin/iptables -t nat -P POSTROUTING ACCEPT + /sbin/iptables -t nat -P OUTPUT ACCEPT + elif [ $a == mangle ]; then + /sbin/iptables -t mangle -P PREROUTING ACCEPT + /sbin/iptables -t mangle -P INPUT ACCEPT + /sbin/iptables -t mangle -P FORWARD ACCEPT + /sbin/iptables -t mangle -P OUTPUT ACCEPT + /sbin/iptables -t mangle -P POSTROUTING ACCEPT + elif [ $a == filter ]; then + /sbin/iptables -t filter -P INPUT ACCEPT + /sbin/iptables -t filter -P FORWARD ACCEPT + /sbin/iptables -t filter -P OUTPUT ACCEPT + fi + done + eend $? +} + +reload() { + ebegin "Flushing firewall" + for a in `cat /proc/net/ip_tables_names`; do + /sbin/iptables -F -t $a + /sbin/iptables -X -t $a + done; + eend $? + start +} + diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..3868a7a38 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/ipsec.conf @@ -0,0 +1,23 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + +conn rw + right=%any + rightsourceip=%dhcp + auto=add diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..40c3c2418 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf @@ -0,0 +1,11 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp dhcp + plugins { + dhcp { + server = 10.1.255.255 + identity_lease = yes + } + } +} diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf new file mode 100644 index 000000000..20666f701 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dhcpd.conf @@ -0,0 +1,25 @@ +# dhcpd configuration file + +ddns-update-style none; + +subnet 10.1.0.0 netmask 255.255.0.0 { + option domain-name "strongswan.org"; + option domain-name-servers 10.1.0.20; + option netbios-name-servers 10.1.0.10; + option routers 10.1.0.1; + option broadcast-address 10.1.255.255; + next-server 10.1.0.20; + + range 10.1.0.50 10.1.0.60; +} + +host carol { + hardware ethernet 7a:a7:8f:fc:db:3b; + fixed-address 10.1.0.30; +} + +host dave { + hardware ethernet 7a:a7:35:78:bc:85; + fixed-address 10.1.0.40; +} + diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf new file mode 100644 index 000000000..e3729081f --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/dnsmasq.conf @@ -0,0 +1,9 @@ +interface=eth0 +dhcp-range=10.1.0.50,10.1.0.60,255.255.0.0,10.1.255.255 +dhcp-host=7a:a7:8f:fc:db:3b,10.1.0.30 +dhcp-host=7a:a7:35:78:bc:85,10.1.0.40 +dhcp-option=option:router,10.1.0.1 +dhcp-option=option:dns-server,10.1.0.20 +dhcp-option=option:netbios-ns,10.1.0.10 +dhcp-option=option:domain-name,strongswan.org +log-dhcp diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd new file mode 100755 index 000000000..4044dcc35 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/hosts/venus/etc/init.d/dhcpd @@ -0,0 +1,24 @@ +#!/sbin/runscript +# Copyright 1999-2004 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +opts="start stop" + +depend() { + need net + need logger +} + +start() { + ebegin "Starting DHCP server" + start-stop-daemon --start --quiet --exec /usr/sbin/dhcpd + eend $? +} + +stop() { + ebegin "Stopping DHCP server" + start-stop-daemon --stop --quiet --pidfile /var/run/dhcpd.pid + rm -f /var/state/dhcp/dhcpd.leases + touch /var/state/dhcp/dhcpd.leases + eend $? +} diff --git a/testing/tests/ikev2/dhcp-static-mac/posttest.dat b/testing/tests/ikev2/dhcp-static-mac/posttest.dat new file mode 100644 index 000000000..e1aadc618 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/posttest.dat @@ -0,0 +1,9 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +venus::/etc/init.d/dhcpd stop 2> /dev/null +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null +alice::arp -d 10.1.0.30 +alice::arp -d 10.1.0.40 diff --git a/testing/tests/ikev2/dhcp-static-mac/pretest.dat b/testing/tests/ikev2/dhcp-static-mac/pretest.dat new file mode 100644 index 000000000..bd36b4fe3 --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/pretest.dat @@ -0,0 +1,12 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +venus::cat /etc/dhcpd.conf +venus::/etc/init.d/dhcpd start 2> /dev/null +carol::ipsec start +dave::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home +dave::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/dhcp-static-mac/test.conf b/testing/tests/ikev2/dhcp-static-mac/test.conf new file mode 100644 index 000000000..a2ad7b25f --- /dev/null +++ b/testing/tests/ikev2/dhcp-static-mac/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice venus moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-v-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf +++ b/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-hold/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/description.txt b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt new file mode 100644 index 000000000..823ec253d --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/description.txt @@ -0,0 +1,4 @@ +Roadwarrior <b>carol</b> proposes to gateway <b>moon</b> the authentication-only +ESP cipher suite <b>NULL_AES_GMAC_256</b> by defining <b>esp=aes256gmac-modp2048!</b> +in ipsec.conf. A ping from <b>carol</b> to <b>alice</b> successfully checks +the established tunnel. diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat new file mode 100644 index 000000000..534f6d452 --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/evaltest.dat @@ -0,0 +1,7 @@ +moon::ipsec statusall::rw.*INSTALLED::YES +carol::ipsec statusall::home.*INSTALLED::YES +carol::ping -c 1 -s 120 -p deadbeef PH_IP_ALICE::128 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::ipsec statusall::NULL_AES_GMAC_256::YES +carol::ipsec statusall::NULL_AES_GMAC_256::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP.*length 184::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP.*length 184::YES diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..f3a266c7d --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/ipsec.conf @@ -0,0 +1,25 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-aesxcbc-modp2048! + esp=aes256gmac-modp2048! + +conn home + left=PH_IP_CAROL + leftfirewall=yes + leftcert=carolCert.pem + leftid=carol@strongswan.org + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..de9ae45cc --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..bbdb38301 --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=yes + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + ike=aes256-aesxcbc-modp2048! + esp=aes256gmac-modp2048! + +conn rw + left=PH_IP_MOON + leftfirewall=yes + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftsubnet=10.1.0.0/16 + right=%any + auto=add diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..de9ae45cc --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown +} diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat new file mode 100644 index 000000000..94a400606 --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/posttest.dat @@ -0,0 +1,4 @@ +moon::ipsec stop +carol::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat new file mode 100644 index 000000000..f360351e1 --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/pretest.dat @@ -0,0 +1,6 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +moon::ipsec start +carol::ipsec start +carol::sleep 1 +carol::ipsec up home diff --git a/testing/tests/ikev2/esp-alg-aes-gmac/test.conf b/testing/tests/ikev2/esp-alg-aes-gmac/test.conf new file mode 100644 index 000000000..acb73b06f --- /dev/null +++ b/testing/tests/ikev2/esp-alg-aes-gmac/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="moon carol winnetou" + +# Corresponding block diagram +# +DIAGRAM="m-c-w.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol" diff --git a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/farp/description.txt b/testing/tests/ikev2/farp/description.txt new file mode 100644 index 000000000..04e1c10e5 --- /dev/null +++ b/testing/tests/ikev2/farp/description.txt @@ -0,0 +1,6 @@ +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> +and request a <b>virtual IP</b> via the IKEv2 configuration payload by using the <b>leftsourceip=%config</b> +parameter. The virtual addresses assigned to the clients by gateway <b>moon</b> belong to the +subnet 10.1.0.0/16 hidden behind the gateway so that <b>carol</b> and <b>dave</b> become full members of +this network. And this thanks to the <b>farp</b> plugin through which <b>moon</b> acts as a proxy +for ARP requests e.g. from <b>alice</b> who wants to ping <b>carol</b> and <b>dave</b>. diff --git a/testing/tests/ikev2/farp/evaltest.dat b/testing/tests/ikev2/farp/evaltest.dat new file mode 100644 index 000000000..d48812f47 --- /dev/null +++ b/testing/tests/ikev2/farp/evaltest.dat @@ -0,0 +1,22 @@ +carol::ipsec status::home.*INSTALLED::YES +alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_seq=1::YES +carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +dave::ipsec status::home.*INSTALLED::YES +alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_seq=1::YES +dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES +moon::ipsec status::rw-carol.*INSTALLED::YES +moon::ipsec status::rw-dave.*INSTALLED::YES +moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES +moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES +moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES +alice::tcpdump::arp reply carol2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP carol2.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > carol2.strongswan.org: ICMP echo reply::YES +alice::tcpdump::arp reply dave2.strongswan.org is-at fe:fd:0a:01:00:01::YES +alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES +alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES +alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf new file mode 100755 index 000000000..a19f6cfae --- /dev/null +++ b/testing/tests/ikev2/farp/hosts/carol/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_CAROL + leftsourceip=%config + leftcert=carolCert.pem + leftid=carol@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf new file mode 100644 index 000000000..5af37dc90 --- /dev/null +++ b/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve +} diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf new file mode 100755 index 000000000..1a89f4e5d --- /dev/null +++ b/testing/tests/ikev2/farp/hosts/dave/etc/ipsec.conf @@ -0,0 +1,24 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + +conn home + left=PH_IP_DAVE + leftsourceip=%config + leftcert=daveCert.pem + leftid=dave@strongswan.org + leftfirewall=yes + right=PH_IP_MOON + rightsubnet=10.1.0.0/16 + rightid=@moon.strongswan.org + auto=add diff --git a/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf new file mode 100644 index 000000000..5af37dc90 --- /dev/null +++ b/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf @@ -0,0 +1,5 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve +} diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf new file mode 100755 index 000000000..19dd5d3e6 --- /dev/null +++ b/testing/tests/ikev2/farp/hosts/moon/etc/ipsec.conf @@ -0,0 +1,30 @@ +# /etc/ipsec.conf - strongSwan IPsec configuration file + +config setup + crlcheckinterval=180 + strictcrlpolicy=no + plutostart=no + +conn %default + ikelifetime=60m + keylife=20m + rekeymargin=3m + keyingtries=1 + keyexchange=ikev2 + left=PH_IP_MOON + leftsubnet=10.1.0.0/16 + leftcert=moonCert.pem + leftid=@moon.strongswan.org + leftfirewall=yes + +conn rw-carol + right=%any + rightid=carol@strongswan.org + rightsourceip=10.1.0.30 + auto=add + +conn rw-dave + right=%any + rightid=dave@strongswan.org + rightsourceip=10.1.0.40 + auto=add diff --git a/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf new file mode 100644 index 000000000..4585d928a --- /dev/null +++ b/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf @@ -0,0 +1,7 @@ +# /etc/strongswan.conf - strongSwan configuration file + +charon { + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown attr farp + dns1 = PH_IP_WINNETOU + dns2 = PH_IP_VENUS +} diff --git a/testing/tests/ikev2/farp/posttest.dat b/testing/tests/ikev2/farp/posttest.dat new file mode 100644 index 000000000..7cebd7f25 --- /dev/null +++ b/testing/tests/ikev2/farp/posttest.dat @@ -0,0 +1,6 @@ +moon::ipsec stop +carol::ipsec stop +dave::ipsec stop +moon::/etc/init.d/iptables stop 2> /dev/null +carol::/etc/init.d/iptables stop 2> /dev/null +dave::/etc/init.d/iptables stop 2> /dev/null diff --git a/testing/tests/ikev2/farp/pretest.dat b/testing/tests/ikev2/farp/pretest.dat new file mode 100644 index 000000000..709931e1b --- /dev/null +++ b/testing/tests/ikev2/farp/pretest.dat @@ -0,0 +1,12 @@ +moon::/etc/init.d/iptables start 2> /dev/null +carol::/etc/init.d/iptables start 2> /dev/null +dave::/etc/init.d/iptables start 2> /dev/null +alice::arp -d 10.1.0.30 +alice::arp -d 10.1.0.40 +carol::ipsec start +dave::ipsec start +moon::ipsec start +carol::sleep 2 +carol::ipsec up home +dave::ipsec up home +carol::sleep 1 diff --git a/testing/tests/ikev2/farp/test.conf b/testing/tests/ikev2/farp/test.conf new file mode 100644 index 000000000..1a8f2a4e0 --- /dev/null +++ b/testing/tests/ikev2/farp/test.conf @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This configuration file provides information on the +# UML instances used for this test + +# All UML instances that are required for this test +# +UMLHOSTS="alice moon carol winnetou dave" + +# Corresponding block diagram +# +DIAGRAM="a-m-c-w-d.png" + +# UML instances on which tcpdump is to be started +# +TCPDUMPHOSTS="moon alice" + +# UML instances on which IPsec is started +# Used for IPsec logging purposes +# +IPSECHOSTS="moon carol dave" diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/force-udp-encaps/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-swapped/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf index ff38e227b..5af37dc90 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf index ff38e227b..5af37dc90 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown resolve } diff --git a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf index b7c598fca..626bec3ed 100644 --- a/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -1,10 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool-wish/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf index b7c598fca..626bec3ed 100644 --- a/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf @@ -1,10 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink sqlite attr-sql updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default sqlite attr-sql updown } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf index 1ce52a848..70d66b20b 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf @@ -1,10 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf index 1ce52a848..70d66b20b 100644 --- a/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf @@ -1,10 +1,10 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke sqlite attr-sql kernel-netlink socket-default updown } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-nat/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf index 49f69ff0c..2435403a4 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf index 49f69ff0c..2435403a4 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf index 9f3c6bfa3..f0e7da85e 100644 --- a/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-init/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-cr-resp/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf index 3db5e8aef..908f85ac5 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf index 3db5e8aef..908f85ac5 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf index c9e6722ae..bb4af2c75 100644 --- a/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-ldap/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = ldap aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-loop/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-pathlen/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca-strict/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/multi-level-ca/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf index 77f09f216..79348686d 100644 --- a/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-one-rw/hosts/alice/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { keep_alive = 1d - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-one-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw-psk/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/ikev2/nat-two-rw/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf index 39d7154e2..949b9af16 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf index 39d7154e2..949b9af16 100644 --- a/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v3/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf index 39d7154e2..949b9af16 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf index 39d7154e2..949b9af16 100644 --- a/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-pgp-v4/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink updown + load = sha1 sha2 md5 aes des hmac pem pkcs1 pgp gmp random stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf index 87fa5b2e9..4e2fcf17b 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf index 87fa5b2e9..4e2fcf17b 100644 --- a/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf index 9af403198..291f08db1 100644 --- a/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown multiple_authentication = no } diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem index 2990d6a12..69e5c05e3 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/certs/carolCert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELDCCAxSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJDSDEZ +MIIELDCCAxSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjERMA8GA1UECxMIUmVzZWFyY2gxFDAS -BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTA1MDMyMzA3MDQyM1oXDTEwMDMyMjA3MDQy -M1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP +BgNVBAMTC1Jlc2VhcmNoIENBMB4XDTEwMDQwNzA5MjA1N1oXDTE1MDQwNjA5MjA1 +N1owWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAP BgNVBAsTCFJlc2VhcmNoMR0wGwYDVQQDFBRjYXJvbEBzdHJvbmdzd2FuLm9yZzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+oTiV7lCh1ID41edDUgUjR -dZwEMPBAM1xDqoxJxIJpug8UIuuUL0TvQnZ4Z5fa/9QNNCkQ7FDh8ZcR+TT8x0mO -dYYA73mMQic0n4O57F+s/lESKvIoN+vIDR3rGJBv9rYztS4ODE+DJl9XK9TtId5u -57jfXu/k3IYl5GeQ3f+ic2l2Ola70t70Op6cFDZIhOCjs2xWw2yqGdPWODaN/Enw -5fOLv/om+7HHB4KgPGv4p4ohWIUCo2XK597Ii+jB2MdOUlG83/1aX7+M+IeYVwjI -hzWjwRQfMz0AQha0HYN4cvrZ7stUluMxewsCROCBzcGQYTZxYU4FjR8nhH4ApYMC -AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSL -qNn96rsWg0kOJY/cyXD2JpnPIjBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOio9tKOkESjZumThDvt1aFy +dPDPNAhNrIon8aCvZMxFQBXsams1LOL47UKQEeOJcDUQ1s90P05vAwX+TwOA2nBD +hgVBe8c+RsBRfERmxcszK7dgj5yrjwbJFrUJPem04KEPnrR7LpT5s7+z1n+pZYr9 +HyJTvYJd3c968frowQW98mgEJG9xs2LfaqTV3RES1B9vIeQGWh64DSrF6Xy/HY+n +3MeSMGZ3UJoXS6YZIxvGNd7heB/2xxv3Vv0TNyGikmP8Z5ibgN5jn7mQkU9SM9Qz +Qb2ZY1m3Dn93cbJ5w3AXeClhJhoze6UvhVs4e/ASuJb6b9NLML4eB0BMCZD66Y8C +AwEAAaOCAQQwggEAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBTE +AO+W2V1eu0sjCQcfemzz9lSRvTBtBgNVHSMEZjBkgBTndfCg8q0gzc1gI8zHyA8p 891UIKFJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3 -YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBDDAfBgNVHREEGDAWgRRj +YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIBIDAfBgNVHREEGDAWgRRj YXJvbEBzdHJvbmdzd2FuLm9yZzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3Js -LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQUFAAOCAQEA -FNPepmta0ac9TWe7Gl31fKkuf6ZiQftMwx/uq6PoX9PBVGeooktJMo+EiROQhL3N -Zomtl2nLfxYruXPHa7YaMWyv4+3NkV9p7jseC1K/2lCXipY4Vp8u14hqlRLCTejp -7uC/0+628e+qXlCm8wafDb9/JXzQar7rADhoLp7gJKI2PKMAzLUP2xZVzY5zx57G -+OCR/ZXonVeAPy9/0g9N8uQzJEXOVZYMjsoRra9rdlvnY1DgDoAK7QvJMC4VzENm -wKmz2rPrBlKaEcivubg7dwPMGNmb3f7F7w0HHuRbQd5Y0nDfEWBKCp0bVx1GLc7/ -MWjwPJs52qVJ3Ph++EF6bw== +LnN0cm9uZ3N3YW4ub3JnL3Jlc2VhcmNoLmNybDANBgkqhkiG9w0BAQsFAAOCAQEA +ajgFI8Kz611i0Ihu8+M1C2W1kFbL4EoYyon3trjRZ3Iqz6ksf9KSKCS6Fiylq4DG +il0mtMtlP+HKcXzRgSY96M4CO73w26liwmZsFBNaZKI/5vKRPPLyU9raGshfpBeC +CywZ4vcb+EViIPstzOYiK5y/1tSGsMEdnlX2JZsJAKhbLRTmC02O3MbGGBQQq1eU +n1xkR8pndTWTJmFZ61fZlUMSwLgLF9/VchAa7cIdEA044OCtTdabiYoyLFmqDutq +8GYvWOzLf2qOKcRxkHxPfeJDrWOLePEYnaMkSBkUKAUIkI+LaJbWF3ASTGgHqh2/ +pwU12A3BovJKUaR0B7Uy2A== -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem index b91f9bf81..53e18680b 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/ipsec.d/private/carolKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAz6hOJXuUKHUgPjV50NSBSNF1nAQw8EAzXEOqjEnEgmm6DxQi -65QvRO9Cdnhnl9r/1A00KRDsUOHxlxH5NPzHSY51hgDveYxCJzSfg7nsX6z+URIq -8ig368gNHesYkG/2tjO1Lg4MT4MmX1cr1O0h3m7nuN9e7+TchiXkZ5Dd/6JzaXY6 -VrvS3vQ6npwUNkiE4KOzbFbDbKoZ09Y4No38SfDl84u/+ib7sccHgqA8a/iniiFY -hQKjZcrn3siL6MHYx05SUbzf/Vpfv4z4h5hXCMiHNaPBFB8zPQBCFrQdg3hy+tnu -y1SW4zF7CwJE4IHNwZBhNnFhTgWNHyeEfgClgwIDAQABAoIBAHXoftbRoIKIXtJz -0sM8plwOctUvnAoOqhsNYN1fVXEnTzoYmOtirKRbpkVWgJu9Ad4J0UAwF76lTGQX -FIV9sjqV5S09grxlY3qXaquE+i4pMA4gXro5E+eRI8GFJ+F7cX5rRcjsuRi8wyEH -gh/YtY5zMqfKTUGxlXWmNlaH70WilianuMPNXwaKgyBGcfZdheyUggM0rYEJrG1Z -PZqNo0JKfeI4htpENDp0k1xJ9lCjIqdNw0ZjBi+pL6hF5PYaPjlVC2yn5CzRaT1D -nUeKUK+SVES4sPrEQtaOlk86uZC4pIz5IlEoSvaw/Yo3Gk1sQKIQMMh1crhHd0El -U831KwECgYEA7fQY+aFk3fHabwgf9gjuPKgwetVQ8jNDWUiSqffHUC0AQfKZQQsF -mXJeSRZomPCWG3DRz1EcqXr9f82bN295I0CI6foXZgKUmjed7Bohc0HvUqNOi2qm -MdbdWBOaH4RBzi1fAENJZnprmq65jQ/tkfCwqIz4KaLt+8xiWmU2h6ECgYEA32gB -UbCzs1LoJC03uGHqZFRWK/YNKOKBUw58XCnzPTA+34UupI88lPj8LD269tDtruRy -G7wt4HjayPKtK430nKAl01IXq6ULBTByu3KrCOm/gTAycVMj4ZimTn7Qu9jyv4Lz -Ka3rBQxB+yQWfn27dc7U+EBsA7PT53NR6Zl8CqMCgYALJYod93+AHho7ZUgKAHUY -hlBvEJsQHXKkNhAYwjCmAtWmQTUIpPmILKFaDyCrOWnusyRA7+3FyqshV4JT4Hbu -PdGsFDkQYEKRztUpADhc69PILTo6sa5DW2tW+uQXYdyrSdjPbFd943Iy9sheYUah -tYKxApmFacp4JyTcUy1wwQKBgA44xLy6jvX/dR+4cS+frBgu9j1eMIBFyw3Kgkgr -s3xVserww4NeSvEA2KzIUTqdGkRj7o+tbw43I1ZffH6lTskZuM63DyKyIv11lBgy -uIicuMA0nUFxlXsrCIs+r3MF4I4oe+pPVALCQQEHzxbGUkSxogUbtMSXkgnN4Y0J -ZEgZAoGAfo0nv/IeKi0KkKiPTQSGVWGAQyCpGE0UQ2RYYToT84kjXs+LrVGFH2lu -LJvyYnSnM7eKqCFKh+kLQ3bezum56y5XTyAEipTmu7Lhp0CiVjSdnu+0QykmhKsx -Z17Ut2ryGKOXySnlMNual4eCLq98o0iOcYPq08V6x33dhK7Z3kU= +MIIEpQIBAAKCAQEA6Kj20o6QRKNm6ZOEO+3VoXJ08M80CE2siifxoK9kzEVAFexq +azUs4vjtQpAR44lwNRDWz3Q/Tm8DBf5PA4DacEOGBUF7xz5GwFF8RGbFyzMrt2CP +nKuPBskWtQk96bTgoQ+etHsulPmzv7PWf6lliv0fIlO9gl3dz3rx+ujBBb3yaAQk +b3GzYt9qpNXdERLUH28h5AZaHrgNKsXpfL8dj6fcx5IwZndQmhdLphkjG8Y13uF4 +H/bHG/dW/RM3IaKSY/xnmJuA3mOfuZCRT1Iz1DNBvZljWbcOf3dxsnnDcBd4KWEm +GjN7pS+FWzh78BK4lvpv00swvh4HQEwJkPrpjwIDAQABAoIBAQCGhpwg5znX1jt9 +N0SwejaaIVoom0ZUvsTTJYF7Da9UxX3mr0phLuADZTea0z7kt+VfaZsrXOX17g5r +er4pImorm390roZpkELMlNEro9keQzo1z+l6B2Ct5bvxdaSM638u4Z88cDVhAnjC +kbOnIUWLdgx4hr7/EFNe0pH0KHzjWfS4YMUXZFYER3W+lQ68j3U/iFdCsMdABrLV +BnKozAUOWTHeZc+8Ca0MFWChrj9b2DCs2M0ASgAx5s9CNo1dIbqwJmb7OLlwm3G+ +Xx0JzN7eOOZdiFSPcyNoRwE6rKvrs2GtQ9LqWdkvVEuFjyIkl97cnoOkRIj5bAvN +DfjfjmeBAoGBAP9rdEPjprVbEeAS+acLc/6oWlGqo23nO31IuUWHT10yxf0E5FIp +waLJchqT+jD5tYehfZ1+OVtYiWWKBJIXnVK+a4rc/GIRWX/BRHMtWeenv7wR72pt +1GRxp7yTZtj1AeJhuXcSHpntAo0kG6gHC/+FvbrNgyuSYn9siIa+C5RhAoGBAOkw +RgOX7hXYzOSATbKZcnNFdPECYaBDjXV/Rcg966Ng4UcxWl3vJRYf3A55ehmc2Jdm +CSqt6CrsR/RxKrljsCe7gD/GGEktV7fknnXC5Bfx3hUXQ4rATLx8xwlae+wc+ANM +eaY1HB0KOGGGH2kT4l4UFChgnfpZN+vpel/cFkPvAoGBAJPqZZVfQ87o44wxUPSl +FFKYql17BVQDQhdGw0x5lMNzQOdLKvJODj44jOTJZ21vXuoh4n4PeCXnOwJbkFQO +auRdNChh26LrSzpJ8VsGG3elVMsUU+L9oa9dhncVoczo7mNslpxXGPOpJv4XuBBx +rEgY6oxAscLM7k++yb3GVyxhAoGBAMK6lT0a+q8zxKZsnnWuvmyUa/t3SZ9TyiV8 +iwGU89oTZQzWoegfdJDtOg68UsJgwF5tzundICv39H6kolD+dnQ3l/mpq04wlzfx +qoIcpe15BUQHkVelDm+4o12kOigKaPIYQt4RK9D0X/DQ2BofiMGXct3lEQemyZQv +/Qlf+RfxAoGABBRf9DcyA/RdmTszqebfPPNmx7iHaNbrZ3Xbvyv3P5LkzXlFLTvA +hDz/UqnVM7Bwe1OGeJYkXfmijRjpJ+U8dteb2YzZ3tnlzKwifz+051/LcjavX9X2 +5PuEB2Y65V0OWImIFVlLnp3MRyE4bImveBliWrTRQUVsxQt2WIDgThw= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem index b76032480..91df37a81 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/certs/daveCert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJDSDEZ +MIIEHDCCAwSgAwIBAgIBBTANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEOMAwGA1UECxMFU2FsZXMxETAPBgNV -BAMTCFNhbGVzIENBMB4XDTA1MDMyMzA3MTAxN1oXDTEwMDMyMjA3MTAxN1owVjEL +BAMTCFNhbGVzIENBMB4XDTEwMDQwNzA5NDI0MVoXDTE1MDQwNjA5NDI0MVowVjEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsT BVNhbGVzMRwwGgYDVQQDFBNkYXZlQHN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GS -zZwo/q4AE4v6OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+ -1V42Qkh61VJW1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJN -P3p8wUpfwReImAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1+ -+eTSMvLXSkQeujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSP -aSRhuz0gubuMpr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABo4H/MIH8 -MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSCy57rUdNRbytUkRGY -GjmjvXfIszBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi +0umR7a1jysVvMgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6 +J7T76/4YhpIIs8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLz +VsxxKDkLaivnJ16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMH +K6yPTRaOccvFVrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/ +5/rOIH+16CGfanXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABo4H/MIH8 +MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRnEIHshwPhDDGr3xLV +MnUEbroVIjBtBgNVHSMEZjBkgBRfmxNG+SByyADViLWnTC6X6guTKKFJpEcwRTEL MAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMT -EnN0cm9uZ1N3YW4gUm9vdCBDQYIBDTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 +EnN0cm9uZ1N3YW4gUm9vdCBDQYIBITAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3 YW4ub3JnMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5v -cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQB+BknSxFKaDhbRVobOAU2P -p9cirkVCitoZrvK2QIS/7WRoqy85RQ+zorJb3jyTxQl4Pu9Qrap9Zn0H8GQXGlQw -ZJqdDqRaIa4nCc57qP5DsuQKIQRxc1QMCiWyIRAESn+r8IbxLbjvEd7ZXNsieip6 -Q15uUZldjTveHVi89i9oFWS1nWo4SV+tJaEqPBvsTZZKBPAEu6+7lRzbJ4ukzRsA -DjuvmaPNUTyf21fD66I4sgrwgxoPhZ7r6qsqISJ5f0EzTXgYNi1yk/TXoAaot3c/ -Gu5+iyO/espV6kPADSOzPSFwsGHYG4kXi1VY0Z7x6UnjQSdEelOBplJ5XYDzEn4+ +cmcvc2FsZXMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB5H5jjp9LvEDyJp/3x7Caq +OhIBSl5n3g7Oi1gXT5GHLBh9/l5i6Swk1eey2oMzpHgsdDogLytlvzRKXupJAZt5 +xWab5I7BfichRCV4bOutN/F8DiNChG0SnYEBizRi5K06LAadtDT0NLv7iE/I49Nb +E8OdqnET1zHq82mbtVZCEzmRe+cmlB7EeECED+GxTOnYLRWeKg+AWIE4/fLN7s0e +q94lSUtym71LZ9kmMMAHkIyEbblvVIa7k5j4T6j0XwPPcYVMSjogqeze+qbf3EQ+ +JkRlGdzL/17ToLWYnVwkLqQDn6B+RfwnPk2EXndutPrNz6C3Wy7zNNniciAtXAq+ -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem index 022436de4..86740e86a 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/ipsec.d/private/daveKey.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAyqAR0itGIuSt/RR8IHjFTLH/lywprmHUw0GSzZwo/q4AE4v6 -OeWRG3JUUg44K40yBwr7zvcsLztRTfbNqlt7o+Hjpo3kz0AMwDo+1V42Qkh61VJW -1P0NQvkgjiQn+ElSMg1u3uiYCIMAhYMYo2ZMKxHXxRqjU79AVuJNP3p8wUpfwReI -mAy3/n685YbSzWcbPqCfjRH/YrnYS8Ga7m/QzdNfrtxhAWAGow1++eTSMvLXSkQe -ujU6OCJNOPUNB3nnJ1IoZrQm8wNP8Y5B5HzvOSyFEvNuHFc63gSPaSRhuz0gubuM -pr1d9Rgjny8JgsfCEbOktlKwnbFeSB8AAgVMjwIDAQABAoIBAHKaRFoVpa6Ynpu0 -mVwYUqdFSaVsEgsSRC9HiEuIllsteNeVZSqX4BGhAXYDmttvGauIF9IAVNpF939c -JwjCg1S2r3aFbLOXq16R0vYFOjUVH3xF/NysX3LQywv6AS1Z8wZiOKIU9eBij8nz -0tygQFZf2iUeIuB8HFzH1B8iHSuI7qn6hh1Y9Zgx4kWYL9I+WYefbR906xveHVGq -8VrgHtBAn1WeWg7FoN1VURW0s1bxkiWtpF9x9OMmwK4qR8HSCilss59V1eJrAAR0 -3FGdWwbbGg9hW0adnyDCtoaYW3r0WcXwqklyas4C+dClOpUInn8kZisoghQYT92u -U2QeDzECgYEA5Rv7+rP9HX1pNd9NQwOyIHztv4jfx60gybioogtCeRZUwPQ3GtXJ -Q0ouBxCVLdyCImIKcvd2q2b9HZE8tvOHBA/YxofH4miEN5GWA4aL+LcGrxIbxPWs -MEkxgQwsyK7lWH47fG7eW86LMx0VikFXS1EeeZZS3f3Avaww1uRtXecCgYEA4mhS -sAClZamGVWQ7VXCHuS4xHn/gPA4TCyoR5l9g9pwregGKxsROQVIFQCDMd9eTtS6B -oqoUTHdg0TlujHVUojdwHtgDaqDMTk+RXD9qy2Wob9HQVBlIwgijoLb+OjwdoAj7 -1OQx8FmMjAlMmlyJ50e1FnbNJFEJ1EMgV5QxtxkCgYEArdUeyehYy1BFTJ/CIm+i -bm37gdDbYchlUUivgkuiwvcDlWd2jADbdRfKdofJeIOPpYDXxsUmIATDVfTFqVZ7 -AcT4SCHrskh00SjANqqWdz5/bsQBl96DKBvQ2MYhEJ9K2mrkvZPtWKENEtolZsIO -9tF0mvJIq7CF1iPY5qNoq88CgYEAoZhELErJwl3U+22my7ydopZNiK9MpJCHFxjX -3c2Fr36XqWUgX+4MzKJ2DOdcCM1dJ5wh+q/Z/RnXiH2tYaL83SskY19aUOij6eDw -px68YqAUMHtYbi39uD/iSftSSM5PdsHyvGiDHEFOB0U735Dc/K45mecBVEJi+ZVP -qDKlqUECgYA1DcGOWM3P3XdB7zKy47LcankMtFZozEOLTUdGJRlmWrLdcRlZPKjt -/ALripehesp1++VtmttWQJX7uI3gveD07/tSKeMHmIoKappjRTrcaA7Pa5+z/xS/ -UhRmZUFOJwNLzy3jdv5f2c/5SIz6o4Ae3I+Zb+IapHL+lBv146/I5g== +MIIEpQIBAAKCAQEAztqGSb3H9Xh6I4xiDkmsN5WRjKnEQfSRZsSi0umR7a1jysVv +MgLKnmk2hAMJkDTjBXndEemnLiXemxNq4Wp3x0ZgpNWC6y1klZY6J7T76/4YhpII +s8HA1+ZiIAEhYCkeqy/ULPk0qa6yK6Ma2FKLEC4wz6OBbjhctqLzVsxxKDkLaivn +J16bX8CCNsCq86Ba64m6K1Mpsev5RKnOz0Ey1WwBhgLmipZRgAMHK6yPTRaOccvF +VrOpi1bfprKXkrCYt6sQoDjbfheZ/tKyW2iJ+WbH0lsA4NbPi1s/5/rOIH+16CGf +anXiZvZ7NbxLyb8ffPIXFxDTqiS8wFreRZR85wIDAQABAoIBAQCZSpoP1cN0Zvbk +lykne3NTsdSuEDUvx4VlSj173bnWEBOO9idEQYtUP5Y12GZi5r6ClV+94ZCSA2Bn +PcmMCTGAjOgb31po3DfZHv4z5Mx4g9I7D8fBJsm5dbKsEwpfz7k5lXVAauGbCaph +6jp/qxQBRqnHhlzpiH00n6eDYHhPHDoFHe+vGbnjWzJKsvs6EZiXpfJ/WKd1eQah +sGF7g+9qV5xqwshCBKf25LZ2XjdvZDt78HS4hsSaStnemetK9NVJGJqmLzehQ16m +RXAr8Ybk9g7/MSFhpwGPGjcqm2/szL4Cs9IMtYSxiroY3QL+DZydG9+K9g5NF7lX +lbEX9HXRAoGBAOduCSLaoEJsgZathny9kSsBtDmTAuiVZukqRdMjDN2I0kOsRsIw +CEF1DIvFsX7nfHkKve8+XyTc05y7LTXmX1AEjMgzFel7uy5HjS7AsJZgTippC8g/ +l2jGq+s59zATNZ2el9Q9dbeK2lBdrVy+jqNITdQge9BigFfhWbkAGFRPAoGBAOTQ +if2+Yrh0zDPO53I6kShehaZvNtPmQxmmhvH4HGMY8EyRajFOSMpV1w3VYDuTA47v +yol+90BWMY8ZslrXq+Bmwx2ocSc2feyUYcJoOoRL/b+b1lY2Vnog3Hs5BQLsULzH +dwkEuK8wjjw1g4ksuIMbX/X9nEvJs0xemzh7Ju/pAoGACNI24u82YJHGNroSgDqx +h9QezHsAB2F6dLS5yJxzZxZJ/W5ZnBk8l1Ig0ksMwuuL4Qk5yB62fa81GapAxOct +Bt3Fh/P6h9XBgrgTd468rF6rXA549n8GBGZeMy8Ybuqshn9/BgX5sK9INvv7Gafh +w/ODk+xRC9ZVUgQy6UxJoR0CgYEAybmYjl40xo4iIWK95ZUAuGhsx8iwu6v7aDfK +LLUiwbMQ11A0IPf1cHyxNf7x8lOwBWoeU43eCZhz5Mcw2KnfW9z9E76W041VAyfl +7/DX9h7QvQZ0tlj9cHpcJz6jzmns3CG2Lfs9nyXdn/NF3b/Rg7S0qzhFfQN70U5u +5iKct1ECgYEAmR/0IbYGh1YJ7Z9im44MTSz6H7bTnmIDjM3/+IVydSVgFbzcoVG6 +4sQ5fIViMLtz9PHDRRKbs8TBzpy7C/wC1qRqpq9I17INSQzvm3DpZ2PlR0SeN2dA +fO9XtkE73cEff/gI7JWOouy/vczizfRemnWlNK5Ui29Fe0QlGC9TyX0= -----END RSA PRIVATE KEY----- diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-multi-level/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem index 154cff654..d53365f78 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/researchCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDwTCCAqmgAwIBAgIBDzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ +MIIDwTCCAqmgAwIBAgIBIDANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDYyMTE5NTgwNloXDTEwMDYyMDE5NTgwNlowUTELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTM1MFoXDTE5MDQwNDA5NTM1MFowUTELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xETAPBgNVBAsTCFJlc2Vh cmNoMRQwEgYDVQQDEwtSZXNlYXJjaCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBALY5sjqm4AdbWKc/T7JahWpy9xtdPbHngBN6lbnpYaHfrxnGsvmD @@ -13,11 +13,11 @@ C+25IuE8Nq+i3jtBiI8BwBqHY3u2IuflUh9Nc9d/R6vGsRPMHs30X1Ha/m0Ug494 BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU53XwoPKtIM3NYCPMx8gPKfPd VCAwbQYDVR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNV BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJv -bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAHArS2trQnBoMVcg -Br3HV78wYsa1MNAQCBAPhKMMd6EziO4FTwgNgecbKXpObX6ErFDgjtVTcLOMTvNX -fvZoNuPpdcitlgcWjfxZafNbj6j9ClE/rMbGDO64NLhdXuPVkbmic6yXRwGZpTuq -3CKgTguLvhzIEM47yfonXKaaJcKVPI7nYRZdlJmD4VflYrSUpzB361dCaPpl0AYa -0zz1+jfBBvlyic/tf+cCngV3f+GlJ4ntZ3gvRjyysHRmYpWBD7xcA8mJzgUiMyi1 -IKeNzydp+tnLfxwetfA/8ptc346me7RktAaASqO9vpS/N78eXyJRthZTKEf/OqVW -Tfcyi+M= +bmdTd2FuIFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBAI1toW0bLcyBXAoy +FeLKGy4SibcNBZs/roChcwUav0foyLdCYMYFKEeHOLvIsTIjifpY4MPy3SBgQ5Xp +cs5vOFwW97jM6YfByqjx4+7qTBqOaLMXBbeJ3LIwQyJirpqHZzlsOscchxCjcMAM +POBGmWjpdOqULoLlwX9EFhBA2rEZB1iamgbUJ5M5eRNEubm8xR6Baw/0ORz/tt+t +xC9jxcjHoJnOFV0ss7Xs3d32PqhvKGgBxjVLZyq3zD/rMG2xXVyKPU46zelMCP1U +dsM62tL1cwAi4soka02GQrP/rwBhHt22bJMN4gNs5NSvhTdjjgwVYzLu63IFYBvW +8sFmiZI= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem index e50477872..a10a18cba 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/ipsec.d/cacerts/salesCert.pem @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJDSDEZ +MIIDuzCCAqOgAwIBAgIBITANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS -b290IENBMB4XDTA1MDMyMzA2MjkxNloXDTE0MDMyMTA2MjkxNlowSzELMAkGA1UE +b290IENBMB4XDTEwMDQwNjA5NTQzM1oXDTE5MDQwNDA5NTQzM1owSzELMAkGA1UE BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xDjAMBgNVBAsTBVNhbGVz MREwDwYDVQQDEwhTYWxlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMJOTSaZjDe5UR+hJbodcE40WBxWm+r0FiD+FLc2c0hH/QcWm1Xfqnc9qaPP @@ -13,10 +13,10 @@ vPAqzrekOI/RV9Hre9L1r8X1dIECAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/ MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUX5sTRvkgcsgA1Yi1p0wul+oLkygwbQYD VR0jBGYwZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNI MRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2Fu -IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQEFBQADggEBAJ7j3X20Q8ICJ2e+iUCpVUIV -8RudUeHt9qjSXalohuxxhegL5vu7I9Gx0H56RE4glOjLMCb1xqVZ55Odxx14pHaZ -9iMnQFpgzi96exYAmBKYCHl4IFix2hrTqTWSJhEO+o+PXnQTgcfG43GQepk0qAQr -iZZy8OWiUhHSJQLJtTMm4rnYjgPn+sLwx7hCPDZpHTZocETDars7wTiVkodCbeEU -uKahAbq4b6MvvC3+7quvwoEpAEStT7+Yml+QuK/jKmhjX0hcQcw4ZWi+m32RjUAv -xDJGEvBqV2hyrzRqwh4lVNJEBba5X+QB3N6a0So6BENaJrUM3v8EDaS2KLUWyu0= +IFJvb3QgQ0GCAQAwDQYJKoZIhvcNAQELBQADggEBACRlTqXMjHy7r7rWnq/09yFn +Td6d+y6KkHj9kvYSA5q7xYdmP3I4+YP2qpPnYjSeyfMCl4ZIyMXnfUbz5OvuXp4S +CS0gIUJ6mK6+5f1a3USdB4Ce0Od4mkUIQmLzKFCRSqdhWoVzNJrl+BT1a5d9+aLW +AL5S2pqUoQPgG64MPghy3SyUb4qBeplk3JdR/6OgA5LQeNtLiI7Y/dbMM2Rvn284 +RIIxp2TqN2Hup6BNLHv6fLixdJpM+nG7ZjGYf+7dnuY6ZDhvIt18zr/2n1ELBQPh +M5SjYhGQIZVmNzNDrKGVAKta5LG8BwBGi0uXc9fBXWRcffI3N1/IZj/ob5t3WCg= -----END CERTIFICATE----- diff --git a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-strict-ifuri/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-route/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/protoport-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 3361ca6a4..ee0e454da 100644 --- a/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf index 3361ca6a4..ee0e454da 100644 --- a/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf index 3361ca6a4..ee0e454da 100644 --- a/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf index 5e93e0fe7..df11f5ea3 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf index 5e93e0fe7..df11f5ea3 100644 --- a/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf index cc2bb91d2..eef03e3b4 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown } diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf index cc2bb91d2..eef03e3b4 100644 --- a/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-aka eap-aka-3gpp2 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf index 6922ecc15..6609a2115 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf index 9f3c6bfa3..f0e7da85e 100644 --- a/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf index 6495d6f6a..6fcf5999e 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf index af2bc1675..a7f7b99ec 100644 --- a/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf index 6495d6f6a..6fcf5999e 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf index 6495d6f6a..6fcf5999e 100644 --- a/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-md5 updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-md5 updown } diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf index 921db4c51..8d2f57828 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown + load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf index 921db4c51..8d2f57828 100644 --- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-mschapv2 eap-identity updown + load = curl aes des sha1 sha2 md4 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf index 49f69ff0c..2435403a4 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown } diff --git a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf index 9f3c6bfa3..f0e7da85e 100644 --- a/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius eap-identity updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius eap-identity updown plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf index fa662875d..e4ef757fb 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf index fa662875d..e4ef757fb 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown send_vendor_id = yes } diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf index ac8f98b70..d77218b77 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown send_vendor_id = yes plugins { eap-radius { diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf index fcb1cf201..6e1818c9e 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf index fcb1cf201..6e1818c9e 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf index af2bc1675..a7f7b99ec 100644 --- a/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-radius updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-radius updown plugins { eap-radius { secret = gv6URkSs diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf index fcb1cf201..6e1818c9e 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf index fcb1cf201..6e1818c9e 100644 --- a/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip-override/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/virtual-ip/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf index 572cf39cb..dd2df0670 100644 --- a/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default } diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf index c77902caa..29132e757 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown install_routes = no } diff --git a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf index 6e9280e41..73d687a0c 100644 --- a/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf @@ -1,6 +1,6 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown install_routes=no } diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf index f82f32d1d..882ea04a5 100644 --- a/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf +++ b/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf index 4732113fa..b71db18dd 100644 --- a/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf +++ b/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf @@ -2,5 +2,5 @@ charon { hash_and_url = yes - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf index 97526cf99..807ca9411 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf index 97526cf99..807ca9411 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf index 97526cf99..807ca9411 100644 --- a/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-blowfish/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf index dd817a963..6420b3414 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf index dd817a963..6420b3414 100644 --- a/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf index 52a4e0d52..b8038df01 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf index 20d891cdc..f988d90b4 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf index 52a4e0d52..b8038df01 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-high/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf index 52a4e0d52..b8038df01 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf index 20d891cdc..f988d90b4 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf index 52a4e0d52..b8038df01 100644 --- a/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/alg-ecp-low/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf index 97526cf99..807ca9411 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf index 97526cf99..807ca9411 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf index 97526cf99..807ca9411 100644 --- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf index 06480bae6..a442b244d 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf index ab6f08e2d..6fcefc56a 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf index dbb64dbb4..aa50403d8 100644 --- a/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/openssl-ikev2/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink updown + load = curl test-vectors pem pkcs1 openssl random x509 hmac stroke kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf +++ b/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf index 06b1e9f48..de9ae45cc 100644 --- a/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf +++ b/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-two-rw/hosts/alice/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-two-rw/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf +++ b/testing/tests/pfkey/nat-two-rw/hosts/venus/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf +++ b/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf index 0768c2bb5..1d17b3614 100644 --- a/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf @@ -1,5 +1,5 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } diff --git a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf index 867d256bb..7d8cda47e 100644 --- a/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf index 867d256bb..7d8cda47e 100644 --- a/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf index 867d256bb..7d8cda47e 100644 --- a/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf @@ -1,7 +1,7 @@ # /etc/strongswan.conf - strongSwan configuration file charon { - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink updown + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown } libstrongswan { diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf index e377047a4..e99a7c505 100644 --- a/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf @@ -6,10 +6,10 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf index e377047a4..e99a7c505 100644 --- a/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf @@ -6,10 +6,10 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/sql/ip-pool-db-restart/pretest.dat b/testing/tests/sql/ip-pool-db-restart/pretest.dat index 1d64321b5..b5108051c 100644 --- a/testing/tests/sql/ip-pool-db-restart/pretest.dat +++ b/testing/tests/sql/ip-pool-db-restart/pretest.dat @@ -17,3 +17,4 @@ dave::ipsec start carol::sleep 1 dave::ipsec up home carol::ipsec up home +carol::sleep 1 diff --git a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf index 9df154ee2..aed370ffa 100644 --- a/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql resolve } diff --git a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf index 9df154ee2..aed370ffa 100644 --- a/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql resolve + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql resolve } diff --git a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf index e377047a4..e99a7c505 100644 --- a/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf @@ -6,10 +6,10 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf index e377047a4..e99a7c505 100644 --- a/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf @@ -6,10 +6,10 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf index e377047a4..e99a7c505 100644 --- a/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf @@ -6,10 +6,10 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql attr-sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql attr-sql } -libstrongswan { +libhydra { plugins { attr-sql { database = sqlite:///etc/ipsec.d/ipsec.db diff --git a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf +++ b/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf index 4d7891f5c..0dd41b380 100644 --- a/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf index 4d7891f5c..0dd41b380 100644 --- a/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf +++ b/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf index 66be5fab4..49de2788e 100644 --- a/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf @@ -6,7 +6,7 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } libstrongswan { diff --git a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf index 66be5fab4..49de2788e 100644 --- a/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf @@ -6,7 +6,7 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } libstrongswan { diff --git a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf index 66be5fab4..49de2788e 100644 --- a/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf @@ -6,7 +6,7 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } libstrongswan { diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf index c45b3ebd8..a5a7d2017 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2 + load = curl aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 } diff --git a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf index d892e54ad..52de80b19 100644 --- a/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql eap-aka eap-aka-3gpp2 + load = aes des sha1 sha2 md5 fips-prf pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2 } diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf index 4d7891f5c..0dd41b380 100644 --- a/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf index 4d7891f5c..0dd41b380 100644 --- a/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf index 4d7891f5c..0dd41b380 100644 --- a/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf index 4d7891f5c..0dd41b380 100644 --- a/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf index 4d7891f5c..0dd41b380 100644 --- a/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf index 4d7891f5c..0dd41b380 100644 --- a/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink updown sqlite sql + load = aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf index f66e8ba8a..a0d88cff1 100644 --- a/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf index ab0431b00..6e6641fa5 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf index ab0431b00..6e6641fa5 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf index ab0431b00..6e6641fa5 100644 --- a/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf index ab0431b00..6e6641fa5 100644 --- a/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf index ab0431b00..6e6641fa5 100644 --- a/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } diff --git a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf index ab0431b00..6e6641fa5 100644 --- a/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf +++ b/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf @@ -6,5 +6,5 @@ charon { database = sqlite:///etc/ipsec.d/ipsec.db } } - load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink updown sqlite sql + load = curl aes des sha1 sha2 md5 pem pkcs1 pubkey gmp random x509 hmac xcbc stroke kernel-netlink socket-default updown sqlite sql } |